keylogging
Latest
The big stores that track your every online move
A study by Princeton researchers came to light earlier this month, revealing that more than 400 of the world's most popular websites use the equivalent of hacking tools to spy on you without your knowledge or consent.
The Daily Quest: Feeling safe and warm
Here at WoW.com, we're on a Daily Quest (which we try to do every day, honest) to bring you interesting, informative and entertaining WoW-related links from around the blogosphere. Is there a story out there we ought to link or a blog we should be following? Just leave us a comment and you may see it here tomorrow! Take a look at the links below, and be sure to check out our WoW Resources Guide for more WoW-related sites. For many realms, Ruby Sanctum is up and running, and Halion's being smacked around by countless guilds (check out our Halion guide to learn how your guild can smack him around, too). With Ruby Sanctum as the last raid before the release of Cataclysm, players are still looking forward to the Cataclysm beta. With the beta now up and running, players are subject to piles of false email and announcements from people trying to steal valuable account information. With all these scammers trying to worm their way into player's accounts, how about we take a visit to that ever-pertinent blogging topic, account security? Letters from Birdfall has some wise words about security programs and what you can do to avoid the dangers of keylogging. Slice and Dice talks about safeguarding your guild bank. Flame Shock talks about phishing emails, what to look for and how not to write them. Now that we're feeling a little more secure, let's visit Oddcraft and get warm and cozy with a statement from A Basic Campfire.
Blizzard warns against buying gold
If it wasn't already obvious, Blizzard put together a page on their official website making clear their stance towards buying in-game gold, and have just recently given it another big push. To put it simply: don't. The page outlines what we at WoW.com have known for quite some time (hence our collective stance against buying gold) -- that gold buying harms other players. The site doesn't go into specifics other than to say that gold selling companies often acquire their gold through unscrupulous means. They sum up their statement by saying that "players who buy gold are supporting spamming, botting, and keylogging." Basically, if you're a gold buyer, you're part of the problem. No, seriously. Gold sellers acquire gold by hacking into other players' accounts, taking their gold, selling all their items, and sometimes maliciously deleting their characters. That gold you think some Asian spent hours farming in Nagrand or something is more likely to be some other player's hard-earned gold and the seller is just as likely to be some dude from Jersey. As tempting as buying gold may seem -- and I've read many arguments towards why people buy them -- the bottom line is that it is harmful to the game and you're not doing yourself any favors in the long run. Blizzard says that it "diminish(es) the gameplay experience," but that's putting it nicely. Gold selling and power leveling are against the EULA, anyway, so anybody who patronizes these services are in danger of getting banned. And if you don't believe in buying gold (go you!), protect yourself by getting an authenticator or reading up on account security.
The Queue: Nuts and bolts
Oh boy. Most of us are the walking dead after BlizzCon, but let's get back to something resembling normalcy with a Queue. We're going to start off today with an important matter concerning authenticators and account security, then move on to a bit of WoW.com business and Onyxia. I'd also like to direct attention to two really good comments from the last column re: technical issues, Shadow's and Logarth's.Zerounit asks... I recently got an Authenticator in the mail and I noticed something while I was inspecting it: there appears to be no way to open it short of cracking it open with large objects. Is there a battery life on these? If it stops giving me my magic codes, will I have to get a new one? I got an authenticator for my own use recently and have to admit I hadn't thought to look into the battery life, which is a very good question indeed. A dead authenticator means you have no way of getting into the game (or even into your online account) without official help from Blizzard. Turns out the little security doodads are manufactured by a company named Vasco, and after poking around their website, I'm reasonably certain that Blizzard authenticators are a variant of Vasco's DIGIPASS GO 6 model. What makes me so sure? The GO 6 model page is the only one accompanied by an article on fraud and hacking in online gaming. They don't come right out and say that Blizzard is a customer, but unless Hello Kitty Online is a bigger hive of scum and villainy than even we gave it credit for, you don't have to be a genius to figure out that World of Warcraft figures prominently in MMORPG account theft.
Antivirus company claims viruses are out to get you
McAfee Avert Labs, a monitoring and research division of McAfee Inc., claims that malware attacks are on the rise, and the targets are often gamers. According to McAfee, there was a 245% growth in the amount of malware being developed from 2006 to 2007, with roughly 300% more developed from 2007 to 2008. So far this year, development already exceeds 2006 and 2007 combined. Earlier this year, McAfee released a list of some of the most dangerous web domains. Even major, reputable websites are not immune, although the problems are usually addressed almost instantly. Commonly targeted websites include social networking sites like Facebook, as well as gaming sites.The developers harvest the information, and sell it to others who then exploit it, possibly to steal your account information. With so little time until Wrath of the Lich King, I'd like to remind everyone that buying gold or power-leveling services is not only not permitted, it is likely to get you burned. For more information on protecting your computer from keyloggers and other malware, check out the following guides:
WoW Insider Interview: Blizzard speaks about Authenticator security
About a month and a half ago, we reported on the story of a player who had apparently gotten their account hacked while they were using the new Blizzard Authenticator key, and it raised a lot of questions in players' minds about the only hardware Blizzard's ever made: just what does the Authenticator do to protect players' accounts? Have Authenticators actually prevented accounts from being hacked? And what would it take to, through social engineering or other methods, actually remove an Authenticator from an account?At the time we published that first story (which was later disputed by a customer support representative), Blizzard contacted us here at WoW Insider, offering to clear up players' concerns about the new keys. We quickly submitted to them a few questions pulled from our own writers and a few submitted by readers, and they've now returned the answers to us -- you can find Blizzard's answers to our questions about the Authenticator after the break. Thanks to Blizzard for answering our questions about how these keys work, and clarifying some of the issues around their security.
