World of Warcraft hackers using Sony BMG rootkit

Martin Brinkmann
Nov 3, 2005
Updated • Apr 29, 2013

It has come to our attention that World of Warcraft Hackers already are using Sony BMG Music's Rootkit Software to hide their hacking from Blizzards Warden Client.

We reported earlier this week that some music CDs by Sony BMG labeled "Content enhanced & protected" install a rootkit-like software on the client PC once the music CD is inserted into the computer's optical drive. The program cannot be uninstalled through normal means and since it does a good job at hiding some of its files and processes from the system, it is ideal for hackers and authors of malicious software to use it to hide their activities on user systems.

Who would have thought that the first available use would be using this for hacking the online game World of Warcraft ?

Blizzards Warden Client checks every 15 seconds if the computer that Word of Warcraft is running on runs programs or scripts in its background that help players cheat in the game. Take a look at the related thread to receive more information about it.

Update: The thread is no longer available and traces of the incident are only found on third party news site and not on the original sites they have been posted on.

It is nevertheless interesting to note that hackers managed to highjack the rootkit for their own purposes, in this case to cheat in the World of Warcraft game. It is likely that it can be used for other purposes as well, for instance to elude detection by convention security software that is not able to detect rootkits on the computer system.

One could now think that it took hackers a long time to manipulate the rootkit software for their own plans. It was in fact incredibly easy: Blizzard's anti-cheat protection software could not detect files with the modified prefix $sys$. All it took was to add the prefix to the files and make sure the rootkit was up and running on the PC system to bypass Blizzard's WOW protection.


Tutorials & Tips

Previous Post: «
Next Post: «


There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.