The DDoS attacks that temporarily took down Blizzard’s Battle.net and Valve’s Steam online gaming services over the end of the year holidays have undoubtedly annoyed players, but posed no danger to them – unlike the recently discovered Trojan disguised as a Curse client.
Curse is a popular gaming and community resource for a number of MMORPG games, and also hosts a World of Warcraft add-on site.
Unfortunately, cyber crooks have managed to create a convincing fake version of the site on which they offered for download the trojanized version of the Curse client, and to make it pop up high up in searches for “curse client” on major search engines.
The Trojan in question has been dubbed Disker, and it is able to steal login information in real time, so it steals both the account login information and the security code that the user receives via the authenticator device, and may result in users’ account being compromised. The Trojan targets only Windows users.
If you think that you might have been infected, deleting the fake Curse client and scanning your computer with an up-to-date AV solution is a good idea.
If you don’t find anything suspicious, you can also do a manual check for the Trojan, as explained in this post by a moderator on one of WoW’s online forums.
If your account has been compromised, report it to Blizzard. But there are also several things you can try before taking that last step.