I woke up early this morning to discover something interesting in my e-mail inbox regarding my player on Kingdom of Loathing. The e-mail certainly looks official, in fact, it has my e-mail address and the name of my character in the game together, which means that the person who sent the e-mail has this information. However, after a very breif consideration of the language and a few other factors, I concluded almost immediately that his is malware.

If you receive this message, do not click that link!

Dear Instrumental Violinse,

Try the new version of “Kingdom of Loathing”. The new KoL looks cool! Download and run the installer (http://www.kingdomsofloathing.com/newversion/kol.2.0.34.exe).

KoL is, and always will be, free to play.

If you have received this message in error, please ignore it — you will not be contacted again.

Thanks,
Jick

First red flag? It suggests that there’s a new downloadable client for playing Kingdom of Loathing and even offers a link to download it. Kingdom of Loathing is a web-based game that requires absolutely no client. There’s never been a client before (so a new version would be weird) and there’s literally no reason to have one. Almost all of the game’s charm is the fact that it runs in the browser.

Second red flag? The link given to download the malware executable is hosted at kingdomsofloathing.com. The alternate domain name is cleverly disguised with a plural so that it’s hard to tell from a cursory examination that it’s not an official domain for Kingdom of Loathing in the first place.

It seems that the Kingdom of Loathing dev server may have been hijacked by this malware scammer and used to send these e-mails to the users–thus a possible explanation as to why the scammer apparently has access to e-mail addresses and account names for the users who received the e-mails.

This is a developing story. So far Jick and others from Kingdom of Loathing have not commented on the phishing scam e-mails or if their development server is actually compromised or how deep it goes. Kingdom of Loathing has posted a warning on their front page noting that they are being attacked by a phishing scam and warns people not to click the link in the e-mail.

As usual, phishing and malware are common targeting MMO players. Do not click on links from even official looking e-mails from games that you play that send you directly to an executable file. Instead, go to the site, log in, and get it from their back-end. This way you will never fall afoul of someone attempting to fake the site. Common malware sent to MMO players tend to be keyloggers (to grab login credentials and sometimes credit card information.)

UPDATE 9/27/2011 7:45pm: There is now an official thread describing the intrusion and how KoL staff has dealt with the issue. Thanks, pureevil4!

7 COMMENTS

  1. The warning was pretty inconspicuous when I found it on KoL’s front page (I’d actually missed it at first and reported that there was no warning.)

    Glad to be of service. I really hope that it doesn’t turn out that their dev server was hacked. I will update this if any new information comes to light.

    Kyt Dotson did not rate this post.
  2. The problem has been resolved, along with a world event to apologize for the inconvenience. It’s strongly advised (by a large red box that appears every time you log in) to change your password, to be on the safe side.

    Quinn did not rate this post.

LEAVE A REPLY