Tech, Games, Blogging and Other Random Thoughts

Malware Blog – WoW Scams: Free Gifts and Fake Account Suspension Threats

Posted on September 29, 2010  in Gaming, Technology

I’m reposting my blog article entitled World of Warcraft Scam: Free Gifts and Fake Account Suspension Threats that was published via Trend Micro Malware Blog today.

Blizzard’s World of Warcraft (more popularly known as WoW) is one of the most popular massively multiplayer online role-playing games (MMORPGs) in the world. With more than 11.5 million subscribers as of 2008, WoW is plagued by a thriving underground online gaming economy.

The most common scam in WoW that Trend Micro has seen uses the in-game chat/whisper system.

An unsuspecting player will receive an in-game chat/whisper from an unknown player offering free gifts (usually in-game pets, riding mounts, and vehicles) that they can avail of by registering at the website that is included in the chat message.

The website included is, of course, a phishing site that will gather the user’s account name and password.

However, we have seen a new approach recently—the use of WoW’s postal system, more commonly known as the in-game mail system. In this new trickery, the phishing URLs are sent via WoW in-game mail and is received by players in their in-game mailboxes.

The mail message is full of a mix of surprises. It combines several elements from other Blizzard games. Wings of Liberty refers to Starcraft 2, which was launched in July 2010. “Deathy” refers to “Black Dragon Aspect Deathwing,” the major antagonist in the upcoming WoW expansion game, Cataclysm.

To add to its credibility, the phishing URL contains the string worldofwarcraft and an abbreviation of Cataclysm. It is also interesting to mention that the website domain is registered and hosted in China.

We also noted that WoW online scammers have raised the bar by pretending to be figures of authority, something seen in spam attacks outside the online gaming industry.

The scam perpetrator poses as a Blizzard employee with a name that contains a string similar to Blizzard. The attacker threatens to suspend the player’s account if he/she does not register at the website included in the chat message.

As in the attack mentioned earlier, the link goes to a phishing site that tries to steal the user’s credentials. The phishing site very closely resembles the actual site in terms of layout. At first glance, the user may be led to believe that the URL is related to the WoW Armory, an official site containing information on in-game characters, guilds, and items.

To protect its customers, Blizzard has intensified its information campaign on’s security page. It also provided very accessible means within the game to report users who are abusing its chat and mail systems.

Trend Micro users are protected from these World of Warcraft phishing attacks via the Trend Micro™ Smart Protection Network™, which blocks access to the phishing websites.

For a more in-depth analysis of an online gaming Trojan kit (including World of Warcraft) and the underground online gaming economy, I highly recommend reading our research paper entitled, “Dissecting the XWM Trojan Kit: A Peek at China’s Growing Underground Online Gaming Economy,” by Lion Gu.

Image credits to Trend Micro and TrendLabs Malware Blog

Original Article:World of Warcraft Scams: Free Gifts and Fake Account Suspension Threats

Special thanks to Jovi, Jonathan and Badette for the assistance on the images and posting.

Additional personal thoughts on this WoW scam post coming soon in 🙂
Update 2010.10.12
Part 1: Free WoW Cheats: Free Gifts, Free Pets, and Free Mounts for WoW Cataclysm

, ,

0 thoughts on “Malware Blog – WoW Scams: Free Gifts and Fake Account Suspension Threats”

  1. @pseudo barefoot runner
    I read a tech news article before, Symantec (or was it another major AV Vendor?) study shows that WoW accounts can be sold on the underground market. Price ranges from 30 USD to 20K USD per account. Thats a good motivation I guess.

  2. Pingback: WoW Cataclysm to Hit Stores December 7, 2010 |

  3. Pingback: Free WoW Cheats: Free Gifts, Free Pets, and Free Mounts for WoW Cataclysm |

  4. It may seem small if we are talking about one account but MMO players are in millions so if you multiply 20k to 1M that’s $20M for items and gold you really didn’t grind for months to get. There are certain Asian countries that get IP blocked in MMOs because they are confirmed Gold Farmers. They hire people to play the game, accumulate items or collect huge amounts of the game’s currency and then sell it for real world money. I had guildies before who purchased their WoW accounts for 5000php each. My hubby bought in-game currency for a locally-hosted game for around the same amount. My account got hacked but my avatar is poor… malas na lang nya. HAHAHAH!!!

    1. @kuruma0510
      Hi Kuruma! Thanks for the visit and the comment! 🙂
      How did you find my blog?

      Yup, in a sec. conference I attended last year they discussed this MMO gold farming in many Asian countries where labor and internet connection are cheap. Lets discuss sometime, as I plan to do some followup post either here or in Malware blog.

  5. Pingback: My Post in Malware Blog: How Big will the Android Malware Threat Be in 2012? |