Two new keylogging worms to watch out for
Microsoft's malware blog is warning of two new worms that attempt to steal account information for online games from Windows XP or Vista users. These worms are breaking previous keylogging success rate records and are worth educating yourself about.The first one is called Taterf which has infected over 1.2 milion machines worldwide during its first week. The other worm is called Frethog and has so far a 650,000+ machine first-week infection rate. These rates are stunning to malware specialists who are used to seeing these kinds of numbers only after a month of the worm's existance. These worms take advantage of Windows' autoplay and autorun functions that run for CDs, DVDs, and some USB sticks. They can be sneaky about it too. They try to disquise autorun with other pop-up dialog boxes, like "Show me these awesome pictures." You do need to confirm this action manually, but this obstacle hasn't much limited the spread of the worms to date.Make sure you read the instructions on Microsoft's support site for how to protect yourself from these worms. The short answer is to disable autorun from CDs under XP (a registry change) or to change the same option from the Vista control panel. You should also disable autoplay as an even greater precaution. Also, of course, make sure you check the box on the WoW login screen to save your account name. That way if you do get infected with a keylogger, they won't be able to see your keystrokes for both your account name and your password.
Make way for maintenance day
Maintenance day is underway until 2pET/11aPT and many WoW fans are searching for something to do, while players with day jobs log on to point out that they can never play during these hours. Fortunately, we have lots going on today, as well as some highlights from the past week that you won't want to miss. Wrath of the Lich King: Compilation of everything we know of to date about Death Knights, the new hero class we'll be seeing with the expansion. The new expansion is now in alpha testing! Read on to find out what this means, as well as what it doesn't mean. Arena Season 4: A great analysis of when arena season 4 might begin.
Your Christmas gift could be hacking your WoW account
Hackers seem to be trying more and more ways to get legitimate accounts out of players hands and working to steal and farm more gold, but if you think they've had some sneaky schemes in the past, you ain't seen nothing yet. Our colleagues at Massively have a story that's both amazing and disturbing at the same time. A lot of geeks found a digital photo frame under the tree this year. Seems like a good idea, I'm sure a lot of us have a pretty large collection of digital photographs stored on memory cards and flash drives that we just haven't quite gotten around to printing for display. Unfortunately, certain frames sold at Best Buy, Target, Costco and Sam's Club come with an extra undocumented feature, in that they have a nasty little bug that's being dubbed Mocmex. The bug can burrow its way into your computer, latch itself in, and sniff out account information. It doesn't seem to affect Linux or Macs, at least not in its current form, but right now there doesn't seem to be a single manufacturer or frame type that's infected, so the origin of the bug hasn't been nailed down. If you think you've got one of the infected picture frames, Massively recommends contacting the SANS institute and calling the store where the frame was purchased. You can check their story for the contact information. The upside of this, I suppose, is that if the farmers are starting to branch into using peripherals to steal our accounts, they may be getting pretty desperate. The downside is, when we have people who practice safe web browsing and keep a clean computer getting bitten, like our Amanda Dean for example, we could be in some trouble. With any luck, all the major virus programs will have a cure for Mocmex and programs like it soon. In the meantime, it looks like we'll have to be extra careful about what we install on our computers, and make sure our anti-virus programs and firewalls are up to date.
BlizzCon Hoax [Updated]
Evidently attendees of BlizzCon have begun receiving emails claiming that Wrath of the Lich King Beta will begin in only three weeks. According to Bornakk, these emails are a hoax, and the original statement provided regarding such a beta still holds. There is currently no WotLK beta, and should one be in the works, there would be an announcement on the official site. As always, please remember to be especially cautious when asked to provide any account information. Do a search to find out if anyone else has received the same requests, and under what circumstances. If you are concerned about keylogging programs, refer to our guide on protecting your system.Update: Despite the fact that the rumors, and emails, have been floating around for a little while, Bornakk's official response came yesterday.
Forum Post of the Day: Avoiding keyloggers
Keyloggers have been plaguing the game for a while now, and have begun to embed links into forum posts in an increasingly sophisticated manner. For this reason Lythria on the European Forums has posted an excellent guide to spotting keyloggers and hopefully avoid them. The first thing he suggests is not clicking on a link from a site you don't recognize. There are plenty of sites out there that do safe image hosting for instance, like Photobucket or Image Shack. If the link is asking you to view an image, but you don't recognize the URL, he says pass.The next suggestion he gives is to check up on the poster. Look at their posting history. Keyloggers will often post the same or similar content, and many time the same links. If you look at what else they have posted on the forums, you may get an idea if this is something you should follow up on or not. Also the spelling of links that look legit can be tweaked, with the letter o replaced by the number 0 to fool you. When in doubt, trust other poster's instincts. If someone has replied saying this might be a keylogger, don't be a hero! If the milk smells bad, you don't take a drink. Apply the same caution to links on the forums.Honestly, this whole post should be mandatory reading for anyone who spends a good deal of the time on the WoW forums. Read through the suggestions, and then let us know if you have anything to add that might help your fellow players avoid the keylogging trap.[via European WoW Forums]
