![]() |
World of Warcraft is spyware?
I recently performed a rather long reversing session on a piece of software written by Blizzard Entertainment, yes - the ones who made Warcraft, and World of Warcraft (which has 4.5 million+ players now, apparently). This software is known as the 'warden client' - its written like shellcode in that it's position independant. It is downloaded on the fly from Blizzard's servers, and it runs about every 15 seconds. It is one of the most interesting pieces of spyware to date, because it is designed only to verify compliance with a EULA/TOS. Here is what it does, about every 15 seconds, to about 4.5 million people (500,000 of which are logged on at any given time):
The warden dumps all the DLL's using a ToolHelp API call. It reads information from every DLL loaded in the 'world of warcraft' executable process space. No big deal. The warden then uses the GetWindowTextA function to read the window text in the titlebar of every window. These are windows that are not in the WoW process, but any program running on your computer. Now a Big Deal. http://www.rootkit.com/blog.php?newsid=358 Some people are calling BS, like here. |
It's not BS, people have known about The Warden for ages now, it has even been implemented in D2 and they busted maphackers with it. It definately isn't BS.
EDIT: Err, as for it reading the titles of windows, that is probably BS. As far as I know, all The Warden does is scans what DLLs are injected into the game's memory and then checks a list of bad DLLs then sends a report back to Blizzard that says whether you have bad DLLs running or not. |
Who cares?
|
Meh. Guess no porn when playing blizzard games.
|
Blizzard has even made a statement about this. They said they are using it only for catching hackers and stuff and they have no interest in anything else, but they should have warned players beforehand or something, blah blah blah.
Quote:
|
All times are GMT -6. The time now is 04:35 PM. |
Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
This site is best seen with your eyes open.