Hacked :(

[Sandrion]

I've become the victim of hackers as well. My gold and items have been removed from all my characters . My banks are empty as well.
 
I've requested a rollback of my account. Hopefully they'll be able to do it before TBC arrives.
 
This sucks bigtime .
 
The keylogger was called ir32_a.exe and came from either worldofwar.net or allakhazam, so be carefull!
 
 
P.S.: ffs where are the /cry smilies when you need them.

[TeaLeaf]

Bad luck Sandrion, I sincerely hope they get you sorted out real soon :sad:

TL.

[Bob]

That really sucks mate :sad:
Hope things don't take too long to sort out!

[Mazii]

That sucks bigtime, m8 ((

[Bastet]

Damned, another.... Hope you get it back soon m8

[Nefertem]

Oh buggery be..

Im starting to worry.. I've checked the addons and stuff, but this always happens to me, so I hope this will be an exception..

Get ya stuff back mate :sad:

[Vargen]

Here, borrow my /cry 'smilie'

[Akall]

A) Why your /cry emote char has no pants... :g:

B) Using my G15 to 'type' the password with a macro will avoid that to be stolen or is just my naive view of things?

and

C) Hope you will get back all your things m8!

[Bastet]

i think its the trauma from having to battle ragnaros for eons floating back to the surface :narnar: and i support C

[Luminance]

They got another victim
sorry to here it m8, hope they work overtime to get it back!

[Carr0t]

B) Using my G15 to 'type' the password with a macro will avoid that to be stolen or is just my naive view of things?

Your naive view of things I think mate. The password still has to be entered character by character into the field when you log in. It makes no difference whether that is done by hand or with a shortcut macro.

One thing i'm curious about: all these people getting hacked. Are they trying out new and lesser known addons that have the keylogger etc in, or are they getting embedded in stuff that's well known like Titan, CTRaid etc while they're on the sites?

[Bob]

Your naive view of things I think mate. The password still has to be entered character by character into the field when you log in. It makes no difference whether that is done by hand or with a shortcut macro.

I don't think you're all correct here Carr0t. Even though I don't think you're safe just because you use a macro from the G15 or whatever, it does make a difference.

The programs that are used to steal your password, is so called key loggers, which means that they log (obvious enough ) key strokes (since it's not possible to directly read the content of the password field). If for instance that G15 is programmed to just paste something pre-made into the password field (in other words, the same as you yourself was copying the password from a text file and pasting it in the password field), the only thing the key logger would get is the + key strokes.
Now on the other hand, I don't know anything about the API towards the G15, so it is very possible that it's possible to exploit it in some other way, the only thing I'm saying is that it's not necessarily the same

[Vargen]

I don't think you're all correct here Carr0t. Even though I don't think you're safe just because you use a macro from the G15 or whatever, it does make a difference.

The programs that are used to steal your password, is so called key loggers, which means that they log (obvious enough ) key strokes (since it's not possible to directly read the content of the password field). If for instance that G15 is programmed to just paste something pre-made into the password field (in other words, the same as you yourself was copying the password from a text file and pasting it in the password field), the only thing the key logger would get is the + key strokes.
Now on the other hand, I don't know anything about the API towards the G15, so it is very possible that it's possible to exploit it in some other way, the only thing I'm saying is that it's not necessarily the same

I actually think the G15 just types it really fast. As you can use it for game functions as well. So I guess it would be the same as typing it in.

[Sandrion]

Well there is always a way to monitor it. CTRL-V might work now, but they can also dump the content of your scrapbook after logging in successfully. That's really easy to do. But there are also other, more advanced, ways to get someone's account data including their password using a 'virus' (it doesn't involve keyloggers, but I'm not gonna say how since I don't want anyone to get any bright ideas :narnar: ).
 
One thing Blizzard should do is stop storing your account name in plain text in the config file when you enable the 'remember me' feature. Is it to much to ask to encrypt it? That would make things a lot harder for them, since they have to disassemble the WoW binary to find out how they decrypt it and where the keys come from. It's not impossible to break, but it is rather difficult and requires a lot of knowledge.
 
Blizzard should really put some effort into security, because it 'seems' like they don't care. Right now they're just cleaning up behind the hackers, nothing more.... More and more people are effected by this every day :sad: .
 
 
Btw, on how I got it:
I know I received the keylogger called ir32_a.exe two days ago. My main suspect is www.worldofwar.net, since I remember my comp starting to slow down for a moment while visiting that site and my browser crashed directly afterwards. They're probably exploiting a leak in IE. It could also be the case that I got it from allakhazam, since the program that updates the WoWReader generated some kind of 'weird' exception when I ran it.
 
So be carefull if you weren't already. If you notice anything strange after visiting a WoW related site, do NOT log in to WoW and scan your system for viruses first! If a virus is found (WoW related or not) change your password(s) ASAP. You don't want this to happen to you.

[Andin]

Too bad mate:angry: ,Hope you get ur things back on all your characters!