WoW - The Official "Oh noes my account was hacked" Thread

Pages

IMAGE(http://img214.imageshack.us/img214/9168/hacked5gq5.jpg)
Yep, so it happened to me last night. Let's all gather 'round the bonfire and share stories as they happen. How much like a real life mugging this is akin to. Whether Elysium's nonchalance is the honorable response, or whether we should get the pitchforks and dedicate our lives to fighting internet crooks. Whether it's our own fault for not caring too much about updating our passwords or buying extra insurance.

Ultimately, it was a keylogger for me. I certainly never shared my password with my closest friend, much less a random stranger promising to power-level my character. The most critical issue is whether real world information like a credit card number was compromised in the process. What are the tricks to making sure it never happens again? Any favorite spyware or virus protection? Should we wipe our hard drives clean, nuke it from orbit, just to be sure? Discuss. Or say "I told you so."

Happened to me about 2 years ago on my warrior. The bastards even sold my Sulfras hand of Ragnaros. I truly wanted to kill everyone. I did get it all back eventually but damn it took awhile. I logged into my toon on a friends cpu and thats where the keylogger must of been because by the time I got home all my gear was gone. It looks like they saved your skinning knife so hey not all bad, and hmm looks like a fishing pole in there. Sooo go skin and fish for a bit I guess. Damn I hate those gold selling account hacking punks

Man, that sucks. Do you happen to use an Authenticator Key by chance?

I'm wondering if a good precaution is to take a screenprint every now and then to show what you have. I always fear what would happen if Krindle got hacked, and I would consider quitting the game depending on what I lose...

Zablocki19 wrote:

Man, that sucks. Do you happen to use an Authenticator Key by chance?

I'm wondering if a good precaution is to take a screenprint every now and then to show what you have. I always fear what would happen if Krindle got hacked, and I would consider quitting the game depending on what I lose...

Blizzard is pretty good about giving your stuff back. Sure you lose some gold, maybe some bank items, but nothing too bad.

What are the tricks to making sure it never happens again? Any favorite spyware or virus protection? Should we wipe our hard drives clean, nuke it from orbit, just to be sure? Discuss. Or say "I told you so."

1. Good, Anti-virus, FF with Noscript and Adblock, and smart browsing (meaning be careful where you go) get blizzards authenticator.
2. I use Avast currently, works nicely.
2. Yes, nuke it.

Oh, and just to be sure, I'd check your Credit cards/bank site if you use the key logged pc to access them. Just do it from another PC.

When they got my hand of Rag I had a cool GM restore that item for me right away

If I ever get insane enough to open up my WoW account and start playing again, the first thing I do will be to buy an authenticator.

I think it would be extra helpful to point out how you got hacked when it happens. I see a lot of these stories but rarely is the source of the suspected hack revealed. Its part of prevention education. Covering your ass for the event that you -do- get hacked is all well and good but a better measure would be avoiding whatever ways people commonly get a keylogger. Do most of these come in game mods via a downloader like Curse?

strem wrote:

Happened to me about 2 years ago on my warrior. The bastards even sold my Sulfras hand of Ragnaros. I truly wanted to kill everyone. I did get it all back eventually but damn it took awhile. I logged into my toon on a friends cpu and thats where the keylogger must of been because by the time I got home all my gear was gone. It looks like they saved your skinning knife so hey not all bad, and hmm looks like a fishing pole in there. Sooo go skin and fish for a bit I guess. Damn I hate those gold selling account hacking punks

I thought it was funny that they actually left me some stuff. And my graphite fishing pole, which is my little baby.

By the way, Thebestever and Bredwiddle on Dawnbringer server (the one my char. was transferred to without my consent) are now on my "friends" list, so tell them to suck an egg if you happen to be on that server.

Zablocki19 wrote:

Man, that sucks. Do you happen to use an Authenticator Key by chance?

Didn't have an authenticator, but just ordered one using my laptop, to avoid any keyloggers getting my credit info, although I did run full virus and spyware scans. They found some bad cookies, like Dr. Ghastly's post a year ago. That's it. Nothing else "evil." I was using Curse, but no longer.

Blizzard GMs have so far been very nice. I'm sure I will get back all the important stuff. Like any crime, it's really more about peace of mind and a sense of security. Why play a game if it puts you in jeopardy?

I haven't been hacked yet (*crosses fingers*) but here's what I do:

  • Never log in anywhere but my own pc
  • I don't run any download/mod managers
  • Firefox with Adblock and most of the security measures within the browser enabled
  • I don't run any third-party .exe's I don't trust. In particular, I don't run ANY .exe's for anything WoW-related.
  • Avoiding sites highly suspected to be the source of browser hacks (hey there, wowhead and curse-gaming!)

I also don't have a character name matching my master account name, and I have the client set to remember my account name. Seems silly, but it makes a difference. If they don't know your account name, they can't hack it. And if you're not typing it, you might be safe even if you get nailed by a keylogger.

Farscry wrote:

I haven't been hacked yet (*crosses fingers*) but here's what I do:

[*]I don't run any third-party .exe's I don't trust. In particular, I don't run ANY .exe's for anything WoW-related.

probably the most important part.

