keyloggers
Latest
Incgamers.com malware mixup fixed
Yesterday, I reported to you that Google (via Stopbadware.org) had marked wowui.incgamers.com (which redirects to wowui.worldofwar.net) as a bad site. Today, the site is reported as clean according to the same report (you can check it out here). Rushter of Incgamers.com explained to us on the comments of the previous article that the problem was with a seperate attack on a different hosted site (which was quickly dealt with, and unrelated to worldofwar.net, says Rushster), but Google marked the whole site as bad. The worldofwar.net UI database was unaffected, he says, and after some back and forth, Google has now dropped the warning. Of course, it's still always a good idea to check your computer for viruses, trojans, and keyloggers regularly, and realize that no website is completely safe (though having a good defense always helps). That said, at the moment it looks like wowui.incgamers.com, also known as wowui.worldofwar.net, is a safe spot to grab your addons from.
Wowui.incgamers.com invaded by malware?
Here at WoW Insider, we've noticed an unusual and disturbing glut of people having trouble with being keylogged or otherwise hacked soon after installing new addons lately (which wouldn't be a surprise -- lots of people were grabbing addons after patch 2.4, so that makes them a likely route for attackers). While it's too early to make any definite connections, It seems like there's one new lead that's just popped up: popular addon site wowui.incgamers.com (not linked for obvious reasons) is apparently passing off bad files, according to reports from Stopbadware.org and other anonymous sources. If you've been using the site for your addons, especially in the past week or so, it might be a good idea to exercise some caution and run your favorite anti-virus or anti-malware program. The site has already been in trouble recently with reports that their UICentral addon updater (now discontinued) was using copyrighted code, and now it looks like there's more trouble abrewing for them. Update: Wowui.incgamers not infested with malware. Full story here.
EVE Online calls RMT evil
GM Grimmi of EVE Online comes out strong against RMT in an official post called 'Real money trading is bad, mkay?' In no uncertain terms, RMT activities are said to be linked to keyloggers, phishing sites, and hacking attempts, and lead to real-world illegal activities like fraud and theft. Grimmi then goes on to say that there is a service available to players who want more ISK that is not only legitimate, but also helps both the game economy and supports other players: the Secure ETC Trading system.From the post: 'When you buy an ETC and then sell it for ISK via the Secure ETC Trading System you are directly contributing to the growth of EVE as the code will be applied to an account and someone will be using it to play. Some players do not have the means to pay for their subscriptions with credit cards or similar and the Secure ETC Trading System helps them pay and play. The economics are quite different as well since wealth is redistributed between active members of the community rather than injected into the game.' This is a much more creative approach to fighting RMT activity than simple banning of accounts (though that happens as well). Bravo, EVE, slam evil!
WoW Rookie: Account Security Basics
Recently we've had several posts about being hacked, guild banks assaulted, and Blizzard's typical response. The Customer Service Forum is filled with threads started by desperate World of Warcraft players seeking the return of their accounts and belongings as a gesture of goodwill. It is our responsibility to keep our accounts safe from hackers. I speak from experience when I say that being hacked is just dreadful. Although it is usually possible to have your account returned, there is usually significant damage done in the process. In the past, even Blizzard employees have had their accounts compromised. This post is designed to help you do the best you can to protect your World of Warcraft investment.
Another blow in the keylogging experience
Thank you all for the encouragement I received in response to my recent keylogging experience. As a whole the experience was just dreadful. As I mentioned on last week's WoW Insider Show podcast, I am still afraid every time I log in that I will get the "The information you have entered is not valid" error. For the most part things have settled down, but the fear remains. The worst part of the keylogging episode was that my Shaman was transferred from a PvP to PvE server. After about a week in limbo my beloved Tauren was returned to her proper place. I was extremely relieved. Unfortunately that's the only thing on my account that Blizzard was kind enough to restore. They refused to return any of my gear or gold and did nothing about the items ninjaed from the guild bank. I appealed their decision with several emails. Those appeals were ubiquitously denied despite logical arguments and heart-filled plights. I thought it was all over, for better or for worse. I got more bad news in my email box the other day:
Hacked and robbed blind, one guild's cautionary tale
Our Guild had been going downhill for a while now. At the beginning of the year, key officers and members, cornerstones of our raiding team, quit the game for one reason or another. Some of our members got hacked, just like WoW Insider's Amanda Dean. This took the wind out from under our sails, despite great success in Serpentshrine Cavern and Tempest Keep. As 2007 closed, I envisioned us taking down Vashj and Kael within the first quarter of 2008. I was stoked. There were good times when we'd take down two new bosses a week. Of course, Murphy's Law happens. While key team members quit the game, others took extended (sometimes unannounced) leaves of absence, and with diminishing raid attendance and obviously performance, other members looked elsewhere for better raiding opportunities. And when it rains, it pours.A little over a week ago our Guild bank was robbed. It was cleaned out -- so empty I could almost imagine the sound of flies buzzing about -- well, okay, it wasn't that empty. On the third tab, the robber was kind enough to leave us ten stacks of Roasted Clefthooves. At first it struck me as odd because we had fixed our Guild permissions somewhat after our GM left the game to take a shot at a relationship and play with his Nintendo Wii. In what order exactly, I can't be sure. He passed the mantle off to one officer who passed it to another officer who later passed it on to me. So for a while, I was GM of a Guild that wasn't quite doing anything but waiting on people to come back to the game. So imagine my shock (more like anesthetized indifference, to be honest) when I was going to deposit items into the Guild bank only to find that it had nothing. Well, nothing but those clefthooves.
