World of Warcraft hackers using Sony BMG rootkit
It has come to our attention that World of Warcraft Hackers already are using Sony BMG Music's Rootkit Software to hide their hacking from Blizzards Warden Client.
We reported earlier this week that some music CDs by Sony BMG labeled "Content enhanced & protected" install a rootkit-like software on the client PC once the music CD is inserted into the computer's optical drive. The program cannot be uninstalled through normal means and since it does a good job at hiding some of its files and processes from the system, it is ideal for hackers and authors of malicious software to use it to hide their activities on user systems.
Who would have thought that the first available use would be using this for hacking the online game World of Warcraft ?
Blizzards Warden Client checks every 15 seconds if the computer that Word of Warcraft is running on runs programs or scripts in its background that help players cheat in the game. Take a look at the related thread to receive more information about it.
Update: The thread is no longer available and traces of the incident are only found on third party news site and not on the original sites they have been posted on.
It is nevertheless interesting to note that hackers managed to highjack the rootkit for their own purposes, in this case to cheat in the World of Warcraft game. It is likely that it can be used for other purposes as well, for instance to elude detection by convention security software that is not able to detect rootkits on the computer system.
One could now think that it took hackers a long time to manipulate the rootkit software for their own plans. It was in fact incredibly easy: Blizzard's anti-cheat protection software could not detect files with the modified prefix $sys$. All it took was to add the prefix to the files and make sure the rootkit was up and running on the PC system to bypass Blizzard's WOW protection.Advertisement