New issues with Adobe Flash, Google search links could compromise your account

by Daniel Whitcomb Jun 7th 2010 at 8:30PM

We have news of two new tricks hackers are currently using to steal WoW accounts. First, from Curse, comes news of a Google sponsored link that claims to lead to the popular addon manager Curse Client, but instead leads to a malware download. To be absolutely safe, you should always only download the client from http://www.curse.com/client.

In addition, Blizzard is warning that Adobe Flash version 10.0.45.2 contains a critical vulnerability that could be used to install a keylogger on your computer in order to steal your WoW account info. You can avoid this issue by installing Adobe Flash version 10.1 Release Candidate 7, which does not appear to have the same vulnerabilities.

Tags: account-security, account-theft, adobe-flash, breaking, bug, curse, curse-client, exploit, flash, flash-vulnerability, google, hack, security, vulnerability

Filed under: Bugs, News items

Reader Comments (Page 1 of 4)

Bernie Roscoe Jun 7th 2010 8:43PM

Maybe Steve Jobs was right about Flash....

Urza Jun 7th 2010 9:10PM

Consider how many sites are broken because of the new version of Flash, "maybe" is putting it lightly.

RogueJedi86 Jun 7th 2010 10:40PM

I still don't like how Steve Jobs is trying to drive Flash out of the market by not supporting it on his iDevices. Everything has vulnerabilities sometimes, doesn't mean we should get rid of them. A lot of people swear by Firefox, despite its occasional vulnerabilities. You just be wary until the next update, and get the fix immediately.

Bionic Radd Jun 7th 2010 10:56PM

I have plugins for Firefox and Chrome both that serve one major purpose - disable most of the flash I come in contact with. It was cute when it first came out, but they've made it far too powerful over the years, which has, in turn, made it extremely dangerous. They don't offer conveniant settings to turn off the things hackers exploit to screw us because they know it would send the advertisers that spend so much money with Adobe screaming into the night. I don't for one second mind that Apple wont allow flash.

Utakata Jun 8th 2010 1:07AM

More likely the virus name is stevejobs.exe.

joe Jun 8th 2010 8:56AM

There are more security exploits in Apple Quicktime. Hell they patched 88 holes back in April alone with QuickTime, itunes, etc. But nobody uses quicktime, or the OS to the same extent, so it isn't published or exploited as much.

Consider how many sites are broken without Flash. Basically any innovative web based product fails. Half or more of the tech crunch finalists, etc.

You think you are not going to get annoying ads without flash? What do you think iAd is for iPhone? But now you can't block it as it isn't Flash...

As for security. Use a different user/pass on wow then any other site. Many hacks are just because hackers got a db from a website and used the user/pass from that list. Easy.

Corrian Jun 7th 2010 8:37PM

why did you blur the address? people must know what it is!

Agony Jun 7th 2010 9:06PM

Look in the lower right of the picture - curse.com made this image and they are the ones who blurred it.

Corrian Jun 7th 2010 9:23PM

yeah I saw what the address was, it still baffles me that curse blurred the address, Why?

Bionic Radd Jun 7th 2010 11:07PM

So you wouldn't go to it? It's a hacker site. It's sole purpose is to steal your WoW account.

Shrike Jun 7th 2010 11:24PM

If you were Curse, would you want to provide free advertising to a site that's using your name to perform illegal acts and harm players of a game your livelihood depends on?

Jason Jun 7th 2010 8:43PM

Always bookmark what you want.

Meatwadz Jun 8th 2010 9:17AM

Also, NEVER EVER EVER EVER use Google sponsored links.

Don't believe me? Google "Best Buy" and go to the sponsored link, "Best Buy - Official Site"

Google needs to step up their QA funding. Or maybe, its just about the money..

Hairfish Jun 8th 2010 12:27PM

Or just never use Google.

Iirdan Jun 22nd 2010 5:24PM

And use what, Bing?

"Hey, Bing last nights lotto numbers for me."
"What? Did you say bang?"
"No, Bing."
"Is that some new slang term?"
"Google them."
"Ohh... why didn't you say that?"

Itanius Jun 7th 2010 8:44PM

Whatever it is, it doesn't show up when I do a Google search.

Itanius Jun 7th 2010 8:45PM

Nevermind, AdBlock was there to protect me!

Nedias Jun 7th 2010 8:48PM

people are mildly retarded and they dont want people going harhar lets see if wow.com lied to us. if u must know its client-(name of said site).com

RogueJedi86 Jun 7th 2010 10:33PM

I looked up the whois registration for the site Nedias alluded to, and guess what? It's registered in China. A site that has malware to keylog your account info is registered in China. Is anyone surprised? THAT's how the gold sites get most of their gold these days. Please take the hint people, that's where the sites get the gold when/if you buy gold.

Orkchop Jun 7th 2010 8:45PM

Authenticators, not just for the cute core-puppy pet anymore!

| 1 | 2 | 3 | 4 | Most Recent | Next 20 Comments

Breaking news Feed

WoW Insider Show

Subscribe via iTunes for our latest show.

Hot Topics

Upcoming Events

Event	Date
Love Is In the Air	2/2 - 2/15
Blackrock Foundry Normal and Heroic open	2/3
Darkmoon Faire	2/8 - 2/15
Blackrock Foundry Mythic opens	2/10
Lunar Festival	2/16 - 3/2
Blackrock Foundry LFR wing 1 opens	2/17
Blackrock Foundry LFR wing 2 opens	2/24
Darkmoon Faire	3/1 - 3/8
Blackrock Foundry LFR wing 3 opens	3/10
Blackrock Foundry LFR wing 4 opens	3/24