Anti-gold-seller FAQ page goes up at the official EU site
World of Warcraft's European site has posted a new page of their FAQ aiming to describe the effects and consequences of third party gold selling, also known as RMT (Real Money Trade or Real Money Transactions). There doesn't seem to be a similar page added to the American site yet, but we've seen enough to know very well that they disapprove as well. The page mostly focuses on the more underhanded tactics the companies use to get money, such as keyloggers and trojans, or simply stealing the accounts of people who paid for powerleveling, and using them as farming bots, or spamming in high traffic areas on level 1 characters with hard to spell names. It's a good start, and certainly reminds people of the harm that these gold farmers do, and how it can hit close to home. As a veteran MMORPGer who's watched Johnathan Yantis and Brock Pierce practically invent the industry and most of the dirty tricks it pulls, I'm glad to see Blizzard continue to make a stand against these types of leeches and hope they continue to do so. I'd love to see them explain more fully how the constant amount of kill stealing and spawn and AH camping they do hurts the game. A campaign of information might be just what we need to stop the gold farmers once and for all. Legal measures and community shame (and thus shrinking of their customer base) for a one-two punch? Here's hoping! Thanks for the heads up, Richard!
Forum Post of the Day: Avoiding keyloggers
Keyloggers have been plaguing the game for a while now, and have begun to embed links into forum posts in an increasingly sophisticated manner. For this reason Lythria on the European Forums has posted an excellent guide to spotting keyloggers and hopefully avoid them. The first thing he suggests is not clicking on a link from a site you don't recognize. There are plenty of sites out there that do safe image hosting for instance, like Photobucket or Image Shack. If the link is asking you to view an image, but you don't recognize the URL, he says pass.The next suggestion he gives is to check up on the poster. Look at their posting history. Keyloggers will often post the same or similar content, and many time the same links. If you look at what else they have posted on the forums, you may get an idea if this is something you should follow up on or not. Also the spelling of links that look legit can be tweaked, with the letter o replaced by the number 0 to fool you. When in doubt, trust other poster's instincts. If someone has replied saying this might be a keylogger, don't be a hero! If the milk smells bad, you don't take a drink. Apply the same caution to links on the forums.Honestly, this whole post should be mandatory reading for anyone who spends a good deal of the time on the WoW forums. Read through the suggestions, and then let us know if you have anything to add that might help your fellow players avoid the keylogging trap.[via European WoW Forums]
Your virtual cash may be worth more than your real cash
This isn't the first time we've heard this, but recently PC World has reported that your virtual assets may worth more than your real assets. From the article:According to Craig Schmugar, a researcher with the McAfee research labs, McAfee now sees more password-stealing malware designed to nab accounts of games like Lineage and World of Warcraft than Trojans that go after financial accounts.Why? Your in-game assets can easily be converted to cash and there's much less legal risk involved in trafficking virtual goods than trafficking, say, stolen credit card numbers. So treat this as a reminder: be careful of keyloggers! (And if you're not sure how, read up on our advice on how to keep your system keylogger-free.)
