Skip to Content
2-23-2008 @ 12:49PM
That EU though, so a lot of people probably ignored it. :PHonestly, I'm not so sure it's people buying gold that this is happening to. I'm thinking that it is an exploit in addons, actually. I believe I read that lots of people using CentralUI are having this problem, and people who only use Curse for addons. I have heard it from WoWAce people, however, which is why I haven't updated in forever. I am thinking that there is a Lua exploit that allows these hackers access to your registry, or possibly just to another program that has access to it. My guess is that it was uploaded on to Curse as an addon, and put inside a working addon itself. Also, I believe it was put onto Addon programs this way as well. That's just my theory, however.
2-23-2008 @ 1:09PM
I think you should downgrade that to a hypothesis. I don't think non-executable files will be able to do any of those things, however the self extractable exe files one downloads, they might be a big problem.
2-23-2008 @ 1:22PM
2-23-2008 @ 7:19PM
Lua might be a scripting language, but until it gets turned into a machine-readable format (a process called "interpretation"), it can't do anything at all. WoW converts it into a machine-readable format on the fly as you start up the game or whenever you reload your UI. Up until then, the Lua code is no more dangerous than any other text file on your computer.The whole way that Lua is used in WoW effectively sandboxes it so that none of the Lua code itself can actually impact or interact with the rest of your computer. Now, as was mentioned, executable files that come with the addons could be problematic, or maybe even other sorts of files that get packaged with the addons that you download, but the addons themselves, that is, the .lua and .xml files, are entirely harmless by their very nature.
2-24-2008 @ 4:00PM
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.