Patch 5.3 interview with Ghostcrawler
Mystery of the Unborn Val'kyr
The latest patch 5.3 news
All of the latest Mists of Pandaria newsAnother blow in the keylogging experience
by Amanda Dean 
Mar 15th 2008 at 9:00AM
The worst part of the keylogging episode was that my Shaman was transferred from a PvP to PvE server. After about a week in limbo my beloved Tauren was returned to her proper place. I was extremely relieved. Unfortunately that's the only thing on my account that Blizzard was kind enough to restore. They refused to return any of my gear or gold and did nothing about the items ninjaed from the guild bank. I appealed their decision with several emails. Those appeals were ubiquitously denied despite logical arguments and heart-filled plights. I thought it was all over, for better or for worse.
I got more bad news in my email box the other day:
This email is to inform you that there has been a payment dispute filed against <ACCOUNT NAME> for a recent paid character transfer. As a result, the character for which the payment was disputed has been temporarily disabled.
As a result of this dispute, funds paid for the transfer were withdrawn from Blizzard Entertainment in direct violation of the account's terms. This is known as a "chargeback."
The total withdrawn by this chargeback was: $25.00.
A full timeline for this chargeback is as follows:
2/14/2008 - The credit card was charged: $25.00 as a result of this character transfer.
3/11/2008 - The credit card company considered the dispute a success, thus creating a negative balance for the above mentioned account.
[Instruction text]
The account is now considered by Blizzard to have a negative balance, and the character will be unavailable for play until any and ALL outstanding balances have been repaid to Blizzard. These funds can only be repaid via a money order for the full and EXACT amount of the disputed funds: $25.00.
[Further instruction text]
Once the money order is received and processed, Blizzard will unlock the character for play again, provided these instructions have been followed.
I panicked. I felt that Blizzard was holding my Shaman for ransom. Through my semi-hysterical eyes, the email read something like. "We have your Shaman. So far she has not been harmed. Unless you send us the sum of $25 in an unmarked envelope, you will never see your Shaman alive again." I was torn about paying it. Yes, I want my Shammy to be safe and sound. On the other hand, I was afraid that by paying for the transaction I was legitimizing it. I felt that equated in a way taking to responsibility for the credit card fraud that was committed while I was not in control of my account.
With a little help from my friends and encouragement from the WoW Insider team, I bravely emailed account administration and called the billing line. After waiting on hold for just short of ten minutes, a voice came on the line. I began an impassioned plea, with little tears welling in the corner of my eye, for mercy on my poor Shaman. After all, she'd been though enough already. To my astonishment, clemency was granted. The follow-up email stated:
After a thorough review of World of Warcraft account <ACCOUNT NAME>, we have determined that the registered user does not appear to have been in control of the account at the time of the charge that was contested by the financial institution; as a result we will waive the chargeback(s) that you were previously notified of. The fees in the amount of $25.00 have been addressed, and you will not be required to provide a money order for those funds.
**Please note that this waiver is a one time exception. Further chargebacks may result in account action up to and including account closure.**
In the past, my experiences with Blizzard's account services have been primarily negative. The first time I called regarding the keylogger, I was so angry I threw my phone across the room (and I'm not a violent person). It went downhill from there. The customer service forums are filled with upset players looking for news and relief on their compromised account.
This time, the Staff was responsive. I'd like to publicly thank Jacob H. from the phone support team for not torturing me when I called for help. Finally, I had a positive experience from Blizzard's technical support. Now how about a more secure authentication procedure?
Filed under: Odds and ends, Blizzard, Forums
Reader Comments (Page 2 of 3)
radivax Mar 15th 2008 10:42AM
I got keylogged like 5 months i think?
Got my account slowly back, because my cdkey box were gone so i had to look around my whole house desperate to play on my priest :<
otherwise it went good.
Just lost some gear on alts (10~30)
And just some Honor marks, rare non combat pets :( that i didnt even remember when the gm asked what i needed.
Matdredalia Mar 15th 2008 11:12AM
I think making the login procedures more complicated would probably irritate people more than not. There is, in my opinion, a really easy way to avoid keylogging on your account, and it's what I've been doing out of fear of getting keylogged.
Type your name and username into a text file. Save to desktop. Copy/paste your information every time you log in (or if you have your account name saved for each time you log in, just copy your password).
