| |
 |
 World of Warcraft is spyware?
|
 |
|
|
|
|
Posted 2005-10-11, 09:28 PM
|
|
|
|
I recently performed a rather long reversing session on a piece of software written by Blizzard Entertainment, yes - the ones who made Warcraft, and World of Warcraft (which has 4.5 million+ players now, apparently). This software is known as the 'warden client' - its written like shellcode in that it's position independant. It is downloaded on the fly from Blizzard's servers, and it runs about every 15 seconds. It is one of the most interesting pieces of spyware to date, because it is designed only to verify compliance with a EULA/TOS. Here is what it does, about every 15 seconds, to about 4.5 million people (500,000 of which are logged on at any given time):
The warden dumps all the DLL's using a ToolHelp API call. It reads information from every DLL loaded in the 'world of warcraft' executable process space. No big deal.
The warden then uses the GetWindowTextA function to read the window text in the titlebar of every window. These are windows that are not in the WoW process, but any program running on your computer. Now a Big Deal.
http://www.rootkit.com/blog.php?newsid=358
Some people are calling BS, like here.
 
Last edited by GravitonSurge; 2005-10-11 at 09:30 PM.
|
|
 |
|
|
|
|
|
|
|
|
|
Threaded Mode