Dubious sites using addons as a bait for trojan distribution

[SaraFdS]

Since I read a thread here at WoWI, about sites hosting addons without their author's permission, I've been googling my own addons every now and then. Until today, I only found the "official" pages at Curse and WoWI, as well as some sites that took over the info text and changelog, but didn't host it themselves, they just link to Curse and WoWI, which seems alright.

However, today I found something that was supposed to be my addon on a site called http://www .free-wow-cheats .com/ (visit at your own risk..). Short story: clicking the download button would not redirect me to an official page or let me dl the original zip file, instead it would dl an .exe, which I let Kapersky test:

Zu überprüfende Datei: wow2407808130935.exe - Infiziert wow2407808130935.exe/archive comment Ok wow2407808130935.exe/for_wow_3.3/background/moo.tga Ok wow2407808130935.exe/for_wow_3.3/border/roth.tga Ok wow2407808130935.exe/for_wow_3.3/Bot/HealBot_Titan.lua Ok wow2407808130935.exe/for_wow_3.3/Bot/HealBot_Titan.xml Ok wow2407808130935.exe/for_wow_3.3/Bot/setup.exe Infiziert: Trojan-GameThief.Win32.OnLineGames.xamq wow2407808130935.exe/for_wow_3.3/Bot/TitanHealBot.toc Ok wow2407808130935.exe/for_wow_3.3/Fonts/Changelog-SharedMediaAdditionalFonts-1.0.3-release.txt Ok wow2407808130935.exe/for_wow_3.3/Fonts/Core.lua Ok wow2407808130935.exe/for_wow_3.3/Fonts/embeds.xml Ok wow2407808130935.exe/for_wow_3.3/Fonts/SharedMediaAdditionalFonts.lua Ok wow2407808130935.exe/for_wow_3.3/Fonts/SharedMediaAdditionalFonts.toc Ok wow2407808130935.exe/for_wow_3.3/Fubar_HBskinFu.lua Ok wow2407808130935.exe/for_wow_3.3/HBskin/gpl.txt Ok wow2407808130935.exe/for_wow_3.3/icon.tga Ok wow2407808130935.exe/for_wow_3.3/libs/CallbackHandler-1.0/CallbackHandler-1.0.lua Ok wow2407808130935.exe/for_wow_3.3/libs/CallbackHandler-1.0/CallbackHandler-1.0.xml Ok wow2407808130935.exe/for_wow_3.3/libs/LibSharedMedia-3.0/lib.xml Ok wow2407808130935.exe/for_wow_3.3/libs/LibSharedMedia-3.0/LibSharedMedia-3.0.lua Ok wow2407808130935.exe/for_wow_3.3/libs/LibStub/LibStub.lua Ok wow2407808130935.exe/for_wow_3.3/libs/LibStub/LibStub.toc Ok wow2407808130935.exe/for_wow_3.3/readme.txt Ok wow2407808130935.exe/for_wow_3.3/setup_.exe Infiziert: Trojan-GameThief.Win32.OnLineGames.xamq wow2407808130935.exe/for_wow_3.3/Shared/Changelog-SharedMedia-r177.txt Ok wow2407808130935.exe/for_wow_3.3/Shared/INSTRUCTIONS for MyMedia.txt Ok wow2407808130935.exe/for_wow_3.3/Shared/MyMedia.bat.txt Ok wow2407808130935.exe/for_wow_3.3/Shared/SharedMedia.lua Ok wow2407808130935.exe/for_wow_3.3/Shared/SharedMedia.toc Ok

It doesn't even contain my addon, just a bunch of seemingly random files and two trojan-infected .exes, which leads me to my main question/concern: Is there anything one could do against them using addon names and descriptions as a bait to get users to dl their trojans?

Another issue is, that there is absolutely no legal or contact info on their site.

Tbh, I think noone should fall for such scam, however, there are people who do, and nevertheless, I feel uncomfortable with them using my (and others') addon descriptions and names as a bait.


So, please tell me, is it some already widely known scam, that I just managed to stumble upon today, against which nothing can be done, or is there any chance to do something about it?

[Phanx]

You could run a WHOIS query on their domain name. The person who registered the domain probably knows exactly what it's being used for, but the company hosting the site may not, so you could try contacting them to report the issue.