Yes, it's annoying, but IMO, it's better than having your characters taken for ransom.
Really sorry about this Amanda. I think it's a load of crap that they won't give your items back. TOTAL BS.
Matdredalia Mar 15th 2008 11:13AM
That should be type your username and password >.< Not name and username ROFL.
Malreth Mar 15th 2008 11:36AM
Keyloggers can scan your clipboard contents as well. If you've thought of it, the people who script the keyloggers have thought of it as well.
Matt Mar 15th 2008 11:40AM
Unfortunately, a keylogger has full access to the contents of your cut and paste clipboard, so that won't help.
Druid dude Mar 15th 2008 12:28PM
This is the way to go. Copy/Paste.
Theserene Mar 15th 2008 6:22PM
Copying/pasting can easily be captured by a keylogging program.
Getting the contents of the clipboard is laughably easy
theRaptor Mar 15th 2008 6:32PM
ARRRRH, would people with no clue about how keyloggers work please stop giving BS advice? Nearly all modern keyloggers will scan your clipboard for tasty information because stupid people copy/paste their CC info into forms. The intelligent ones will even scan your files for such information. If you have a keylogger on your system you have lost, it is simple as that.
AlmtyBob Mar 16th 2008 9:30AM
theRaptor is correct. You've been throwing away your time. In addition, WoW keyloggers don't even necessarily read your key strokes. They read the memory block in your RAM where the password is stored when you type it in the textbox. You could use a USB mind reading machine to input your password and you will still get hacked.
If you don't want to get hacked do the following:
-Use some common sense.
-Firefox + NoScript. Don't run around globally allowing script or allowing sites you don't know.
-Stop visiting gold selling/power leveling websites.
-There's not that many wow related sites you need. Stick to the popular ones that you trust, and even then don't enable script for sites you don't know. It's a matter of time before someone manages to script in a keylogger into a wowinsider/wowhead/etc ad. (Don't mention the XP Antivirus thing on wowhead either. That wasn't a keylogger)
-Never, ever, ever, ever, ever log into your account on a machine that is not your own. It follows that you shouldn't allow anyone else to log onto your account at a foreign machine (or yours) either. So you're not there for a raid and you best friend since pre-school wants to use your healer to help out your guild? Tell him to go roll one.
-Use some frickin' common sense.
Eternalpayn Mar 15th 2008 11:22AM
I'm sorry about all that you've gone through. Personally, you have made me paranoid as hell. I used to not have any anti virus software on this thing, Nortan actually messed my old computer up big time, I just run hijack this every now and then. Now, I am currently developing a quick program to search for this particular keylogger, by running a few simple search scripts on files I have heard in mention with this, and only specific locations. I also put up NoScript, (which makes commenting here annoying) closed ports on my router that aren't in use anymore, and am only using sites that I have heard are possibly infected (Wowhead and thottbot) on my Wii. (Which doesn't even work now, Nintendo killed the PC adapter with their update.)
Anyway, if you could email me with some of the specifics of the keylogger you got, I would appreciate it greatly. I'm not sure if you have access to users' emails. If you don't, just post saying so and I'll send you an email first. I figure if I can get all of the info I can on this, I can make a quick tool to search for it, and remove it. (Even if nobody would try it, assuming it's a keylogger in itself :P) I'm also thinking I might even build a tool that logs me into WoW automatically, where I type my username and password encrypted, and it decrypts what I typed and runs WoW with the parameters to have my username and password already typed in. (Assuming this would be legal and work, I'm still researching it :/) Sorry for the long, rambly post, and again, sorry for your keylogging, and Blizzard's horrible tech support service. (Maybe they should teach their phone support to behave like TTR GMs?)
AlmtyBob Mar 16th 2008 9:40AM
par·a·noi·a –noun - Extreme, irrational distrust of others.
Yes, you are paranoid. Your counter measures are both extreme and irrational. For the umpeenth billion time, keyloggers will still catch your password since they work on the WoW application itself by reading memory instead of recording key strokes.
