Sleeper Cartel Tabard

Sleeper Cartel

A World of Warcraft Alliance Guild on Perenolde

News
TOGAHHHHH!
SC FAQ
Roster
Events
Scrawling Board
Raid and PvP Groups Board
Articles
Downloads
Photo Gallery
Merchandise
Member Statistics
Membership Application
SpamFree (?) Membership App
topleft   topright
 
Vint-Perenolde
Retired
spacer
*KeyLogger Warning*
General Chat scrawling board
Wednesday December 20th, 2006
10:22:29PM
It would appear that one of the 'trusted' WoW sites, currently has a keylogger embedded in an iframe on the main page..

details here

For the time being, please stay away from worldofwar.net!

And if you have been there recently.. run all your anti-bad stuff software NOW! and then go change all your passwords, particularly your WoW password
Edited by an officer (Karin) on Jan 6 2007 at 11:37:53am. Unstickied.
Edited by an officer (Darias) on Feb 29 2008 at 10:40:28am.
Gnoname-Perenolde
Retired
spacer
Re: *KeyLogger Warning*Wednesday December 20th, 2006
10:54:19PM
It appears that curse-gaming is also infected, and not trustworthy ATM.

More info
Defektor-Perenolde
Retired
spacer
Re: *KeyLogger Warning*Thursday December 21st, 2006
8:23:44AM
You *should* be safe if you use FireFox.
Vint-Perenolde
Retired
spacer
Re: *KeyLogger Warning*Thursday December 21st, 2006
9:23:00AM
you should be...I'd also suggest installing No Script like Darias suggests for a extra level of comfort
Nycthora-Perenolde
Family
spacer
Re: *KeyLogger Warning*Friday December 22nd, 2006
7:30:26AM
OK, well my stuff that get rids of the bad stuff is about a year out of date and requires a subscription to renew. Can somebody tell me a good free virus software and spware softare?
Mareyn-Perenolde
Retired
spacer
Re: *KeyLogger Warning*Friday December 22nd, 2006
8:05:41AM
I think a number of people on another thread were recommending AVG Anti-Virus Free Edition.

For spyware, I know one solution is Windows Defender, which comes with Windows Vista but is also apparently available for XP (I'm not sure if it's actually available for download yet, though). One solution that's been around for a long time and which I've heard generally good things about is AdAware SE Personal.
Lucilde-Perenolde
Retired
spacer
Re: *KeyLogger Warning*Friday December 22nd, 2006
8:08:19AM
The anti virus software that I use is Anti Vir
http://www.avira.com/en/download/index.html

I also use Ad-Aware for anti spyware protection.
http://www.adaware-antispyware.com/FreeAdAware/

Both of these are free programs. I have used both of these for years
and have never had a problem and have never had a virus on my computer.
Remorseless-Perenolde
Associate Mentor, Yeoman of the Revels, SCLockpick, Muckedy Muck Mascot
Lupara
spacer
Re: *KeyLogger Warning*Friday December 22nd, 2006
12:18:26PM
Sweet! Ditto to what Nyc said... as soon as I get home i'll make sure and get those Anti-bad stuff programs Thanks guys!!
Karin-Perenolde
Retired
spacer
Re: *KeyLogger Warning*Saturday January 6th, 2007
11:49:12AM
I'm bumping and making this thread sticky so that more people can see this. It seems a lot of keyloggers were downloaded and are still active on some of our members computers.

Even if you haven't been hacked yet, I suggest you do a search on your computer for a file named "ntldr.exe". If you see this file (not "ntldr.dll" though, that file is okay), delete it immediately, reboot, and go directly to Blizzard's Account Management page to change your password.

A keylogger records all the keystrokes you make on your keyboard and then sends them over the internet to someone without you knowing. That person then looks at all the letters you typed, finds out what was probably a password, and then logs into your account. Once they get into WoW, I'm guessing they vendor all your stuff and transfer all your online assets to gold farming collection companies (likely a certain character name on that server), after which they report their contributions and then receive real-world money for it. The gold farming companies then sell this gold to the public. This is another reason why buying gold online is bad! It hurts the virtual economy, makes players less skilled with raising and sustaining their own resources, and provides incentives for people to steal gold from your guild members.

