WoW Safety Tips.

[Holyssa]

The old thread full of keylogger warnings went *poof* somehow. *shrugs*

Seems like the amount of people getting hacked, keylogged, or attacked by internet germs has gone up substantially. I figure I'd put up a friendly reminder post for our fellow clan so that we can cover our respective bums as we ascend the progression ladder

This WoW forums link by AD's own Yosyp is extremely informative. A lot of this stuff is common sense, but it's full of steps we often overlook during the chaos of everyday life. I figure I'd post it to prevent thread necromancy, and for our own well-being (my own comments in parenthesis):

"Keylogger Common Topics"

So you think you have a virus.

We'll follow this steps listed below.

Official Post from Blizzard on Compromised Accounts

http://forums.worldofwarcraft.com/thread.html?topicId=3773308319&sid=1

Official Blizzard Support Entry on anti-keylogger software & AV products:

http://us.blizzard.com/support/article.xml?articleId=20569

-------------------------

This is my 2 cents.

1. Change your password now from another computer. Account Management Page Link.

https://www.worldofwarcraft.com/login/login?service=https%3A%2F%2Fwww.worldofwarcraft.com%2Faccount%2Fchange-password.html

((It's often best to change this from a work computer behind a strict firewall. A school library PC is okay too, but keep in mind of all the other junk lurking about too, like MySpace cookies & advertising crap)).

2. Scan hard drive with your Anti-virus software.

3. AVG Free Anti-virus http://free.grisoft.com/doc/2/ ((If you can't get professional software like McCafee or Norton, this is an amazing alternative))

4. Trend Micro HouseCall http://housecall.trendmicro.com/ (free service scan)

5. Link Scanner http://linkscanner.explabs.com/linkscanner/default.asp (this will save you the v-scan sometimes.)

6. http://www.sarc.com Symantec Antivirus Research Center. Education. Education. Education. http://www.symantec.com/norton/security_response/threatexplorer/index.jsp

7. Keyscramblers http://www.qfxsoftware.com (free and very powerful)

8. Most virus attack your system through security whole in the Operating System, so update on a regular basis.

Microsoft Windows Update

http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us

Apple Update

http://www.apple.com/downloads/

-------------------------

Just because you use Firefox, or Opera does not make you safe from virus infections through webbased virus attack embedded in links.

These software packages do or may have less chance of being infected through these methods, however you still running on the Windows Platform. Enough said there.

http://www.mozilla.org/ ((Holy recommends getting Extensions like Adblock Plus, NoScript, and ImgLikeOpera for stuff that seems non-worksafe)).

Make sure you are are running the most current version of these applications."

Q: Holy, I don't browse any suspicious sites, yet somehow my information got mishandled. How is this possible?

A: Nowadays, hackers do anything to get a hold of player information. Even if you don't think you have any malicious data, you could still become the unlucky victim of alternative hacking methods, such as brute-force password crackers, or clicking a fake email that looks like something Blizzard would send (common sense: they don't ask for info like this).

Q: I just bought gold. I R TEH L33T! But uh...mah keyz got logged...

A: There's your answer why, idiot. Even if you happen to be quick enough to grab the goods before Blizzard catches you, you still volunteered YOUR identity to the CGF companies, and it gives them one more tool to work with, even if it's just a character name. Remember: a WoW account isn't just for gnome-teabagging. It's also a highly-prized piece of information with questionable value.

Q: What do most keylogger links look like?

A: Outside the WoW forums, they are near impossible to see. If you do spot one posted by a player (some are even L70), most likely some clown is trying to ninja an easy few purples & have some fun at someone else's expense.

Again, thanks to Mr. Yosyp, here's some examples:

"Topic of Concern that have proven to be virus ladden.

My first Sex teacher Hot Sex Big Tits ass Sex 05/28/2008 ((Could this be more damned obvious?))

virus embedded movie file. Still testing the virus variant.

How To Get Your Characters Naked 04/18/2008 ((This is easy. Just spend a night in Goldshire!))

virus embedded zip file containing Bloodhound 131 virus.

Most fun with Kazzak since Reck Bomb! (video) ((Kazzak gags are always great, but this is a very deceptive yet recent trick.))

Spoofs legitment website address by adding and extra S in the name..

Real site address is www.warcraftmovies.com notice the missing extra "S" between the T and the M.

Virus embedded zip file you have to download and open.

Can infect any Windows based OS.

the most beautiful woman in the world ((It's been done to death. Link appearances vary in number & style)).

Uses virus embedded image links that launch a animated cursor exploit in Windows Internet Explorer 5, 6 , 7 running on the Windows 98 - Vista Platform

security whole fix with installation of Windows Service Pack 2 for XP and Service Pack 1 for Vista

Huge Alliance Raid on Halaa(w/pics) ((Another clever trap. If you DO happen to bombard Halaa with buddies prior to seeing this, beware!))

Uses virus embedded Image links that launch a I-Frame Exploit in Windows Internet Explorer 5, 6, 7 running on the Windows 98 - Vista Platforms.

security whole fix with installation of Windows Service Pack 2 for XP and Service Pack 1 for Vista

Hello, I am the ret 04/17/2008 ((Another topic that started out as a joke, but became a trap soon after.))

Uses virus embedded image links that launch a animated cursor exploit in Windows Internet Explorer 5, 6 , 7 running on the Windows 98 - Vista Platform

security whole fix with installation of Windows Service Pack 2 for XP and Service Pack 1 for Vista

Hey Kalgan, we're fine!

Yet another paladin joke topic, which started out with pallies making a massive QQ thread in their class forum about Arena stats and Blizzard's top maggot, Kalgan.

The link resembles the WorldofRaids.com URL, with a few letters switched around as well as an image folder: h**p://___.worldofrdas.com/. Don't touch it!

Tier 6 Personal DPS Records. Note: This is a work in progress

Resembles funny YouTube China links with names of BT/Hyjal monsters. Big list too, which makes it look very legit.

These are just some of the most common keylogger out at this time.

1. Trojan Variant Bloodhound 19 (I-Frame exploit)

2. Trojan Variant Bloodhound 20 (I-Frame exploit)

3. Trojan Variant Bloodhound 131 (animated cursor exploit)

I hope this in some small ways helps those folks that have click on one of these links by mistake.

It has also come to my attention that the websites of a few gold sellers / power leveling services are using these same type of attack to get you when you visit there sites.

So, if they don't just swipe your credit card information, they might also just leave you naked in Goldshire to be molested by murlocs."

More examples include followups to people QQing, strange accomplishments (like soloing a boss), and bug posts, like:

"New and exciting!"

"Patch x.xx new info here:"

"I agree! [insert link]"

As well as variants of popular website links, like www.warcraftsmovies.com.

So yea...that should be pretty much it. Just use common sense, and cover your assets. Oh, and if a mod could pin this topic, that'd be sweet.

EDIT: Added more link examples for the not-so-wary.

Edited June 13, 2008 by Holyssa

[Kailand]

According to blizzard, Adobe flash has a huge vulnerability, and is likely the vector used to compromise many accounts. The new version of flash is patched to fix this issue, so make sure you download it.

[Houli]

I got your safety tips right here!

just put on your harness and headgear!

[Kalea]

I got your safety tips right here!

just put on your harness and headgear!

That's you and your girlfriend and that's the cage she keeps you in? *boggles* Oh, son, you need a rescue!