The Wowhead thing wasn't a rumor, it's true. However that wasn't a keylogger, it was a virus. And in order to get it with NoScript installed you would have had to either shut it off (enable scripts globally, with the word DANGEROUS next to it) or enable xpantivirus.com (please don't visit that site). I didn't hear of thottbot having the same problem, but it'd be just as hard to get there. Informational sites like thottbot, wowhead, and the others will take whatever steps necessary to protect the readers. Not out of the kindness of their hearts, but because they make insane money off the ads and losing page because they support keyloggers would cost them a lot money.
How does NoScript make commenting here annoying? You simply Allow wowinsider.com once. Not particularly annoying compared to only reading certain websites on your Wii.
As for your simple search to destroy the keylogger threat, do you really, really think it'd be that easy? If someone could make a reliable anti-keylogger app and gave it away they'd be rich just website ad revenue alone.
big_a88 Mar 15th 2008 11:45AM
A question and a comment.
First, it's incredibly amazing and disheartening to see the inconsistency that Blizzard staff--including customer reps and GMs--have in regards to restoring items. Here, Amanda pleads and pleads with Blizz to restore lost items and they spout off BS saying that they have no record of what she had, yet a guildie of mine gets a GM to restore an item he vendored over a year ago simply because the guildie says he needs it for an upcoming boss fight!
Secondly, in regards to restoring lost items, would screenshots help if you sent them to Blizz in case of an account hack or would Blizz simply think you are playing around with the in-game dressing room or something like that?
Jarviswabi Mar 15th 2008 12:04PM
It's a really awful experience to be hacked. It happened to me a couple months ago, and I really thought I would just quit. Fortunately, I found out the very next day and Blizz was able to restore my gold and HALF my stuff within a couple week. Why they couldn't restore the rest of my items was beyond me, and there was no pattern to it (not all crafted stuff, etc). I think they're overwhelmed by the volume of this problem, and they try to do what they can as quickly as possible and then move on.
If they want WoW to remain the pre-eminent MMORPG for years to come (which it totally can do), they really need to make a serious effort to overhaul their authentication and backup systems. It should be much more secure (and yes, maybe a bit more cumbersome) to login and authenticate yourself for transfers so these keylogger asshats can't keep doing this. And theRaptor is right--any self-respecting technology company should have daily backups of ALL their critical data, which includes every single of your toons. When a hack occurs, it should be as simple as you regaining control of your account and asking Blizz "please restore my toon to what it was on X date"--run a restore and boom, instant back in time.
Lostmimic Mar 15th 2008 12:01PM
There is no way blizzard can keep your keys from getting logged, that can occur when the key presses goes through the OS on the way to any program. The only thing I can think is a Numpad appearing in a random location with the numbers in a random order for you to enter in a X digit key. Very annoying? yep. Alot more secure? Damn skippy.
AlmtyBob Mar 16th 2008 9:44AM
A) WoW keyloggers read WoW's allocated memory, not keystrokes.
B) So taking the billions of possible password combos down to 10,000 would be a lot more secure? I say that because I absolutely guarantee 90% of the WoW community would just put in their bank PIN numbers as passwords. If not PIN numbers, how many keypads have you been given access to in your lifetime with more than 4 digit passwords and passwords like '1111' or '9876'?
Eternalpayn Mar 15th 2008 12:23PM
Wait... They say they hold no records? Then WTF is the Armory?
Jack Spicer Mar 15th 2008 1:38PM
I wonder if this would work to get around keyloggers.
Type in your password with extra characters in the middle. Then put the cursor behind the extra letters and delete them. A key logger would detect that you deleted something, but not know what exactly.
So for example:
You type in "myx0x0password"
Then move the cursor behind the second "x". And delete the "xoxo"bit
And so when you hit enter it reads "mypassword"
But the keylogger would probably read it as "myx0x0pass".
Joshua Ochs Mar 15th 2008 3:49PM
Or be halfway intelligent and don't get a keylogger in the first place...
AlmtyBob Mar 16th 2008 9:45AM
In a word, no.
Firewall Mar 15th 2008 2:59PM
A year and a half ago I lost my account just prior to the release of the TBC and the introduction of the armory. After a month of trying to appeal, I never had anything restored. I had full tier 1, tier 2, and 5 of 9 tier 3. The whole ordeal was so frustrating, I quit WoW and have only recently considered coming back. I am extremely dismayed to here that this can still happen even with the presence of the armory. Extremely...
And now you have the added complication of your characters being transfered to different accounts and servers? What a horrible experience.