How to protect your system from keyloggers [Updated]
It's raid night. You've farmed your mats, topped off your repair fun and loaded up on pizza and cola. But for some reason you can't log on. You're sure you typed in the right password, but no go. You IM you guildie: "Are the servers down? I can't get in." His reply sends chills down your spine: "We just saw you at the bank. Why was your toon naked?"Years of hard work gone. Someone else accessed your account and stripped your main of all his gold, bank items and tradable equipment. "But I don't give my password to anyone!" you wail. You don't have to, the keylogger program knows it anyway.What's a keylogger? It's a small, virus-type program that can accidentally be installed on your computer. How might a keylogger be installed on your system? Visiting an untrustworthy web site. Some sites may have code in them that exploit your web browser and cause it to quietly install a keylogging application without your permission. (Note: even turstworthy sites can be hacked! The same hackers who are after your information can hack what you think of as trustworthy sites and add exploit code to them which could give you a keylogger.) Downloading addons (or other files) from an untrustworthy site. Any executable file you download could contain a keylogger or virus, so before you download a file, be sure you're downloading it from a source you trust! Once a keylogger gets installed, it starts recording every keystroke you make. And when you type in your account name and password for your WoW account, it captures that, too. The next time you access the Internet, it sends your private information to the hackers who use it to log into WoW and strip all your characters of everything valuable leaving you with a penniless toon wearing nothing but his trousers.This all sounds pretty scary, but don't worry -- there are ways to protect yourself from keylogging programs!
Keep keyloggers away: New Microsoft hotfix available [Updated]
Back on March 31st Eyonix warned us of a newly discovered Windows vulnerability that could have resulted in keyloggers landing on your system. At the time, Microsoft did not yet have a patch available, meaning that Eyonix's best advice was to "be careful." However, today Microsoft has released hotfixes for all versions of windows that should resolve the issue. So if you're running WoW on Windows, I highly recommend that you run Windows update or visit Microsoft's site to download the hotfix as soon as possible. Trust us -- keyloggers are bad, mmkay?Update: Drysc has made a post regarding this subject highlighting the fact that this patch isn't a keylogger cureall. Says Drysc: The patch released doesn't stop someone from downloading executables and running them without the proper precautions, and you can still be susceptible to keyloggers, viruses, trojans, etc. The update released by Microsoft is a very specific fix for a specific way that a keylogger could end up on a Windows machine, it doesn't protect you from obtaining a keylogger or virus, it merely patches one specific way you could get one. It's important that you be proactive about your computer and its security. And for general security purposes, he advises reading this post on keeping your login information secure and Blizzard's support page on account security.[via MMO-CHAMPION, which has links to more technical information]
More security warnings from Blizzard
Blizzard seems to be getting more serious about security awareness. It wasn't that long ago that Nethaera was warning us about a specific keylogger threat, but this Friday Eyonix has alerted us to a new security risk that could land keyloggers on your computer. The issue? This time it's not a specific threat or even a vulnerability specifically aimed at Warcraft players. Instead, Eyonix directs us to information on this Microsoft vulnerability which, if exploited, could allow malicious code (like a keylogger) to execute on your computer by simply clicking a web link. As there is not presently a patch available to fix this issue, users are advised to take caution in clicking on links in web pages and e-mails. What do we mean by cautious? Well, just be careful not to click on links from sources you don't trust or that link to sites you aren't familiar with. And while some forum posters point out the irony in Eyonix's warning about clicking on links followed by a link to Microsoft's web site, I have to say that I don't think Blizzard would joke about security issues -- this is serious stuff!
Blizzard reminds us to be careful of keyloggers
According to CM Nethaera, there's a recent outbreak of posts on the forums linking to hostile programs (keyloggers). What's a keylogger, you ask? Well, it's a piece of software that gets installed on your computer -- either because you've installed something without knowing what it was or because the program has exploited a vulnerability on your computer and installed itself without your knowledge -- that tracks everything you type and reports the information back to someone, somewhere. Often, it's used to to steal valuable information like account passwords, credit card numbers, banking information, and the like. But in the case of World of Warcraft, it's often used to steal your account name and password -- which can then be stripped for items and gold to be resold for cash. Certainly not something any of us would like to happen to our accounts -- so it's probably a good idea to heed Blizzard's warnings. Specifically, we're warned against links to a file named tonydanza.a11net with the extension .html. So if you see something like this linked from the forums? Pay attention to Blizzard's warning page that you're visiting a non-Blizzard site and don't click it!And if you're interested in what you can do to keep your computer secure, Blizzard has some general advice on their support site. And for more specific advice, forum poster Semoravene has provided us all with more specific details on keeping your computer safe from viruses and other harmful programs (that means keyloggers!). And if you think your account may have already been compromised, the next step is to contact Account and Billing services -- but be warned, getting your account back can sometimes be a bumpy ride.
