Keyloggers 2, Blizzard employees 0
by Elizabeth Wachowski 
Jun 12th 2007 at 10:00PM
There was a weird development on the keylogger front tonight, as Blizzard community managers Drokthul and Nethaera apparently got their accounts hacked and started posting keyloggers on the forums. And of course, because Blue posters are assumed to be trustworthy, many people clicked the links.
I personally thought the whole thing was a photoshop hoax until I read Tyren's comment, "Folks, we're definitely dealing with the issue at hand with the greatest amount of speed and care. We always appreciate our community's support when it comes to alerting us about key loggers on the forums and we hope you'll continue to do so. This is a good chance to remind our players to always check a URL before clicking on it." It sounds like Blizzard is taking this seriously. Eyonix later noted that he kind of enjoyed banning his coworkers.
Hopefully, this will help Blizzard finally do something about the keyloggers and hackers infesting this game. While I realize that it's our own responsibility to keep from getting hacked, if two Blizzard employees can get logged, it can happen to just about anyone. I clicked a keylogger link once myself, back before they became so common on the forums, but my antivirus program caught it before it could do any harm.
As Eliah posted, Blizzard is considering disabling links on the forums. While this may cause many to miss the many new "hot sex girls" and "Ashbringr secrits" that are posted on the forum daily, it may be a risk we'll have to take.
Reader Comments (Page 1 of 2)
Kurimu Jun 12th 2007 10:16PM
That's too rich...
Blizzard, Blizzard, Blizzard...
If they do end up blocking links entirely, I'll be sad. I don't see an all-around block helping tons (although people might actually think about where they're surfing to if they need to copy-paste), but rather it's time to instate some kind of pre-viewer of websites to scan a page for viruses, trojans, and other background badness before the user's browser loads the webpage.
It's a touchy subject, this keylogging problem. Going too far with protection will anger the forum user base, but being too lax will get people hacked and put a heavier load on the GMs. What to do?
Sockninja Jun 12th 2007 10:35PM
lawl, another reason i never click on anything if i dont know what it is...
Joshua Ochs Jun 12th 2007 11:46PM
Or, just use a platform that's not susceptible to this...
Or avoid the WoW forums. =D
Savok Jun 12th 2007 11:32PM
Well thank christ is all I can say. Now it's finally bitten Blizzard on the ass maybe they'll start doing something about it instead of just pretending.
Os Jun 13th 2007 12:16AM
Ya know, part of me thinks it is just Blizz testing the keyloggers to see how they work.
I mean, c'mon, they can't be THAT ignorant :P
BlizzardIsSoLame Jun 13th 2007 12:18AM
ROFLMAO -- Blizzard Community people gets hacked? That's too freaking funny!! Blue (im)Posters!?!??! And of course, what does Blizzard do, they take the sledge hammer approach!
That's so like them -- instead of checking if they're out of gas when their cars stop running, they just haul them to the junkyard and turn them into metal cubes and declare them worthless! Much like themselves...
Kyrra Jun 13th 2007 12:39AM
All Blizzard CMs should post using Macs rather than PCs. Though Macs could just as easily be hacked, no one targets them. :)
BradFoSho Jun 13th 2007 1:11AM
What people CAN do is goto google, search the website and then click Cached under the description. It will bring up a screenshot of said page!
IKT Jun 13th 2007 1:25AM
wow
Druid dude Jun 13th 2007 12:18PM
One huge security hole that could be very easily fixed is that we use the same login credentials for the WoW forums as we do to log in to the game. I would bet that many accounts are compromised by keyloggers when people log on to the forums, not the game. Its easy enough to click the "Remember User Name" button on the game login screen. Then, your user name can't be compromised, unless you log in to the WoW forums. I am not suggesting using that as the only line of defense, that would be unwise of course. However, if we had a different user/pass for the forums, one hole would be plugged.
Halin Jun 13th 2007 2:00AM
I clicked on the one that Neth posted just randomly because it was the only blue post I saw up at the time I was on the forums. It was a link to a youtube video where they parellel the in game dances to the real life dances.
If I get a keylogger from that it will be so not cool.
john Jun 13th 2007 2:22AM
there is one simple solution for this.
JUST MAKE EVERY ACCOUNT DO AN IP CHECK .
i mean most peeps play from the same adress all the time.
if not they just login on the site request another ip added from where they want to play.
blizz send them a message to the regged email adress to confirm.
if they now want to hack your account they have to hack your whole pc.
Patrick Schriner Jun 13th 2007 3:33AM
Email to the registered adress on password change - that´s by far the best and most common approach to such problems.
Without the password change an account hack is almost worthless.
Senior Coconut Jun 13th 2007 5:45AM
Use a Mac. Seriously, now that they can boot XP, theres no reason not to just get one to avoid a chance of getting something like a keylogger. when you're done playing WoW, switch back to XP.
Bresh Jun 13th 2007 5:44AM
I could care less if they totally did away with links in the forums. Honestly, what would you lose? 2-click access to a rickroll or keylogger (1 click to hit the link, 1 click to hit "proceed" on their interceptor).
As for angering the forums userbase... Is that really an issue? Nothing will ever please that group of bottom-feeders. And honestly, it would affect a *very* small portion of the WoW population. Forum users fail to realize they are the extremely vocal minority in almost any community. So if it pisses off the forum users, it's only because they're not seeing the instant benefit: slowing down the spread of keyloggers. Which, granted, isn't nearly as big of a problem as it's made out to be.
... Although hearing that two of the CM's got hit with em tends to make me lose even more faith in humanity, as it pertains to WoW. Next we'll hear about GM's, possibly even Dev's getting hit with em. At which point... well... use your imagination.
Savok Jun 13th 2007 6:00AM
@11
Some of us have dynamic IPs, especially in countries that aren't America.
Now a country of origin check, that might be more helpful. Granted it'll annoy the travelers, but Blizzard seems to ban them anyway, avoiding that with email checks would be a nicer alternative.
john Jun 13th 2007 6:22AM
yeh but if you get a mail where you are asked if you change your pasword. and you didnt i think the hacker already have you login en already cleaned out your account?
maybe an option so you can choose for an ip check if you want or an mac code or whatever its savest way and easiest .
or maybe an electronic fingerprint file on your pc so that when you login and you dont have the fingerprint file you cant login. (in case you lose the file you can ask for new one and it wil be send to your email adress.) so hackers just dont get to log on your account just an idea .
btw a tip would be remembering your login name on login screen (option in lowerleft corner) and only type pasword so when they even log your keys they only have the pass but they dont know wich acount it belongs to so they cant login either.
KeyloggersAre4Idiots Jun 13th 2007 7:35AM
Only idiots get keyloggers or other hacker programs installed on their systems. Ergo, Blizzard employees are, well, you get the point...
Once again, it's all the freaking democrats in the crowd making rules to save people from ther hapless selves -- let the people be, it's survival of the fittest (or the smartest, in this case). If you're stupid, you deserved it!
Tool Jun 13th 2007 8:23AM
Oh how I love thy noscript.
homant Jun 13th 2007 10:00AM
Hah! I love those sex girl links, I click on them on my iMac and get to keep my account :)
-Gritz