There is still no Wrath beta
by Eliah Hecht 
May 1st 2008 at 7:00PM
When the beta does start (as it surely will eventually), and if you're lucky enough to get a real invite, it will point to a site at blizzard.com, worldofwarcraft.com, or (for our European chums) wow-europe.com. It will not, for instance, point to therealblizzard.net. The scammers have gotten pretty good at building convincing-looking sites (as pictured), but check the URL and don't be fooled. Do not enter your WoW account name and/or password anywhere other than the log-in screen of the game, blizzard.com, worldofwarcraft.com, or wow-europe.com. Oh, and use Firefox.
Filed under: Blizzard, Wrath of the Lich King, Account Security
Reader Comments (Page 1 of 1)
matt May 1st 2008 7:05PM
I'm pretty sure my invite was real. It looked official and all, and was at www.this_is_a_real_blizzard_site.0123aeb.com/not_a_keylogger/
FantomRedux May 1st 2008 7:27PM
Anyone stupid enough not to check the address an email has come from deserves to have their epic gear disenchanted and there character deleted.
And check the launcher, theyll announce it on there too. When it happens that is
Mainstay May 1st 2008 7:28PM
You might also get in, if you were at Blizzcon last year. Considering one of the things are the card was an "as of yet unannounced beta" along with the Murloc Costume
Wikt May 1st 2008 7:43PM
This would most likely be the key to the same open beta that would be officially announced by Blizzard. Besides, this doesn't make it any less important to read twice the sender email addresses and the links you click.
jumb May 1st 2008 8:19PM
What I want to know is how do the scammers get these people's email addresses?
Treima May 1st 2008 8:42PM
The same way they get idiots' passwords: Keyloggers, spyware, or the legitimate purchase of their information from a place that sells "sales leads," which is a not-so-clever euphemism for "your buying habits from the last two months."
Silverrealm May 2nd 2008 10:57AM
{The same way they get idiots' passwords: Keyloggers, spyware, or the legitimate purchase of their information from a place that sells "sales leads," which is a not-so-clever euphemism for "your buying habits from the last two months."}
I ROFL'd
matt May 1st 2008 9:58PM
Well at least the fakes aren't just reusing the old warcraft 3 expansion control screen anymore to fool people. These phishing schemes must work because they are sure keep coming.
dacamper May 2nd 2008 4:49AM
How about using Opera? (http://www.opera.com/) Is it also protected against keyloggers etc by virtue of not being IE? :)
Mera_LaCroisadeEcarlate May 2nd 2008 8:42AM
The point is that it is not related to keylogging, the point is to fake you a blizzard website so you think you are on a real blizzard site and you login like everydays to your website account, it will fail of course because this is a fake website, you will think shit I will go back later it does not work but youu're already owned because the hacker behing the fake website logged your input and this no browser in the world will restrict you from typing your own login password on a login prompt lol. they are here to achieve this.
V Magius May 2nd 2008 1:27PM
Actually, it doesn't fail. At least, the last one I put in bogus info on didn't fail. They just accept all your info you type in and store it somewhere.
James May 2nd 2008 7:15AM
Hang on a sec. Since when does the browser dictate whether or not keyloggers work? A key logger records key presses across the entire Operating System, not the web browser. Opera/FireFox could never provide any protection since they themselves listen to key presses to know when the user is typing something anyway! So in effect, they are key loggers too!
And this is not a Microsoft problem. ANY operating system with a keyboard attached will be prone to "key loggers" since the process of reading key strokes is how what you type appears on the screen in the first place!
Get your facts straight people. Anyway, IE7 on Vista is more secure than Firefox/Opera since it runs in low-rights mode and if anything were to attack the PC via the browser, it couldn't get very far.
For those of you with an open mind, read the following link to learn why IE7 running in Protected Mode is worthwhile. FireFox 3 doesn't run in Protected Mode but they've said they'll implement in a future release. Until then, use IE7.
http://blogs.msdn.com/ie/archive/2006/02/09/528963.aspx
Ametrine May 2nd 2008 7:41AM
Browser IS important, because Firefox (through the popular NoScript and Adblock plugins) protects most sites from downloading malware to your computer; and if you somehow do acquire a keylogger, the cross-browser-functional Firefox addon KeyScrambler can prevent the 'logger from reading anything more than useless gibberish.
con-man May 2nd 2008 8:29AM
Your browser dictates what scripts are allowed to run off of websites you visit. No one said anything about firefox stopping a keylogger thats already on your system. It just does the best job at stopping them from getting on your system. Please read the article before making an ass of yourself.
Oh, and don't post 2 year old articles to support your arguments
Hunterlin May 2nd 2008 7:48AM
This is not about which system is more safe or not. IE7 is vulnerable, Firefox is vulnerable.
Attack scripts are made for browser with widest market share and that is IE. IE7 may be safe itself, but as any browser it needs lot of side addons to run, like Flash/Java/Realplayer and their vulnearabilities open full access even on properly configured Vista with IE7.
I did switched from IE to Firefox after first trojan, removal of what required format C:. Antivirus will warn 80% of time if you your computer is getting infected, and there nothing you can do for other 20% other than switch your browser to one that does not recognize attack scripts.
James May 2nd 2008 8:05AM
Ametrine,
It is possible acquire a key press before it even reaches the intended application. Therefore no prevention mechanisms embedded into the applicaton can will make any difference.
By implementing a low-level keyboard hook any key press can be acquired.
See http://www.codeproject.com/KB/cs/globalhook.aspx as an example. This example shows that an applicaton can record key presses for any application that is currently running (including Firefox).
Also, those addons for Firefox may prevent downloading and executing but with IE7, if something was to download and execute from IE7 it wouldn't be granted permissions to do anything malicious (including installing key hooks) within Vista. The same couldn't be said for Firefox as it doesn't run in protected mode.
Mojonete May 2nd 2008 11:59AM
Not when you do it at kernell level, buddy.
http://www.qfxsoftware.com/
James May 2nd 2008 1:07PM
Nice piece of software!
As a driver developer this sort of software interests me but of course, this could be circumvented with another kernel driver inserted lower down in the dev stack.
However, it doesn't get away from the "Get FireFox" statement from the author of this article. I was merely pointing out that FireFox/Opera do not have any special capabilites to stop key loggers and that IE 7 on Vista includes extra protection to prevent the installation of these malicious programs in the first place (see Protected Mode).
shadowwolf007 May 2nd 2008 4:09PM
The fact is that unless Firefox runs in Protected Mode, the only way you could possibly be more secure running it is if you enabled that No-Script addon. I suppose if your web browsing experience is mundane and boring, that's no big deal.
Vista + IE7 = Very safe. Users cannot exploit your system without having been given explicit permission once you close your web browser. No system is ever perfectly safe and Firefox has been proven here & there to have no better track record of resolving major security issues versus IE7.
Flash and Java vulnerabilities are just as dangerous on Firefox as IE7. 3rd party software is a different deal.
twcwardog Apr 3rd 2009 4:29AM
I got an email looked official, but i knew better. upon examination of the email header file, it came from blizzaird.com
beware and never assume anything!