Security

World of Warcraft's spykit goes polymorphic

Blizzard's latest patch to The Warden spykit comes with an important change -- by incorporating a random cryptographic hash in every copy of The Warden, the application is effectively rendered polymorphic.

Blizzard's latest patch to The Warden spykit comes with an important change — by incorporating a random cryptographic hash in every copy of The Warden, the application is effectively rendered polymorphic.

For the less initiated, The Warden was designed by Blizzard as an anti-hacking sentry against cheating in World of Warcraft. The Register offers a brief outline of what The Warden does:

From the moment players log into the game, The Warden checks open window names, process names, memory modifications, DDL names, and other pieces of data in the background. The goal is to determine if the user has a specific hack or program loaded and sends back a "yes" or "no" answer to Blizzard.

The application is a cause of concern with some privacy advocates, though Blizzard does have a responsibility to maintain the marketability and game experience of WoW by weeding out cheaters.

Now, polymorphic code is more commonly used in computer viruses and worms as a way to avoid detection from traditional signature-based anti-virus and intrusion detection software. Blizzard is probably targeting third-party tools such as The Governor and ISXWarden, which monitors The Warden application to curtail activities the authors deem invasive.

With this change however, the potential safeguard is now lost, as it is no longer possible to identify The Warden.

Would you purchase software where use of a Warden-like monitoring application is mandatory?

About Paul Mah

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

Editor's Picks