WarCraft: Lord of the Clans - Avira Blog

Beware of crafty WarCraft malware

The WarCraft backstory

In this case, the company is Blizzard Entertainment and the game is ‘WarCraft Adventures: Lord of the Clans’. There is no need to bore you with the whole story about the development and decisions that led to its cancellation years ago: If you want to read it though,  you can do so here. You can also take a look at the game itself at the bottom of the article – there is a full length “Let’s Play” available online.

Now, back to topic. What does not normally happen is that a cancelled game from a company as prominent as Blizzard leaks after being buried for 18 years. It was a huge surprise when a Russian guy named Reidor posted “This is my gift for all Blizzard fans, old and new” in an obscure forum that deals with Warcraft lore – and added a link to a media fire download of the adventure game. His message has since been edited.

Where can I get it?

If there’s one thing that can be said about Blizzard, it’s that their legal department works fast. After being in the news for a couple of hours, the file was removed from the net again – quickly and thoroughly. Everyone who didn’t download the game fast enough was out of luck. But hey, what’s the internet for? After all, we all know that once you put something online it will never vanish completely, right? So I went on a search for the long lost game.

Here’s what I found out

This is the first link I stumbled upon during my search. Well, that was fast – could it really be that easy? So let’s download it and see if I can take a peek into the ‘Lord of the Clans’. The download finishes fast and is a bit on the smaller side: a mere 43 MB. The look into the file structure of the downloaded .rar file is also discouraging. It looks completely different from my original download:

warcraft_clans_03  warcraft_clans_04
Luckily the downloaded archive wasn’t malicious – after digging a bit further, I discovered that I fell for remnants of an old Aprils Fool joke. The big problem though: It could have been malware and in my greed to get the game I would have installed it blindly.

Let’s continue the hunt. Blizzard was fast and very thorough – there are not a lot of links left. I am almost ready to give up. Damn, I really wanted to play this game! Ah, here is one link I haven’t tried yet and I can even get an .exe file. Now that should make the install way easier. Luckily Avira warns me before I can install a file that would have put everything but the game on my PC.

warcraft_clans_02 warcraft_clans_01

What now?

I am finally giving up. There are some more websites that I try to visit, but all of them get blocked immediately. I asked one of our security experts, Elias Lan, what’s up with that. Why do we block a theoretically helpful installer that could give me what I want?

His reply was discouraging. According to Lan, one of the files I wanted to download is a PUA application. It doesn’t have anything to do with the game I’ve been looking for. It’s rather an elaborated scheme to trick me into installing something which otherwise would never find its way on my PC. In this specific case an installer for “Springfiles” is wrapped into my supposed “wrapped_adventures_lord_of_the_clans_downloader.exe(iso)” file. As soon as it is executed it force installs itself. Once opened, the setup procedure can’t be minimized anymore.

springfiles springfiles2
While Springfiles might look attractive at first – it allows you to search for the files you want without any hassle – it is an insecure download browser. Most of the results it yields are torrent files: And everyone knows that torrents still have a potential risk field left. Is the file you’re downloading really what you expect it to be? Do you know where the torrent originated? Etc.

springfiles3

On the bright side Springfiles apparently is not up to speed and the requests lead to the known torrent frameworks “torrentz.eu” and “kickass.to”. Both of them have been down for some time now (well, Torrentz.eu only for a month, but still!).

springfiles4

So, what have I learned?

  • Persistence brings results – You can still find the download if you are really looking.
  • The results may (negatively) surprise you – Don’t download and open/install stuff blindly – EVER!
  • Always be prepared for surprises – It is important to have a good antivirus that warns you about downloads that are really not what you are looking for.
  • Here come the lawyers – Blizzard is fast and thorough.

This post is also available in: German

PR & Social Media Manager @ Avira |Gamer. Geek. Tech addict.