Jump to content


News link for "World of Warships:Legends Now available" has a security threat!


  • Please log in to reply
9 replies to this topic

Holly_Father #1 Posted 17 April 2019 - 07:46 PM

    Private

  • Player
  • 7803 battles
  • 6
  • Member since:
    02-07-2017

Hello guys, 

My antivirus has detected a security threat when I've tried to open the news link from the game client.

It looks like I'm exposed to data loss due to the link from the World Of Tanks news.

I will attach the log file exported from my Kaspersky and I hope we can get some kind of clarification.

Thanks.

Attached Files

  • Attached File   security threat wow.txt   5.97K


Nishi_Kinuyo #2 Posted 17 April 2019 - 08:04 PM

    Lieutenant General

  • Player
  • 9022 battles
  • 6,234
  • [GUP] GUP
  • Member since:
    05-28-2011

Maybe you should be more careful about which mods you install.

ALL prior cases that I've seen about this on the forum could always be traced back to some shady modpack.


Edited by Nishi_Kinuyo, 17 April 2019 - 08:06 PM.


SuedKAT #3 Posted 17 April 2019 - 08:06 PM

    Lieutenant General

  • Player
  • 12154 battles
  • 7,990
  • [T-D-U] T-D-U
  • Member since:
    08-21-2014
My guess would be that you either have installed a modpack that came with something you didn't want or have some kind of malware on your computer since it looks like you're being directed to some installation for a video player, the thing I find most hilarious is this: 
Object name: not-a-virus

 

 

There have been numerous cases of people downloading modpacks from bad sources that have come with everything from miners to malware so you would not be the first. The site itself https://wowslegends.com/ and the links both via the launchers and from the popups in-game in both WoT and WoWs came up clean without any such behavior on my side.



Holly_Father #4 Posted 18 April 2019 - 11:35 AM

    Private

  • Player
  • 7803 battles
  • 6
  • Member since:
    02-07-2017
I do not have a mod installed at the moment, used to get the XVM from the official site and also QuickyBabyModPack,but after some very high-ping games I just gave up on mod and I'm using just the normal client.

Attached Files

  • Attached File   WoT Client 4_18_2019 11_30_30 AM.png   2.07MB


Homer_J #5 Posted 18 April 2019 - 12:09 PM

    Field Marshal

  • Beta Tester
  • 32256 battles
  • 35,316
  • [WJDE] WJDE
  • Member since:
    09-03-2010

View PostHolly_Father, on 18 April 2019 - 11:35 AM, said:

I do not have a mod installed at the moment, used to get the XVM from the official site and also QuickyBabyModPack,but after some very high-ping games I just gave up on mod and I'm using just the normal client.

 

Could be something lurking from a previous mod.

 

Try repair/integrity check from the launcher.



Pansenmann #6 Posted 18 April 2019 - 01:13 PM

    Field Marshal

  • Player
  • 36218 battles
  • 13,824
  • [WJDE] WJDE
  • Member since:
    08-17-2012

View PostHolly_Father, on 17 April 2019 - 07:46 PM, said:

Hello guys, 

My antivirus has detected a security threat when I've tried to open the news link from the game client.

It looks like I'm exposed to data loss due to the link from the World Of Tanks news.

I will attach the log file exported from my Kaspersky and I hope we can get some kind of clarification.

Thanks.

 

I would rather check your browser for shady addons or plugins

as I don't get any references to the sites in your logfile when I crawl to wowslegends.com



Homer_J #7 Posted 18 April 2019 - 01:42 PM

    Field Marshal

  • Beta Tester
  • 32256 battles
  • 35,316
  • [WJDE] WJDE
  • Member since:
    09-03-2010

View PostHolly_Father, on 17 April 2019 - 07:46 PM, said:

Hello guys, 

My antivirus has detected a security threat when I've tried to open the news link from the game client.

It looks like I'm exposed to data loss due to the link from the World Of Tanks news.

I will attach the log file exported from my Kaspersky and I hope we can get some kind of clarification.

Thanks.

 

Hang on, there's 2 entries in that log from today, they are blocked through heuristic analysis, so could well be false positives.

 

There's a whole load of other stuff you've been clicking on which is confirmed certain nasties which you don't seem to care about.



Pansenmann #8 Posted 18 April 2019 - 05:48 PM

    Field Marshal

  • Player
  • 36218 battles
  • 13,824
  • [WJDE] WJDE
  • Member since:
    08-17-2012

also, check whether your DNS settings are still OK,

I've seen some manipulated DNS stuff lately too.



SuedKAT #9 Posted 18 April 2019 - 06:29 PM

    Lieutenant General

  • Player
  • 12154 battles
  • 7,990
  • [T-D-U] T-D-U
  • Member since:
    08-21-2014
Dang I didn't even check the dates in the log, I assumed one would upload only the relevant log notes but you do seem to have a bad habit of clicking on "bad stuff" or at least visiting sites that host such stuff. Even though it's a possibility that you downloaded something you shouldn't have downloaded with the modpack and you now have something doing some shady stuff in the background I'm also more leaning towards a hijacked browser in some way, have the log been expanded on since you posted it above? 

Bordhaw #10 Posted 19 April 2019 - 11:09 AM

    Brigadier

  • Player
  • 14893 battles
  • 4,848
  • Member since:
    01-29-2017
Clean https://www.virustotal.com/gui/url/09634caab657d823dfc940fd6d630aaf9327c2d2e3f7a7b8fbd1c50212b8bbf9/detection




1 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users