Skip to Content

WoW Insider has the latest on the Mists of Pandaria!

Posts with tag Exploit

Suspensions issued for win-trading bug

WinTrading bug being dealt with
Blizzard Community Manager Daxxarri posted on the forums today regarding a Win-Trading bug.

Daxxarri
Providing an environment where players can compete in the spirit of fair play is extremely important to us, particularly in rated Player versus Player combat. As part of that commitment we regularly monitor gameplay, and have discovered an issue where some Rated Battleground teams have exploited the queuing system to obtain high team ratings and engage in win trading.

These, and all, exploitative activities are absolutely prohibited. We will investigate the situation carefully, and players that have been found to have participated in exploitation will be subject to the appropriate actions against their World of Warcraft accounts. In the meantime, we are currently working to resolve any remaining issues with the queue system to prevent this behavior in the future.


Punishments in the form of suspensions have already begun to appear, as well as rating resets for all players suspected of being involved in win-trading. As forum posters have been quick to point out, the trouble Blizzard's team faces is that many players have faced these win-trading teams, despite not actively engaging in win-trading themselves. This issue means that, apparently, some players are affected who never engaged in exploiting intentionally, but it can be difficult to be sure who is who. Nakatoir adds the following:

Nakatoir
After a thorough investigation and liaising with multiple departments, we can confirm that the recent wave of actions taken against Rated Battleground exploitation and win trading are indeed correct. The team of investigators have made sure to avoid any false positives and we will not be overturning any of the actions taken.

Encouragingly, several prominent PvP streamers who have actively participated in win-trading using this exploit have already received suspensions and been stripped of their ill-gotten rating. Time will tell whether the new PvP gearing system has any impact on this behavior, but it seems unlikely, given that, for many, rating and titles are incentive enough to exploit the system.

Mists of Pandaria is here! The level cap has been raised to 90, many players have returned to Azeroth, and pet battles are taking the world by storm. Keep an eye out for all of the latest news, and check out our comprehensive guide to Mists of Pandaria for everything you'll ever need to know.

Filed under: News items, PvP, Mists of Pandaria

Pro Tip: Don't exploit loot rules in LFR's Dragon Soul

A stern but necessary warning from Bashiok today:

Dragon Soul loot exploit
If you are getting loot off of a boss twice then it is an exploit. This has always been the case in World of Warcraft, and we expect players to know better.

We're in the process of implementing a hotfix to fix the exploit, and are deciding what steps we'll be taking for the gear that was already obtained.


We're not going to post about what people are doing (we never have and never will post exactly how the serious exploits are done), but there is a clear and intentional way people are getting a lot of loot out of the Dragon Soul raid using the Raid Finder.

This method they're using gets around the "one shot at loot per week" rule, and it's something that Blizzard clearly from the get-go didn't want to happen. Bashiok is absolutely right as well -- it's well known amongst WoW's experienced playerbase that such exploits are never to be done.

There are reports that some people who've exploited the system are getting the exploited gear stripped from them in the EU; however there is no official announcement yet as to what's happening.

Once that's announced, we'll let you know.

Filed under: Cheats, News items

New issues with Adobe Flash, Google search links could compromise your account

We have news of two new tricks hackers are currently using to steal WoW accounts. First, from Curse, comes news of a Google sponsored link that claims to lead to the popular addon manager Curse Client, but instead leads to a malware download. To be absolutely safe, you should always only download the client from http://www.curse.com/client.

In addition, Blizzard is warning that Adobe Flash version 10.0.45.2 contains a critical vulnerability that could be used to install a keylogger on your computer in order to steal your WoW account info. You can avoid this issue by installing Adobe Flash version 10.1 Release Candidate 7, which does not appear to have the same vulnerabilities.

Filed under: Bugs, News items

Shifting Perspectives: Fun with race choice

Every Tuesday, Shifting Perspectives explores issues affecting druids and those who group with them. This week, we have absolutely no excuse for the column we've written.

I'll be honest; I wrote this week's column purely for brainless fun. You won't learn anything (not that you do normally), there are no insights to be gained (not that there are normally) and I don't have any new Cataclysm alpha information. I am very sorry to anyone who came here looking for a solid, informative column, and if you wish to excoriate me in the comments then I encourage you to do so.

Anyway. When it comes to druids, the deal with race choice is that you don't really have any. If you play Alliance, you have to play a night elf; if you play Horde, you have to play a tauren. We're the most race-restricted class in the game, and even in Cataclysm, that's not really going to change.

