Just to compile the important posts into one:
That's right three viruses in two days.
Looks like the same people this time pretending to be the Curse Updater. Please don't be fooled into downloading this one either.
F-Secure Client Security says:
Code:
22 October 2008 16:28:25 - 16:28:28
Computer name: ----
Scanning type: Scan target
Target: Addons\30000\CurseUpdaterzip-1224675514.zip
Result: 1 malware found
Trojan-Spy.Win32.Ardamax.n (virus)
The relevant forum thread here is
http://forums.wowace.com/showthread.php?t=14710
Just to clarify:
NO ONE from Curse had anything to do with this, I've reported it to have it taken down.
More Intel:
File is/was a fake. The readme.txt in the archive is a verbatim copy of the wikipedia entry on Kafka and the only other file is a file called MetzRemix.exe which is virus/trojan infected. This has nothing to do with the curse client nor does it have anything to do with the real MetzRemix which is an actual UI compilation, and everything to do with someone trying to trick people into installing a trojan by using a fake association.
The offending poster Quarenteen (
http://wowui.worldofwar.net/?p=profile&u=411659) faked being WoWAce and Curse. WoWUI has claimed to have banned that user now. I hope they share IP with wowinterface and curse to avoid that the same folks try other ways to trick people again (without at least switching IP addresses).