Guildportal, keyloggers, and you
by Elizabeth Harper 
Apr 7th 2007 at 2:31PM
In the past week, you may have noticed an increase in complaints about hacked accounts on the forums. Why? Well, the popular guild-hosting website Guildportal was hacked -- hackers added a bit of code exploiting an old Internet Explorer vulnerability (Microsoft had a patch available six months ago) to install a keylogger on visitors' systems. It was a brilliant move by the hackers, who managed to tap into a site visited by a massive number of WoW players -- the perfect place to steal account information. But I can't say it was very good for some of Guildportal's users, who logged on to World of Warcraft to find their characters completely naked next to an unfamiliar mailbox.However, this entire affair was very preventable. First off, Guildportal itself had a vulnerability that allowed hackers to insert the exploit that installed the keylogger. And then in order for the keylogger to be installed, individuals visiting Guildportal had to be running a version of Internet Explorer that was 6 months out of date.
Guildportal has taken steps to prevent this from happening again, by patching their systems and banning traffic from China, where the hack attack originated from. (According to Guildportal's response as reported on the forums and a commenter on Madness and Games identifying himself as Aaron Lewis of Guildportal.) But have you taken steps? In Blizzard's post on the subject, they point out Microsoft Security Bulletin MS06-055, released by Microsoft on September 26th, 2006. You can stop many potential keylogger threats by simply visiting Windows Update to download patches regularly -- or, even easier, enabling Windows' Automatic Update feature. Either option would have resulted in your computer being protected from this vulnerability well before now.
Think your account has been compromised? GM Kaone offers some good instructions on how to rid your computer of keyloggers (it's a lengthy post but very informative) and then points you to their billing support department for account recovery. (Yes, it is important to get rid of the keylogger before having your account restored -- otherwise you'll end up right back where you started!) But be prepared for a wait -- the account recovery process isn't always fast.
See Guildportal's full response to its users after the jump.
Other recent security advisories:
Beware the cursor hack
Keep keyloggers away: New Microsoft hotfix available
More security warnings from Blizzard
Blizzard reminds us to be careful of keyloggers
[Via PlayNoEvil, with thanks to robodex for the forums link]
Filed under: Analysis / Opinion, Blizzard