Some of you might recall a bug from a little while back that allowed you to model-swap between characters on the same realm by "choosing" two of them at once. I'm pretty sure it's been fixed now, so I wouldn't bother trying it if I were you, but I had lot of fun swapping non-druid races into our various tier sets and wondering what it might have been like to play them. I screenshotted like a maniac while doing so and then set them aside for a future column whenever I felt like doing something just for fun. That would be today.

Read more →

Filed under: Druid, Humor, (Druid) Shifting Perspectives

Goon Squad downs Tirion Fordring


Perennial pariahs Goon Squad, Horde-side on Mal'Ganis-US, have really carved out a niche for themselves in the World of Warcraft. Well, two niches. The first is a rock-solid reputation of being the foremost trolls and griefers in the MMO market, period -- a reputation perpetuated by a community that operates mostly on word-of-mouth and lovingly crafted by the guild itself. The second is providing some of the best and most hilarious WoW videos on the internet. This one is no exception -- they managed to score a victory for the Lich King by defeating the dread paladin Fordring.

It's a rare ability, possessed by Goon Squad and a few other community figures, to be able to take the building blocks of the game experience provided by Blizzard -- strictly compartmentalized and defined by sets of incontrovertible rules -- and then cobble together something wholly new and, frankly, ridiculous out of them. You're not supposed to be able to bring together two often-'shipped faction leaders for an impromptu date. You're not supposed to be able to blow the Wintergrasp fortress wall to smithereens in a minute's time. You're certainly not supposed to be able to kill the head of the Argent Crusade who, by the way, should learn to cast Consecrate.

Read more →

Filed under: Analysis / Opinion, Humor

Update: Keylogger source identified


Just a quick update from from our friends at World of Raids about the current situation regarding circumvented authenticators. It appears there are multiple websites being used for this malware. Be careful of which sites you go to in order to update your addons from; fake website addresses are being used to trick users.

For example, one of the fake sources appears as a "Sponsored Link" right at the top of a Google search. Don't actually visit that site and be sure to warn players asking about addons where to go.


What happens is the fake site will allow you to download a fake copy (did you see fake?) of the WowMatrix AddOn Manager which installs the emcor.dll. This Trojan (Malware.NSPack) can currently be detected by Malware Bytes.

Thanks Kody!

Filed under: News items, Account Security

Man in the middle attacks circumventing authenticators

It has been brought to our attention that Blizzard's technical support department is currently handling a security exploit that is, in a limited capacity, circumventing authenticators. Before we get into the details, please do not panic. This does not make authenticators worthless, and it is not yet a widespread problem. Do not remove your authenticator because of this, and do not base your decision on whether or not to buy an authenticator off of this. They are still very useful, and your account is much safer with an authenticator than it is without one.

This is not the only report of this that we've seen, but it is the first time that a Blizzard representative has openly acknowledged that there is something afoot. For a full account of what happened, check the thread on the EU Technical Support forums. To sum up: There is a piece of malware (emcor.dll is what is being reported at the moment) that is being used as a hijacking tool to facilitate Man-in-the-Middle attacks on users.

Kropaclus
After looking into this, it has been escalated, but it is a Man in the Middle attack.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack

This is still perpetrated by key loggers, and no method is always 100% secure.



To explain in the simplest way possible, instead of data being broadcast directly to Blizzard when trying to log in to your account, that data is being broadcast to a third party via this malware. This includes your authenticator code. Rather than you logging into your account, the hacker on the other end does so. They log into your account, clear out your characters, and move around virtual funds to fulfill orders from players buying gold. This method of circumvention has been theorized since the release of the key fobs, but it has only now started to actually happen.

Read more →

Filed under: Account Security

Editorial: Thoughts on the Ensidia ban

Are you wondering what has caused all the ruckus in the raiding community the past few days? Have you been typing your fingers to the bone since Wednesday night, arguing for one side or the other in forums and chat channels? Whoever you are, or whatever side you're on, in the still-burning aftermath of Ensidia's ban, I feel some reflection is needed. Thus, I am going explain, to the best of my ability, what happened to cause such uproar in the raiding community this week. I am also going to, as the title implies, offer my speculations.

Read more →

Filed under: Analysis / Opinion, Cheats, Bugs, Guilds, Raiding, Wrath of the Lich King, Achievements

Saronite Bombs and similar items disabled [Updated]

We do not know whether or not this was used in the Lich King kills we've seen so far (Ensidia's kill screenshot suggests they did), but Daelo hit the European forums to make the announcement that they've temporarily disabled Saronite Bombs and the Global Thermal Sapper Charge. What does this have to do with the Lich King? Well, Daelo says...
We just made a hotfix that disables the siege damage dealt by Saronite Bombs and the Global Thermal Sapper Charge. The siege damage of the bombs was causing the Frozen Throne platform to rebuild, which greatly decreases the difficulty of the encounter.

We'll reenable the siege damage in a later update when the issue with the Frozen Throne is fixed.
It is a longstanding tradition for end bosses to be exploited in the most hilariously awful of ways, so seeing something like this isn't all that surprising. Here's hoping nothing else like it crops up.

Update: Ensidia has released a statement regarding their use of this bug.

Update, take 2: Ensidia's raiding crew has received a 72-hour ban from the game (as well as loss of loot and achievements) for using Saronite Bombs to "bypass The Lich King fight mechanics."

Filed under: Raiding, Wrath of the Lich King

Blizzard policy changes in reaction to account security concerns

WoW.com has learned through sources close to the situation that after our series of posts describing some questionable internal policies at Blizzard concerning account administration and security, as well as the likely introduction of mandatory authenticators, a few of these policies have been changed this evening.

First, the abilities of billing representatives to directly roll back characters to previous states has been more or less removed, preventing the onioning exploit we spoke about earlier. Account administrators still have the ability, of course, but it should prevent people from being able to game the system over the phone. We do not know if this ability will be returned when billing representatives obtain the proper training and tools.

Second, the care package deal has been sweetened. We're not exactly sure how, only that it's been improved from what it was this morning. World of Raids was tracking the response to these stories on the Customer Service Forums and found a post by CSF blue Syndri detailing some specifics of the care page as it stood earlier today. We cannot be sure Syndri's post applies to the package now or not (given its changes), however it's probably safe to assume that it does. We have also learned that managers are being directed to ensure everyone is presented this care package as an optional alternative to full restoration, something we understand was not consistently happening before.

Syndri's enumerations after the break.

Read more →

Filed under: Blizzard, News items, Account Security

How flaws in Blizzard's billing department are being exploited

Please see the update to this original post.

In our continuing series on account security issues present within Blizzard's offices, we bring you news that lax training in Blizzard's billing department is being exploited by those attempting to game the system and illegitimately acquire more gold and high value in-game items.

The critical flaw in Blizzard's system is that billing support personnel are currently given the ability to "roll back" characters to previous versions more or less on the spot, with the customer on the phone. Because of this, there is a high degree of flexibility and personal accountability on the part of the billing representative. The flexibility extended here is vitally important to customer service, however the training that comes with the flexibility, we are told by multiple sources, is inadequate and leads to this exploit being practiced by a growing number of individuals.

The exploit involves human interaction (aka social engineering), which in security systems is the notoriously weak point. The exploit is often referred to internally as "onioning," which involves the player repeatedly claiming the account was compromised to the Blizzard billing support representatives. There are obviously more details to doing this, but we don't want to provide a how-to. Blizzard is aware of how this is done, and they are currently not implementing checks to combat this.

Read more →

Filed under: Blizzard, News items, Account Security

Client bug allows you to swap character models


We've been sitting on this one for a few days now to let people have their fun before we draw a little too much attention to it, but there's a rather interesting bug in the patch 3.2.2 client: you can glitch out the model being loaded for your character upon login, and switch it with that of another character. We don't know how long it's been around or how long it will stay, but watch the video above (which is pretty large, our apologies) for a demonstration.

The WoW.com staff has confirmed it works, though the timing required is very precise. You need to be quick, but being too fast hitting one or the other is just as bad as being too slow. A few of us found that we had to slow down our fingers to do it properly, because "fast" to a hardcore FPS gamer is very different than "fast" to a casual MMO gamer. Click first, hit enter second. Not the other way around.

Whether this falls into exploit territory or not, we don't really know. What we do know is that the model 'swap' is only visible for you on your client, nobody else sees it, so nobody else should be impacted by it. It's also only graphical, no benefits carry over from one character to the next. You might see your epic iLevel 258 shield on your level 1 rogue, but you won't have the stats. You can't be a Horde draenei to anybody but yourself, so no screwing with people in battlegrounds. You can't be a unique snowflake like an undead paladin to anybody but yourself.

It's a whole lot of fun to see what a draenei rogue would look like, or a gnome druid. Check out the gallery below to see what came out of WoW.com's experimentation, and a few from our friends, too.

Filed under: Bugs, Humor

Activision-Blizzard and their financial future

Barron's has a long article up about Blizzard's corporate overlords at Activision-Blizzard, and as is usual with most pieces of Activision news, people will probably see in it what they want to see. Those who think Bobby Kotick is just a money-grubbing exploiter will find more fuel for their firey fanboy rage: apparently he's a follower of Las Vegas casino entrepreneur Steve Wynn, and is modeling some of Activision-Blizzard's business plan off of that guy, Shareholders, however, will probably be thrilled. In terms of a purely financial sense, Activision-Blizzard is apparently one of the shinest futures around, with Kotick bragging that videogames will eclipse film and TV in terms of moneymaking in just a few years.

From our perspective, as longtime fans and players of Blizzard's games, the most interesting thing I see here is that Barron's makes no distinction at all between Activision and Blizzard any more -- the Activision-Blizzard company, according to the article, is equally responsible for both the Starcraft and Transformers franchises. Obviously, as gamers, we see a huge distinction between those two: one is a classic, storied, much-loved videogame series, and the other is a cash-in on a license that's panned everywhere but the box office. But for the financial guys, they're just both properties of Activision-Blizzard. That's not to say that our Blizzard is entirely lost (anyone who was at BlizzCon last week knows that's not true), but it is a sign that the merger is no longer news. From an outsider perspective, Guitar Hero and World of Warcraft are just two cash cows from the same company.

Filed under: Analysis / Opinion, Blizzard, News items, Economy, NPCs

Exodus punished for exploiting Yogg-Saron encounter


As previously reported, there were accusations that US guild Exodus used an exploit to obtain the World First of the last unclaimed Hard Mode in Ulduar -- Alone in the Darkness. As it turns out, these accusations were true and blue poster Daelo posted on the official forums that the Yogg-Saron encounter was hotfixed on all servers to prevent this from happening in the future. Owing to this, Exodus' kill is no longer recognized by some achievement trackers.

Contrary to some reports, however, Exodus released a statement on their website that members of their guild were not banned, clarifying that Blizzard meted out a 72-hour suspension for their abuse of game mechanics. They argue that the encounter wasn't beatable to begin with, similar to the C'thun fight in Ahn'Qiraj before it was fixed, prompting the exploit. In the same statement, Exodus also points at Ensidia's arguably hypocritical stance of complaining about the abuse considering Ensidia used similar questionable methods to achieve other World Firsts. Serennia mentions this behavior in his column at wowriot, as well, bringing into question Blizzard's apparent double standard when meting out punishment.

Filed under: Analysis / Opinion, Cheats, Guilds, Blizzard

World first of "Alone in the Darkness" a possible exploit

We reported last week that a guild named Exodus on the US realm of Ysondre had come out of nowhere to topple the world first of the Heroic: Alone in the Darkness achievement, which requires that you bring down the biggest bad currently in the game, Yogg-Saron, with no help from any of the Keepers in Ulduar. But not so fast, says Serennia over at WoWRiot -- over on their forums Ensidia is claiming that Exodus used an exploit, and that their kill doesn't count at all. Apparently, having Thorim help on the fight keeps the "Immortal Guardians" in the last phase of the fight from being a problem, and without Thorim, you have to not only do the fight without his extra 10% damage bonus (each Keeper ups your DPS that much), but you have to deal with the Guardians messing up your melee classes, and oh yeah: they both heal and get healed by Yogg. Not that it's impossible to do it, but it's definitely not easy, and Ensidia claims that Exodus found a known exploit that allows you to evade the Guardians out completely, thus turning the last phase into a straight tank-and-spank, obviously much easier.

After that, it gets into some guild back and forth (Ensidia apparently did something that might have been an exploit on Hodir, and when people call them out on that, they say that the exploits were different -- Ensidia's tactic was just an interesting use of game mechanics, while the exploit Exodus is suspected of using is more of a cheat), but the fact remains that Exodus is clearly not a guild that anyone expected to clear what might be the toughest raiding achievement in the game before anyone else, and yet that's exactly what they did. Ensidia says they won't be killing Yogg for the achievement using the exploit, and that they've reported the Exodus kill to the devs, so we'll have to see if the devs decide that Exodus did cheat, or if they let Exodus keep their achievements and mounts. We're not sure how much it all matters, with world first kills not being all that important any more (and that's exactly what the devs might say as well), but Ensidia is claiming that an exploit took place -- we'll have to see if that turns out to be true.

Thanks, Nimrod!

Filed under: Analysis / Opinion, Guilds, Blizzard, Raiding, Bosses, Forums

WoW Insider Show 

Subscribe via  iTunes for our latest show.

Hot Topics


 

Upcoming Events


Around Azeroth

Around Azeroth

Featured Galleries

It came from the Blog: Occupy Orgrimmar
Midsummer Flamefest 2013
Running of the Orphans 2013
World of Warcraft Tattoos
HearthStone Sample Cards
HearthStone Concept Art
Yaks
It came from the Blog: Lunar Lunacy 2013
Art of Blizzard Gallery Opening

 

Categories