Hacker Live Chat via Diablo III Trojan

A hack investigator working for AVG Technologies posted a blog entry about his recent encounter, via live chat, with a Chinese hacker. The researcher was investigating a piece of malware embedded within a Diablo III strategy video, debugging the trojan code within it, when the author of the program contacted him, in real time, via a chat window within the program.

This is an impressive and first-time experience in my anti-virus career. I chatted with a hacker while debugging a virus. Yes, it’s true. It happened when the Threat team were researching key loggers for Diablo III while many game players playing this game found their accounts stolen. A sample is found in battle .net in Taiwan.

The hacker posted a topic titled “How to farm Izual in Inferno” (Izual is a boss in Diablo III ACT 4), and provided a link in the content which, as he said, pointed to a video demonstrating the means.

So the trojan is being spread via that, a video that claims to demonstrate Diablo III item farming on Izual. It’s not that, and apparently there’s no video at all, just an .exe file, so you’d have to be pretty noobish to fall for running it. This is the same thing as those emails that used to show up saying they were nude pictures of Anna Kournikova, or whoever. Diablo III is just the medium to trick people into running the program and infecting their machine.

This backdoor has powerful functions like monitoring victim’s screen, mouse controlling, viewing process and modules, and even camera controlling.

We then chatted with hacker for some time, pretending that we were green hands and would like to buy some Trojan from him. But this hacker was not so foolish to tell us all the truth. He then shut down our system remotely.

Regarding this malware, no Diablo III key logging code was captured. What it really wants to steal is dial up connection’s username and password.

The real irony is there at the end. Despite the hack giving the hacker almost total control of the infected machine, there wasn’t a Diablo III keylogger on it. In fact, it was being used to capture user names and passwords for dial up ISP connections. Does anyone playing Diablo III even have such a thing? That seems a bit like robbing a bank only to steal all the nickels, but I’m not a hacker so what do I know.

At any rate, let this be a reminder to you guys not to run janky software just because it promises some special super secret info. The vast majority of hacks and trojans are installed via “social engineer” which can be roughly translated as, “using greed to trick people into doing something very stupid.” The same technique fuels almost all these sorts of things.

Related to this article
You're not logged in. Register or login to post a comment.

20 thoughts on “Hacker Live Chat via Diablo III Trojan

  1. I am playing D3 on dial up. It is possible with a ranged character and playing certain areas. It is limiting for sure but it is possible. I have been playing since launch.

    The patches are the problem, but this is resolved through hotspots such as a public library.

    I am not sure how common broadband is in china but I am sure that dial up is very common, thus the targeting of dial up users.

    Once my Authenticator gets here I can start using the auction house again.

  2. Not a hacker but from a logical point of view, stealing others isp password and codes could be helpful to hide his identity while doing shady stuff. Just a wild guess anyway.

  3. 1st. Who the hell needs help with Izual?
    2nd. Who is willing to downlaod and run exe file from a link that was suppose to be a video link?

  4. While originally spotlighted on Hacker News a week (or so) ago, I am thankful you have posted on this topic as well. Just keep in mind the difference between a cracker (which the intruder was) and hacker (which they were not.) Under “What Is a Hacker?” you can read more:

      • Like virtual, schizophrenia, liberal, socialist, communist, etc…

        Meaning of words change and people use wrong or poorly defined words all the time.

  5. I swear if people are noobish enough to click an Exe file thas suppost to be a video then they deserve it. They should know better, only watch farming videos on a respected site.

  6. Actually once they have it intalled on the victims pc they can do much, much more than just stealing dial up passwords… They can transfer and run executables that dipsplay cd keys to games such as cs/d2… Etc… Then they take a screenshot of the exe that is displaying the key and bam, they now have you’re key. they can also do stupid things such as turn your screen upside down, close and open cd tray, but the scariest one is they can actually start a keylogger, remotely open your task manager, close your game client so that you instantly reopen it and type in your username and pass. They then take this log and bam, have your login info….. If they are fast enough they can even snatch your authenticator code right after you type it provided they do it before it changes. Beware

  7. using and abusing GREED has ALWAYS been the best way to trick suckers

    and it’s ethical, because the only people getting screwed are the dumber cheaters/scammers themselves

    honestly it’s the perfect system, the only problem is not just telling all the whiners crying “i got hacked” to go fuck themselves for being idiots

    if we would just let the morons sort themselves out naturally instead of coddling them, we wouldn’t have as many problems as we do

    and ya, this applies to D3, but to basically the whole world also

  8. I like how you managed to explain these things, after reading the first sentences I realized this is worth reading. Keep us posted with the latest news because we need to know what is happening and how to act in case of any emergency. Keep up the good work you are doing, you enlighted me and I thank you for that.

  9. They’re not trying to steal Dial Up ISP connection account/password.

    Please educate yourself on the topic before you attempt to muse over it.

Comments are closed.