IMPORTANT: Keyloggers

Tirkad · August 04, 2009, 09:41:14 AM

As you may found in some previous posts, it seems Roary has been the last one in the guild to suffer from this plague. I found many rumors, confirmed by more than one friend, that both curse.com and worldofraids have an auto-installing keylogger. I suggest you to avoid those sites, becouse the consequences could be very annoying, at very least.
I don't think i've ever used the above mentioned sites (i use wowinterface for addons) and i have a blizzard autenticator. However if you see me online this morning, well it's not me, since i'm at work in this very moment and won't be back till the early afternoon at very least.
As always i suggest you to scan your pc with an anti-spyware and a good anti-virus, and to keep them updated. It's the safest way to avoid getting your wow experience spoiled.

Azunai · August 04, 2009, 09:43:41 AM

fak I visited WoR this morning. Now I'm scared to log in lol. Any idea how I would recognize it? My Sophos company edition didn't give any warnings...

Tirkad · August 04, 2009, 09:46:11 AM

There are some suggestion on the official forum, HERE is the blue post that shows you how to keep the account safe.

Gandalf · August 04, 2009, 09:49:06 AM

http://eu.blizzard.com/store/details.xml?id=221003132

Get one of those. I have one, and they really help secure your account. Even if you get compromised, they will not be able to log in without your authenticator.

And to put everyones mind at rest. The bank is safe. Members only have access to the first tab, which is mostly junk. They have no access to the cash. Officers have access to all tabs, but again only limited amounts of cash (100G a day I believe) Even I don't have full access to the cash. There is only one account that does, which is kept under lock and key.

TeaLeaf · August 04, 2009, 09:53:14 AM

WoR got a script from a Blue post thread which their blue post tracker managed to pull over to their site. Looks like Curse got the same problem and it relates to an Adobe Flash bug for which a patch has been issued.

* a.exe
* b.exe
* c.exe
* 6to4ex.dll

These are the 'known so far' problem files. There might be more, but those are the ones posted.

Tirkad · August 04, 2009, 09:58:37 AM

Quote from: Gandalf;285070http://eu.blizzard.com/store/details.xml?id=221003132

Get one of those. I have one, and they really help secure your account. Even if you get compromised, they will not be able to log in without your authenticator.

I bought my authenticator when i knew the GM of Genesis had been hacked and the guild got disbanded... sad story, but you can learn a very good lesson from it.

kregoron · August 04, 2009, 11:18:48 AM

Quote from: Gandalf;285070http://eu.blizzard.com/store/details.xml?id=221003132

Get one of those. I have one, and they really help secure your account. Even if you get compromised, they will not be able to log in without your authenticator.

And to put everyones mind at rest. The bank is safe. Members only have access to the first tab, which is mostly junk. They have no access to the cash. Officers have access to all tabs, but again only limited amounts of cash (100G a day I believe) Even I don't have full access to the cash. There is only one account that does, which is kept under lock and key.

Bought myself a few some months ago, for the people with certain mobile phones can now also get a software version from bliz that utilises the same code so can be used as a authenticator

Inspiron83 · August 04, 2009, 11:30:06 AM

Scary stuff, though i do use Firefox+Noscript+Adblock so that could help a little. I have been after those little authenticators for a while but they just don't ship em here, which is a shame really. Even tried to see if i could get the mobile authenticator but of course, i use a Samsung Omnia that runs in Windows Mobile and they apparently don't have a program for Windows phones :ranting2:

Lexander · August 04, 2009, 03:36:46 PM

Quote from: TeaLeaf;285073* a.exe
* b.exe
* c.exe
* 6to4ex.dll

These are the 'known so far' problem files. There might be more, but those are the ones posted.

As far as I know, not a single addon needs .exe files so why can't the sites just scan for them and remove if found ?

Gandalf · August 04, 2009, 03:44:26 PM

News on curse about it. http://www.curse.com/articles/curse-en-news/526956.aspx

Mat · August 05, 2009, 10:05:59 AM

Guys, besides of all tokens and other security stuff, there is one very important and easy thing to protect yourself from keyloggers. Keylogger to hack your account needs both your account name and password. So never type it together! Click option to remember your account name, so on daily bassis you need to type your password only. If you need to log to blizz account management, from starting wow page Ctrl-copy your account name and paste it, so again keylogger in best case will get only your password.

Mat