Anyone heard anything substantial about stolen accounts? Apparently, in the last 48 hours, it's gotten so bad that blizzard has left it's account management phone number open for extra hours, to handle all the people calling in to complain about their accounts being stolen. I just checked my account info, and it still seems to work, so goody for me....definately changing the PW to be safe, though......but I'd love to know what happened to get so many accounts stolen. I've heard it has something to do with Allakhazam, but those may just be rumors and speculation. Anyone with solid info on this?

Yah, I just changed my account info and deleted WoWRankings, although I'm not sure if it was that. It looks like there was an ad on Allakazaam that exploited a security flaw in some older versions of Internet Explorer, thankfully I use Firefox ;)

I recall hearing about a virus that was doing this a couple months ago as well. I believe there was one of those microsoft service updates that took care of it. A friend of mine had this happen to him. He purchased the game about two months ago but then was not able to actually play until a couple days ago. He logged in, played for a bit, logged out, a short time later his password was changed.

As far as something substantial, one of the people who raids regularly with Nightraid was one of those that had his account stolen. He just got it back last night, they left his main character but had deleted every other character, cleared out all of his character's money as well as sold everything in the bank. For whatever reason they actually didn't sell his soulbound stuff so he at least has his main and his gear atm. I'm curious to see if Blizzard is actually willing to comb through their old files and restore everything to all the people this is happening to. I kind of doubt it, especially when the people it happened to seem pleased just to have their accounts back under their control.

hmm better change passes -_-

That's awesome they left him his soulbound gear.

I changed my pass O_o

Not sure you guys are understanding it. Changing passwords won't really help. The way I understand it, you log onto the game, enter your password, they get the password, they get your password. My friend's password was changed the same day he used it. So... you use your new passwords and they will get it.

Maybe we need to do some more research on this and see what can be done. I'd suggest running windows updates and stuffs to make sure you're up to date on those.

One idea would be to change your password every time you log in, but yea, what Kare said.

The malicious addon will still be there after you change your password.

So, the best idea would be to update your computer then run a spyware/virus scan, and then change your password?

Now I feel absolutely no remorse for blocking any and all ads from allakhazam

From what I understand, an ad did take advantage of people who hadn't updated IE and/or Windows security. What it installed on the system was a key logger, so changing your password would pretty much just make them laugh.

Allakhazam has been curiously silent on this, though.

More news on this:
http://forums.worldofwarcraft.com/thread.aspx?fn=wow-general&t=5202690&p=1&tmp=1#post5202690

From this post I gather things must be pretty bad and blizz may try to restore some compromised accounts... hmm more to come I'm sure.

DAMNIT... i cannot read these links at work .... i hate work

/comfort


As a reminder, per our policy posted here:
http://www.blizzard.com/support/wowgm/?id=agm01889p
we are removing gold and items knowingly or unknowingly received from a compromised account. This includes characters who have been used to "launder" comprimised gold, and characters who have purchased the gold from a gold seller.

Please keep in mind that the purchase of gold for real life funds is against our TOS, and we will not be reimbursing either gold or cash for the items andgold lost due to this action.


My favorite reply:

So what did we learn here, kids? That if you buy gold, spend it as fast as you can so that the GMs can't take it back.

WHAT?!? OKAY!

Here is more specific info -

If you are using Internet Explorer and haven't installed recent security patches, please verify that the processes syssmss.exe and f_ucksnow.exe (no underscore) aren't running on your machine (press CTRL-ALT-DELETE, select Task Manager and read through the process list). If they are: terminate the processes, change your WoW passwords (preferably from another machine) and do not log into WoW until you have removed the trojans from your machine.

More details:
Allakhazam have had a rogue ad running recently on their page, which include a jpeg-image that exploits a IE weakness. It installs a keylogger that sends your login and password to a foreign server. Many people in the US are currently locked out of their accounts, while other people are using them. Those who have got them back are reporting empty bank accounts.