Anywho, please look for this file on your computer, just to make sure that it doesn't happen to you too. Even though the offending website you might have visited removed the keylogger, it could still be active on your computer. If that doesn't scare you, consider that the keylogger records everything, including your online banking passwords, email accounts, etc. :)

As a side note, does anyone know if anti-spyware applications actually detect this specific keylogger?
Vint-Perenolde
Retired
spacer
Re: *KeyLogger Warning*Saturday January 6th, 2007
1:32:34PM
Symantec says their AV definitions cover at least one WoW specific keylogger

Also, Curse is stating that they are now clean, and they've tightened thier website security up to prevent anyone from using the same method to get a keylogger onto their site (it was apparently being served through their ad server, in combination with a addon title being html and triggering an iframe to load it)

edit again..careful what you delete.. there are system files called NTLDR, that you need if you want windows to load (hmmmm.... maybe deleting wouldn't be so bad ;) ).

you can use filemon (from microsoft) to see what various things are doing on your pc (regmon on XP Service Pack 2 and Vista)..at least.. thats what it looks like those two do...one of our windows using guildies may need to correct me on this one.


edit2 - worldofwar.net is also claiming to be clean again
Pamplemousse-Perenolde
Mistress of Auctioneering, Scbags
Retired
spacer
Re: *KeyLogger Warning*Saturday January 6th, 2007
9:19:43PM
We use Windows Defender at work and on all (7?!??!?) of my home computers - it is free and works very well.
Mareyn-Perenolde
Retired
spacer
Re: *KeyLogger Warning*Monday January 8th, 2007
5:29:01AM
Vint, filemon and regmon and the like have actually been replaced by Process Monitor, though it requires Windows 2000/XP/Vista (if you have Win98 or something else, go with filemon/regmon/etc).

For the ubergeeks out there, I'd also recommend Process Explorer, which can be used to replace your standard Task Manager.
Mareyn-Perenolde
Retired
spacer
Re: *KeyLogger Warning*Monday January 8th, 2007
6:02:47AM
Has anyone ruled out the possibility that these hacks might be taking place in the network, rather than on client systems? I don't know anything about WoW's networking protocol, but it's possible that it's vulnerable to a replay attack or something similar that the "black-hats" know about but Blizzard doesn't. After all, since WoW is just a game, I doubt that many white hats feel a need to find security vulnerabilities themselves and notify Blizzard, but I could be wrong.
Vint-Perenolde
Retired
spacer
Re: *KeyLogger Warning*Monday January 8th, 2007
7:27:29AM
Blizzard hasn't acknowledged the possibility of it being a network attack (not that I would expect them to). I haven't peeked at the network traffic, so I don't know if the user/password information is sent encrypted or not... I would hope that at least that portion of the process is encrypted...but I don't know...anyone ever checked?

and thanks for the clarification on Regmon, etc..
Vint-Perenolde
Retired
spacer
Re: *KeyLogger Warning*Tuesday January 9th, 2007
1:41:03PM
Oh yeah, one more thing... It may not necessarily be your personal computer thats infected. Because Blizzard uses the same login information for both the game and the forums.. if you've logged into Blizzard's forums (or, the account management page, or, really any page of theirs that you sign into) from a compromised machine, your information will be compromised, even if your personal machine is clean.
Rakamichu-Perenolde
Retired
spacer
Re: *KeyLogger Warning*Friday January 12th, 2007
5:21:19PM
If you guys are computer literate you can download a firewall for abou $30 called Atguard. Its one of the best paid firewalls I have ever seen. Its pings you every time a new IP tries to connect through your connection. That way you can be sure what programs are trying to access what.
Kimen-Perenolde
Guild Transmuter
Lupara
spacer
Re: *KeyLogger Warning*Sunday January 14th, 2007
10:12:47AM
Personallly, I strongly recommand against relying only on software firewalls. They are easily defeated by trojans and worms. In fact the first thing trojans, worms, viruses, etc. so is disable your software firewall. The most effective firewall is a simple router. Linksys, Netgear, etc. are very inexpensive and cannot be defeated by something that infiltrates your computer. (note: do NOT turn on universal plug-n-play (uPnP) on ANY router.)
Foxtrot-Perenolde
Retired
spacer
Re: *KeyLogger Warning*Tuesday February 13th, 2007
12:49:32PM
Nitsa,
This has been suggested in the past, however most keyloggers watch the clipboard as well.
Karin-Perenolde
Retired
spacer
Re: *KeyLogger Warning*Tuesday February 13th, 2007
1:01:30PM
The WoW keyloggers in particular might be able to lift some text from the username and password boxes too, so depending on how exactly they work it may or may not help. It won't hurt though of course. :)
Remorseless-Perenolde
Associate Mentor, Yeoman of the Revels, SCLockpick, Muckedy Muck Mascot
Lupara
spacer
Re: *KeyLogger Warning*Sunday February 18th, 2007
1:59:08AM
ya.. I just put mine on Remember me. or Remember the screen name.

so if by some horrible ocurance it does get hacked =( they will have to take more time to find my log in name.
 
bottomleft   bottomright