Another keylogger detected on the forums

More specifically, a keylogger was caught on the Icecrown boards early this morning. This particular keylogger, like many others before it, attempts to exploit the ANI cursor vulnerability in Windows. As user Madhava on the forums explains:

[The link is] not meant to fool the interceptor, Its meant to fool people. It disguises what website you are actually going to by using those escape functions. Firefox refuses to follow those links (for good reason), but I'm not sure about IE... The hijacked site has an embedded link to malicious javascript hosted on a Chinese server. That javascript attempts to exploit the ANI exploit and the Iframe exploit to load a trojan named 'test.exe'.
'Test.exe' is detected by most antivirus as a trojan: Trojan-PSW.Win32.Agent.im or Trojan.Agent.im — Basically a password stealer for WoW and maybe a backdoor.

Between more keyloggers popping up on the WoW forums, and reports from the LJ WoW community about people's accounts being hacked and characters being transferred to other accounts and/or servers... (Ostensibly to get a large sum of gold to another server so it can be sold, or to set up the character on a new account for sale.) Now is a good time to make sure you've got all your updates for your operating system, virus scanner, and browser, as well as any other scanners you may have. Then set your machine up to do some additional maintenance while you're asleep or AFK — like a nice deep system scan. And of course, don't ever follow a link from the forums that you don't recognize as being from a legitimate webhost.

In the case of your machine's safety, there is no such thing as being too careful. For those curious, more information is available in Blizzard's customer service FAQ.

[via the WoW forums and the LJ WoW community]