Greg Hoglund with some time at his hands performed a long reversing session on a game most of us played or have at least heard of: World of Warcraft.
According to Greg a software know as the “warden client” is executed every 15 seconds on all World of Warcraft clients that are currently playing the game. Here is what Greg found out about it:
- The warden dumps all the DLL’s using a ToolHelp API call. It reads information from every DLL loaded in the ‘world of warcraft’ executable process space. No big deal.
- The warden then uses the GetWindowTextA function to read the window text in the titlebar of every window. These are windows that are not in the WoW process, but any program running on your computer.
- I watched the warden sniff down the email addresses of people I was communicating with on MSN, the URL of several websites that I had open at the time, and the names of all my running programs, including those that were minimized or in the toolbar. These strings can easily contain social security numbers or credit card numbers, for example, if I have Microsoft Excel or Quickbooks open w/ my personal finances at the time.
Once these strings are obtained, they are passed through a hashing function and compared against a list of ‘banning hashes’
- Next, warden opens every process running on your computer. When each program is opened, warden then calls ReadProcessMemory and reads a series of addresses – usually in the 0×0040xxxx or 0×0041xxxx range – this is the range that most executable programs on windows will place their code. Warden reads about 10-20 bytes for each test, and again hashes this and compares against a list of banning hashes.
Gregs conclusion is that the warden client can be declared to belong to the category of spyware. The EFF (Electronic Frontier Foundation) calls it a massive invasion of privacy.
According to the EFF Blizzard has come up with three responses:
- Warden doesn’t collect personal information, so what’s the problem?
The thing is, warden does at least scan personal information and process these findings. In other words, a privacy invasion takes place even though Blizzard claims that no data is saved.
- Everyone’s doing it. Blizzard points out that many companies use hack-scanning programs
Thats no excuse, is it ?
- Read the EULA. Blizzard advises gamers of its intent to invade in its terms of service. “People should read contracts, says Blizzard rep John Lagrave.
Well, I don´t know a lot of Gamers who actually read the EULA of a game and Blizzard surely knows this.
Hoglund released a tool called The Governor that watches the activities of World of Warcraft, and clearly reports which data is being read from other processes. You can download it at Greg Hoglunds site
Read Related Posts
-
World of Warcraft hackers using Sony BMG rootkit
-
WOW Addons Updater
-
Starcraft 2 announced
-
Scan And Detect Spyware And Suspicious Files In Windows
-
Teamspeak Alternative Mumble
-
Free Spyware Removal Tools
-
Run Multiple Anti-Spyware Tools With Hitman Pro
-
Block Spyware Websites With Inoculate
2 Responses to “A New Gaming Feature – Spyware”
Trackbacks/Pingbacks
-
[...] anyway, here’s some articles regarding Sony’s DRM. here’s some more regarding WoW. [...]
I will stop playing World of Warcraft, its unbelievable what their tool looks at when you play the game. Blizzard ? no thanks.