Latest in Gaming

Image credit:

How misspelling might get you keylogged


There have been a lot of scares recently about AddOns having keyloggers in them. For the most part, it turned out to be ads on the sites that were the problem. And now we have the Fraps scare. Unfortunately, no one is immune and it's best to be as careful as possible. Recently, I came across another particularly sneaky way you could get keylogged.

I don't use many AddOns when I play. Cartographer, Auctioneer and Gatherer are pretty much it. I've tried tarting my UI up with some of the fancier mods, but I always come back to my minimalist setup. Because I don't use many, I don't have to upgrade very often and I always neglect to bookmark the appropriate download sites. I'm also a believer in convenience, so I make full use of my Firefox address bar to do my "searches". Firefox will either bring up a Google search for whatever I type in or it will bring up the closest webpage to what I have typed.

Recently, I was looking for an upgrade and I mistyped the name in my address bar. Firefox cheerily brought up the website that matched what I typed. It was a site that listed a few WoW UIs as well as some popular WoW searches. I closed the window, typed what I wanted into my handy dandy Search Box (which is honestly just as convenient) and went on my merry way. I proceeded to play some WoW that night and logged into City of Heroes for a bit as well.

The next morning, my virus program informed me that a Trojan had taken residence on my machine for the purpose of recording my keystrokes. Nice. After I double-checked that the evil program had been removed, I immediately changed my passwords for the games I had played. Happily no damage had been done -- nor do I think I was really at risk. Because of that convenience thing, I let my usernames be saved as often as possible so that the keylogger wouldn't have actually known to what username to link my newly stolen passwords.

At first I blamed the AddOns since that was the only new thing I had downloaded. But then I retraced my steps and remembered the mistyping. That is what makes this whole thing so sinister. I had to think hard to remember I had visited the fake UI site for a few seconds because who remembers the typos one makes while searching?

Earlier this month, Vox pointed out on the forums that there is a keylogging site (DON'T GO!) that is taking advantage of misspelling (that one is OK). Blizzard poster Vrakthris requests that anyone who comes across these sites please report them on their official webform. I would report the one that got me, but I don't remember which one it is and, honestly, I'm scared to go and look for it.

These criminals are clever. They create domain names that are misspellings of commonly searched WoW-related terms and then put "content" on there so that it looks like a semi-respectable place. If you don't get taken there automatically, the sites will still show up looking like valid sites in a Google search. And unless you have your browser setup so that it won't run scripts automatically, just loading the site will load the program onto your computer.

We've said this before, but these are the best ways to keep your account safe:

  • Don't buy from gold sellers and power levelers.
  • Don't share your account info with anyone.
  • Don't download from shady sources.
  • Do keep your anti-virus/anti-spyware tools up to date.
  • Do change your password regularly.
As is usual with criminals, however, they get around your safety measures with tactics like these websites. But I guess that convenience is a small price to pay to keep my precious drood with her leet gear safe.

From around the web

ear iconeye icontext filevr