About that trojan alarm in MobMap
So now it has happened to MobMap, too: the heuristic algorithms of a virus checker program thought they had found a trojan horse named "trojan-PSW.Win32.WOW.arr" in the MobMap installer file.
The virus scanner was the one from Kaspersky Labs. Though no other virus scanner (besides those which use the Kaspersky engine) found anything suspicious in the MobMapInstaller.exe, the alert from one of those programs together with the fact that a trojan horse with this name actually exists set quite some people up and made them suspicious. In the light of the situation of WoW being one of the top priority targets of account thefts all over the world, this is a perfectly normal reaction, even though heuristic algorithms are known to produce way more false alarms than signature-based virus checks.
But thanks to Regnor from EU-Rexxar, who quickly sent the warning in to Kaspersky for further analysis, we can be certain that there is no trojan hidden in the MobMap installer file:
Kaspersky has reacted quite fast and updated their virus signature files. I ran the MobMapInstaller file through the Kaspersky scanner myself last night, and the scanner didn't find the mysterious trojan anymore. To be as secure as possible, I also ran a full system scan on my development machine last night with two different virus scanner programs (none of them reported anything), and I checked my servers and especially the files that are stored for download for any signs of manipulation - but there were no signs to be found.
Of course, that still might not be enough to convince everybody that the MobMap installer file and updater are 100% virus-free. If you are one of those people, I'd suggest you to manually download MobMap and the database from the MobMap website in the form of zip archives. These archives don't contain any executable programs where trojans could possibly be hidden; they consist of only lua and XML files which cannot contain trojans (or, to be precise: there is no known way to inject malicious code that could break out of WoWs UI Runtime system into these files as of today; any good programmer can assure you that it is not entirely impossible that such a way is found one day).
I'd like to personally thank Regnor from EU-Rexxar here for sending that report to Kaspersky! Thanks to him, this entire thing was already fixed by Kaspersky when I saw the first trojan reports here in the comments.
[Edit] Now this is really funny: I just tried to login to the WoW forums and got an error message. Then I logged into account management and found my WoW account to be frozen - which should not be possible, as I had a recurring subscription up and running which I have never cancelled. The last paid timeframe just expired this weekend, but instead of billing my bank account for another six months, Blizzard for some reason decided to freeze my account instead.
I first got a shock because I thought this had something to do with the trojan warning from Kaspersky (maybe someone reported the false positive to Blizzard as a "sure thing", which might cause them to freeze my account because it's no secret that I'm the author of MobMap). But it turned out that Blizzard just "forgot" to bill my bank account - after I had set up the subscription another time, my account was instantly reactivated. Phew...my raid participation tonight is safe again ;-)
The virus scanner was the one from Kaspersky Labs. Though no other virus scanner (besides those which use the Kaspersky engine) found anything suspicious in the MobMapInstaller.exe, the alert from one of those programs together with the fact that a trojan horse with this name actually exists set quite some people up and made them suspicious. In the light of the situation of WoW being one of the top priority targets of account thefts all over the world, this is a perfectly normal reaction, even though heuristic algorithms are known to produce way more false alarms than signature-based virus checks.
But thanks to Regnor from EU-Rexxar, who quickly sent the warning in to Kaspersky for further analysis, we can be certain that there is no trojan hidden in the MobMap installer file:
Hello,
MobMapInstaller.exe
We are sorry, it is false alarm. It will be fixed as soon as possible. Thank you for your help.
Please quote all when answering.
--
Best regards, XXX
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/
Kaspersky has reacted quite fast and updated their virus signature files. I ran the MobMapInstaller file through the Kaspersky scanner myself last night, and the scanner didn't find the mysterious trojan anymore. To be as secure as possible, I also ran a full system scan on my development machine last night with two different virus scanner programs (none of them reported anything), and I checked my servers and especially the files that are stored for download for any signs of manipulation - but there were no signs to be found.
Of course, that still might not be enough to convince everybody that the MobMap installer file and updater are 100% virus-free. If you are one of those people, I'd suggest you to manually download MobMap and the database from the MobMap website in the form of zip archives. These archives don't contain any executable programs where trojans could possibly be hidden; they consist of only lua and XML files which cannot contain trojans (or, to be precise: there is no known way to inject malicious code that could break out of WoWs UI Runtime system into these files as of today; any good programmer can assure you that it is not entirely impossible that such a way is found one day).
I'd like to personally thank Regnor from EU-Rexxar here for sending that report to Kaspersky! Thanks to him, this entire thing was already fixed by Kaspersky when I saw the first trojan reports here in the comments.
[Edit] Now this is really funny: I just tried to login to the WoW forums and got an error message. Then I logged into account management and found my WoW account to be frozen - which should not be possible, as I had a recurring subscription up and running which I have never cancelled. The last paid timeframe just expired this weekend, but instead of billing my bank account for another six months, Blizzard for some reason decided to freeze my account instead.
I first got a shock because I thought this had something to do with the trojan warning from Kaspersky (maybe someone reported the false positive to Blizzard as a "sure thing", which might cause them to freeze my account because it's no secret that I'm the author of MobMap). But it turned out that Blizzard just "forgot" to bill my bank account - after I had set up the subscription another time, my account was instantly reactivated. Phew...my raid participation tonight is safe again ;-)
