The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Detail on spyware: Blizzard's Warden

Posted by Xavier Ashe on October 10, 2005

I recently performed a rather long reversing session on a piece of
software written by Blizzard Entertainment, yes – the ones who made
Warcraft, and World of Warcraft (which has 4.5 million+ players now,
apparently). This software is known as the 'warden client' – its
written like shellcode in that it's position independant. It is
downloaded on the fly from Blizzard's servers, and it runs about every
15 seconds. It is one of the most interesting pieces of spyware to
date, because it is designed only to verify compliance with a EULA/TOS.
Here is what it does, about every 15 seconds, to about 4.5 million
people (500,000 of which are logged on at any given time):

Hoglund gives a very in-depth description of his findings on rootkit.com
Blizzard has always tried heavy handed practices when defending thier
software.  Its good to know exactly was Blizzard's spyware is
doing.


Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: