Posts with tag keylogger

After years of keyloggers and trojans from unsafe browsing, unsecured computers, or just plain bad luck, WoW players should be pretty used to the concept of a compromised account and how said compromises happen. Unfortunately, Diablo III players don't appear to be as familiar with them, which has resulted in some pretty maddening discourse on the official forums and across the internet.

Just like WoW accounts, Diablo III accounts are worth real money. Blizzard has had experience dealing with compromised accounts for years. This is why it introduced the Battle.net Authenticator, a second level of security that makes it very, very difficult to get your account compromised. Authenticators don't make it impossible to get your account compromised, but they do make compromising your account much more trouble than it's worth in the face of mass keylogging, which is how accounts are normally stolen.

Some people who haven't had a WoW account before but bought Diablo III were undoubtedly surprised when their accounts were compromised, which is understandable. An editor at Eurogamer had his account hacked and responded with an article suggesting that players were getting their sessions hijacked by joining public games and that people were getting compromised with this method even with authenticators attached to their account. Unfortunately, sites all over the internet picked up the story and also reported the session hijacks and bypassed authenticators as fact.

The problem is that neither of those things were correct. In fact, Blizzard says it's actually impossible to do with Diablo III due to the way the infrastructure is set up.

Make no mistake: it really sucks when your WoW account gets compromised. Even with the speed with which compromises are handled by the support department nowadays, it's still a pain to have to wait to get your stuff back -- and it's even worse to know that someone was in there mucking around with your dudes, you know? Blizzard's been better about helping people with account security problems recently, like giving out free authenticators to some hacked accounts and offering a free phone-in authenticator service, but in the end, a lot of the responsibility falls on you the player to keep your account secure.

To that end, Blizzard has assembled a new account security guide. It's a pretty comprehensive list of the steps you can take to secure your account, from getting an authenticator to learning how to recognize phishing emails to making sure that your computer itself is secured through the use of antivirus software. Learn it, live it, love it. In account security, as in Planeteering, the power is yours.

---

World of Warcraft accounts have been under siege for years, with hackers and gold-selling outlets stealing passwords, items and more to fill their coffers, selling that gold to unwitting buyers. Blizzard has fought back incessantly over the years to stem the tide of gold farming and account hacking, and as you can imagine, the scale at which this happens is very tasking on its customer support department.

Blizzard has just announced a new, speedier way to get help and answered about your hacked account, stolen items, authenticator issues and more! Now, under the new system, you will not have to email or call Blizzard to get these matters into its queue -- simply use the Account Recovery Form.

For many realms, Ruby Sanctum is up and running, and Halion's being smacked around by countless guilds (check out our Halion guide to learn how your guild can smack him around, too). With Ruby Sanctum as the last raid before the release of Cataclysm, players are still looking forward to the Cataclysm beta. With the beta now up and running, players are subject to piles of false email and announcements from people trying to steal valuable account information. With all these scammers trying to worm their way into player's accounts, how about we take a visit to that ever-pertinent blogging topic, account security?

• Letters from Birdfall has some wise words about security programs and what you can do to avoid the dangers of keylogging.
• Slice and Dice talks about safeguarding your guild bank.
• Flame Shock talks about phishing emails, what to look for and how not to write them.
• Now that we're feeling a little more secure, let's visit Oddcraft and get warm and cozy with a statement from A Basic Campfire.

Just a quick update from from our friends at World of Raids about the current situation regarding circumvented authenticators. It appears there are multiple websites being used for this malware. Be careful of which sites you go to in order to update your addons from; fake website addresses are being used to trick users.

For example, one of the fake sources appears as a "Sponsored Link" right at the top of a Google search. Don't actually visit that site and be sure to warn players asking about addons where to go.


What happens is the fake site will allow you to download a fake copy (did you see fake?) of the WowMatrix AddOn Manager which installs the emcor.dll. This Trojan (Malware.NSPack) can currently be detected by Malware Bytes.

Thanks Kody!

It has been brought to our attention that Blizzard's technical support department is currently handling a security exploit that is, in a limited capacity, circumventing authenticators. Before we get into the details, please do not panic. This does not make authenticators worthless, and it is not yet a widespread problem. Do not remove your authenticator because of this, and do not base your decision on whether or not to buy an authenticator off of this. They are still very useful, and your account is much safer with an authenticator than it is without one.

This is not the only report of this that we've seen, but it is the first time that a Blizzard representative has openly acknowledged that there is something afoot. For a full account of what happened, check the thread on the EU Technical Support forums. To sum up: There is a piece of malware (emcor.dll is what is being reported at the moment) that is being used as a hijacking tool to facilitate Man-in-the-Middle attacks on users.

Kropaclus

After looking into this, it has been escalated, but it is a Man in the Middle attack.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack

This is still perpetrated by key loggers, and no method is always 100% secure.

source

To explain in the simplest way possible, instead of data being broadcast directly to Blizzard when trying to log in to your account, that data is being broadcast to a third party via this malware. This includes your authenticator code. Rather than you logging into your account, the hacker on the other end does so. They log into your account, clear out your characters, and move around virtual funds to fulfill orders from players buying gold. This method of circumvention has been theorized since the release of the key fobs, but it has only now started to actually happen.

If it wasn't already obvious, Blizzard put together a page on their official website making clear their stance towards buying in-game gold, and have just recently given it another big push. To put it simply: don't. The page outlines what we at WoW.com have known for quite some time (hence our collective stance against buying gold) -- that gold buying harms other players. The site doesn't go into specifics other than to say that gold selling companies often acquire their gold through unscrupulous means.

They sum up their statement by saying that "players who buy gold are supporting spamming, botting, and keylogging." Basically, if you're a gold buyer, you're part of the problem. No, seriously. Gold sellers acquire gold by hacking into other players' accounts, taking their gold, selling all their items, and sometimes maliciously deleting their characters. That gold you think some Asian spent hours farming in Nagrand or something is more likely to be some other player's hard-earned gold and the seller is just as likely to be some dude from Jersey.

As tempting as buying gold may seem -- and I've read many arguments towards why people buy them -- the bottom line is that it is harmful to the game and you're not doing yourself any favors in the long run. Blizzard says that it "diminish(es) the gameplay experience," but that's putting it nicely. Gold selling and power leveling are against the EULA, anyway, so anybody who patronizes these services are in danger of getting banned. And if you don't believe in buying gold (go you!), protect yourself by getting an authenticator or reading up on account security.

Remember that "non-personal system information" that Blizzard said they are searching for? Part of it is a search for keyloggers, trojans and viruses that affect WoW. If the system check finds one of those on any of the computers you are using, Blizzard will ban your account for 24 hours so that you can get it fixed.

When this happened to a guildie, I must admit I was skeptical. Blizzard scans for viruses? And then sends an email that sounds suspiciously similar to the various phishing emails out there? But my friend sent me a copy of the email and described the whole process to me and I am a believer. Blizzard has some issues it needs to resolve with how it is handling this, however.

Oh boy. Most of us are the walking dead after BlizzCon, but let's get back to something resembling normalcy with a Queue. We're going to start off today with an important matter concerning authenticators and account security, then move on to a bit of WoW.com business and Onyxia. I'd also like to direct attention to two really good comments from the last column re: technical issues, Shadow's and Logarth's.

Zerounit asks...

I recently got an Authenticator in the mail and I noticed something while I was inspecting it: there appears to be no way to open it short of cracking it open with large objects. Is there a battery life on these? If it stops giving me my magic codes, will I have to get a new one?

I got an authenticator for my own use recently and have to admit I hadn't thought to look into the battery life, which is a very good question indeed. A dead authenticator means you have no way of getting into the game (or even into your online account) without official help from Blizzard.

Turns out the little security doodads are manufactured by a company named Vasco, and after poking around their website, I'm reasonably certain that Blizzard authenticators are a variant of Vasco's DIGIPASS GO 6 model. What makes me so sure? The GO 6 model page is the only one accompanied by an article on fraud and hacking in online gaming. They don't come right out and say that Blizzard is a customer, but unless Hello Kitty Online is a bigger hive of scum and villainy than even we gave it credit for, you don't have to be a genius to figure out that World of Warcraft figures prominently in MMORPG account theft.

Recently, I wrote about a scam involving selling Spectral Tiger Mounts, but I never thought I would be able to actually interview the guy responsible. Luckily, this particular scammer was willing to discuss the scam candidly with my husband and I. He ended being very like a Ferengi in his attitude toward what he calls "business". Here is the story.

Late last night, The Spousal Unit saw someone spamming Trade Chat, supposedly offering a Spectral Tiger Mount for sale. Since he knew two people that had been scammed by this, he called the seller a scammer in Trade Chat. The scammer sent him a tell and they proceeded to debate the issue in whispers. TSU called me over to show me the conversation, so of course I had to log on and pursue the interview further. Following are both interviews, copied over from in-game whispers.

New around here? WoW Rookie points WoW's newest players to the resources they need to get acclimated. Send us a note to suggest a WoW Rookie topic.

It doesn't take keyboard gymnastics to prevent your account from getting hacked. As a new player, you're bound to be concerned – and if you do any digging at all, you're also bound to uncover a tangle of acerbic, rather arcane-sounding comments (many of them on posts right here at WoW Insider) about what operating systems, browsers and browser add-ons are most secure.

You really don't have to change your entire computer system simply to keep your WoW account safe. This week, WoW Rookie rounds up a selection of WoW Insider posts that show you how (and why) to keep your WoW account from being hacked and prevent your computer from spilling its beans to the world at large.

PlayNoEvil recently published an article explaining why they think it is that hackers target gamers by stealing their passwords and other account information.

While there is some truth in the premises offered, articles like this one only serve to fuel conspiracy rumors and encourage players to think of themselves as victims rather than take responsibility for their own account security.

Gaming companies do place some of the blame for a compromised account on the account holder, and for good reason. The hacker certainly didn't gain access to your computer because of their actions, and their computers that store your information are as yet untouchable.

The browsers you use, sites you visit, firewall settings, anti-virus software and update practices are just a few of the ways that you contribute to your own hacking experience.

Sharing your account information with your lover, best friend and mother may sound safe, but you don't control the security of their computers, or their friends' computers. The majority of people I know who have been hacked signed into their accounts on their sibling's computer or a publically shared machine.

In fact, NASA ended up with a keylogger targeted at gamers on the International Space Station. It traveled aboard on the laptop of one of the astronauts. You just can't trust any computer that isn't your own.

It may be hard to hear, but a hacked account is because of something you did, whether it was an unfortunate stroke of luck, such as stumbling onto a redirect on a legitimate website in the small window before the site addresses it, or a serious oversight in security on your part.

So, you might have noticed the increased number of warnings and advice from Blizzard regarding account security lately. They've even popped up in the game itself, as a server message when you first log in. Needless to say, this has caused no dearth of consternation in the WoW community (read: people be trippin').

So, why the sudden notices? Has something changed? Has Blizzard lost their footing in the war against hackers and gold farmers? Is Blizzard in cahoots with them? What's this itchy pentagram-shaped rash I've developed?

Now, there's a lot I can't talk about regarding this stuff, and certainly not for any sinister reason. It's a selfish reason, though, that being that I really like not getting sued. I can, however, use my experience and knowledge to bust or confirm some common account security myths. Ready?

I'm a trained professional. Don't try this at home!

The Armory was updated with achievement and statistic tracking last week to accompany the new game features introducted in patch 3.0.2, along with tools to compare your achievements and stats to other players on your realm. There was a lot of concern over someone the things displayed out in the open for all to see such as the Wealth stat. How much gold you've had, how much you have, things like that. Players felt it made them into targets of sorts, figuring hackers, scammers and phishing sites would focus fire a little more. Heck, some people were just plain uncomfortable with other players seeing their gold stores.

It looks like Blizzard actually agrees in this case. If they don't agree, at least they were feeling a little sympathy and wanted to calm some nerves. The Wealth category has been removed completely, and while you can still check up on other achievements and stats, you don't get a free look into someone's money bags anymore. I don't know that how much gold you have on display actually had an effect on who scammers target or not, but it's not like it was important information anyway and you might as well be more safe than sorry. Some stats are fun to see and compare, but I don't know that gold is one of those stats.