If you are to cheap/poor :) to purchase some av, ad blocking and spyware programs I recommend these as they are free -

Ad Aware SE - http://www.lavasoftusa.com/support/download/ (Pretty good ad blocking program although I use Ad Subtract Pro - http://www.intermute.com/products/adsubtract.html

AntiVr - http://www.free-av.com/ (Very good AV program and uses very little resources)

MS AntiSpyware - http://www.microsoft.com/athome/security/spyware/software/default.mspx (Very easy to use and just currently a gui refresh of the original Giant product - they also just corrected the Claris rating)


This is the exact patch you need to fix the flaw that the keylogger used -

http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx Note the patch came out in September 2004 so I do not feel sorry for those that do not have it patched by now. :twisted:

And if you have a Mac you are not affected. Mac FTW!! lol

- W

good deal thanks wara... ill be checking this as soon as i get home

Very very lame that this is happening to people. Any news of this happening to people playing on MACs? Shouldn't work as far as I know since we don't use .exe files?

And if you have a Mac you are not affected. Mac FTW!! lol

I will repeat what I read and completely believe on another forum speaking of viruses.

Mac's are not better machines that have super great code that deters hackers from making viruses for them. Viruses are made for the purpose of infecting the greatest number of machines and causing as much troulbe as they possibly can. Mac's aren't machines that many people use, therefore, there will be fewer viruses that would affect Macs.

Why would someone wanting to cause alot of harm write a virus that will affect less than 10% (guessing) of machines on the internet.

Well Paloma it's 2 simple things really that will keep virus from ever being as much of an issue on Macs (referring to OX 10.x and higher) than on Win.whatever -

1. The web browser is not integrated into the OS nor does it have 2 million different OS hooks into it. As it should be it is a standalone product on the Mac and as such if it were comprimised the exposure would not be as great.

2. Mac is designed from the ground up not to run in "Admin-full control-god mode" by default.....This is a very big deal and important to understand. In order to do most things on the Mac you run in a limited user mode. If I need to do an admin type of task - then I am prompted to give my permision to do so. Windows from the ground up is designed the exact opposite - "Admin-full control-god mode" by default. If a trojan, virus, etc wants to compromise my machine it will have the authority to not only to do it but to do it without you knowing as it uses the security context you are logged in as. MS promises to change this in Vista but in order to do so ALL programs will have to be rewritten to run in limited user mode. Even if MS pulls it off they will have a legacy mode type option for the 20million legacy (XP and earlier) programs people will expect to be able to run on Vista.

So if fact yes Macs are better (for virus, trojan prevention) in that for a machine to be infected more things have to occur. Even if someone writes a virus, trojan, etc and ten it manages to be introduced to the system (by email or physical compromise as the browser would not be as easy to comprimise) - the user will still have to be prompted to enter their admin password for the vrius to even be installed. It is not simply that they are a smaller install base - it is that to accomplish the same thing that takes little to no coding skill on Windows is much more difficult on a Mac.

I'm paid to break into systems for a living. Windows is great as it is easy money $$$ - Mac is much harder in that you for the most part need either physical access or be lucky to figure out the users admin pw.

There is a reason most of my contacts in the FBI use a Mac rather than Windows. :)

- W

So yeah, why are we talking about Viruses ? This is not a virus.

The definition of a Virus is any program or script that replicates itself. This does nothing of the sort. This is Malicious Code, also known as Spyware, that installs on your machine and does the job it was made to do. Nothing more.

For adware, norton picks it up as spyware itself, I dont know if its true, or I am miss reading it, or even if Norton is just reading it as one.

Yeah, glad i read this post to clear some things up, I have heard of 4 people on our server (one in my guild infact) getting their accounts stolen, I see luckilly as sagerix said for the one person that they did not sell their SB items (the ones you truly work your arse off for) but I know the person in my guild who had their account stolen...lost everything everything in the bags were gone, everything in the bank was gone, they logged in naked, no items or anything...luckilly blizzard has given them a few items back(more to come would be nice for them :D) but..wow glad for this post, really clears up everything thats been going on, I was really scared seeing 4 people I know of (could easily be more and I'm sure there is on our server) losing their accounts and then there was the log in message and I was I really was beging to get worried, was a scary time O.o