Blizzard’s Battle.Net HACKED!

Published August 13, 2012

Account details for millions of players have been stolen in a hack attack on Blizzard, the maker of World of Warcraft, StarCraft and Diablo. Blizzard president, CEO and co-founder Michael Morhaime has released a statement explaining that:

“Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers, the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.”

Blizzard claims – but doesn’t guarantee – that financial data such as credit cards, billing addresses, and real names weren’t accessed. Nonetheless, since Blizzard’s servers hold enough data to verify that you know your password and can type it in correctly, therefore anyone who has a clone of Blizzard’s authentication system can easily run a password-guessing attack against accounts.

Here are a few steps that you should implement immediately:

• Change your Blizzard password.
• If you chose excessively simple passwords, it could be guessed quickly. Stop choosing simple, non-complex passwords! Always try to use alpha-numeric, case sensitive passwords while incorporating special characters. Here’s a good example of what a strong password looks like: MyP4ssW3rD!
• If you’ve used the same password someplace else, change that one also, and don’t reuse passwords on different sites.

Diablo III Targeted by Malware

Published July 23, 2012

I have been a fan of the Diablo series since the 1^st installment was released on December 31^st, 1996. After waiting over ten years since the 2^nd installment in 2000, Diablo III finally arrived in May. As one of the most highly anticipated games this year, it was only a matter of time before malware authors began targeting it. Besides its immense popularity, another thing that is bound to make Diablo III even more attractive to cybercriminals is a new feature called Real Money Auction House. The new auction house (not yet live) will allow players to buy/sell items and gold for real money.

The time has come. Diablo III hasn’t even been out 3 months and associated malware is already starting to pop up. Security researchers over at Symantec have discovered a new W32.Gammima.AG variant that steals Diablo III communications. This malware is not brand-new, it has been encountered several times before–most notably for attacking the popular game World of Warcraft. This is just a slightly updated version, specifically designed for targeting Diablo III.

The game’s developer, Blizzard Entertainment, has included some security protection, such as a one-time password authenticator and account locking, so that gamers can prevent their items and gold being stolen. As always, remember that in order to stay safe, please ensure that you have the latest patches installed on your system and keep your antivirus definitions up to date.

New Java exploit to debut in BlackHole exploit kits

Published July 09, 2012

Brian Krebs over at KrebsOnSecurity.com has just issued a warning regarding a new Java exploit, powered by The Blackhole Exploit Kit. It is very important to make sure your Java is constantly up-to-date and patched since it is one of the most common vulnerabilities related to malicious attacks.

For more details, you can check out Brian Krebs' original post on the Java exploit

We here at New River Computing would like to thank Mr. Krebs for all of his great work on keeping everyone informed with the latest security news!