Farscry wrote:

[*]Avoiding sites highly suspected to be the source of browser hacks (hey there, wowhead and curse-gaming!)

I always find this silly. Are they really highly suspected? There's millions of people who use this everyday without a problem and probably will continue to do so and not get hacked. Almost all the cases i've seen or heard about of people being hacked was due to them not being safe in other areas. Everyone needs to realize that a non WoW site is just as likely if not more so to plant a key logger.

Why wouldnt they be? Especially Curse with its too-easy mod install. Unless they have an amazingly thorough review process and impressive security measures, versions of a popular mod, or a fake mod, or any other deception could get in with a key logger.

Something as hands-off as their client just goes too deep to be so completely trustworthy.

polypusher wrote:

Why wouldnt they be? Especially Curse with its too-easy mod install. Unless they have an amazingly thorough review process and impressive security measures, versions of a popular mod, or a fake mod, or any other deception could get in with a key logger.

Something as hands-off as their client just goes too deep to be so completely trustworthy.

if thats the worry you can always do it manually. Which i admit to doing for new addons or ones i've never heard of before. The mainstays though are probably thoroughly checked. If it got out that they carried a logger the community backlash would be pretty harsh.

I agree, the exe part is by far the most important.

ranalin wrote:
Farscry wrote:

[*]Avoiding sites highly suspected to be the source of browser hacks (hey there, wowhead and curse-gaming!)

I always find this silly. Are they really highly suspected?

Hey, I'm just saying what I do. I'm highly paranoid about my computer. But there's been so many allegations of ads that run on those sites being targetted by hackers that I just prefer to stay away from high-traffic (and thus priority target) sites.

It's like using Firefox instead of IE; IE is the mainstream browser with the most traffic, so it gets targetted by hackers the most. It's not necessarily that FF is arbitrarily more secure, it's that hackers prefer to fish using dynamite, so they'll pick the more densely populated pond rather than the one with too few fish to be worthwhile.

The question is why would they be above suspicion? Its fingers are deep in your WoW directories, it has thousands upon thousands of mods, each getting frequent updates, sometimes by multiple users and it installs mods with the click of one button.

Its not silly to be wary of it.

polypusher wrote:

The question is why would they be above suspicion? Its fingers are deep in your WoW directories, it has thousands upon thousands of mods, each getting frequent updates, sometimes by multiple users and it installs mods with the click of one button.

Its not silly to be wary of it.

I didnt say dont be wary. In fact i was suggesting to be wary of everything. I just have always thought it going overboard for people refusing to use those 2 sites because of keylogger fears when there's so many more that are probably more likely to cause problems.

As for fingers in deep...if thats a concern for anyone (and it should be) there's not a thing stopping them from doing things manually. You dont HAVE to use the client.

One thing is certain: I am definitely cutting down on my mods and being more careful where they come from. Once I get everything resolved, which should take several days, I will only install mods manually, and sparingly.

The hackers are still toying with me at the moment. I have received a new password reset just now. One that I didn't request. It's going to be a long week. *sigh*

Montalban wrote:

The hackers are still toying with me at the moment. I have received a new password reset just now. One that I didn't request. It's going to be a long week. *sigh*

Blizzard does that automatically when you report the account as breached.

Dr.Ghastly wrote:
Montalban wrote:

The hackers are still toying with me at the moment. I have received a new password reset just now. One that I didn't request. It's going to be a long week. *sigh*

Blizzard does that automatically when you report the account as breached.

Hopefully that's the case. I have changed e-mail accounts and passwords several times. Blech.

1 of the most common reasons for people being “hacked” (not here) but never admitted is buying gold.

The sites of the gold buyers are so full of crap it isn’t funny.

I will admit I have been “hacked” 3 times and each time has been after I bought gold.

That should be the biggest deterrent to buying their services.

No one ever sites this as their reason because they don’t want to admit they were on those sites or buying their services.

Again this is not so much this site but the “hacks” in general that are reported on the internet.

What, did you give away your password or something?

Malor wrote:

Mods themselves aren't _that_ dangerous.

Indeed. It's probably obvious, but no mod should require running an exe - if one does, then view it with great suspicion.

I do all the same stuff as Farscry, although I'm less worried about the websites. That said, make sure you keep your browser, plugins (especially Flash!) up to date, and so on. All standard internet security stuff.

I had a guildy get his account keylogged last year (his sister was using the computer to download pirated episodes of 90210 and all manner of dody other stuff), and it took him a while to get around to getting it recovered. The account had been sold by the person who keylogged him, and by the time he got it back his main had been leveled most of the way through outland...

Authenticators are six bucks. I do not understand why every WoW player does not have one. Speaking as someone who was hacked in the 6 month period where they were perpetually out of stock right after they were announced.

http://www.blizzard.com/store/detail...

We had a guild member get hacked twice in the last month or so. The first time they cleaned him out, as well as all the blues in the guild bank. He was an officer, so had access to all the tabs. They left him some clothes out of decency?

The second time they did the same thing, except the unguilded one of his toons and had it join another guild. He was amused by the fact that they were using his warlock for farming ore. It still had stacks of saronite when he recovered his account.

LeapingGnome wrote:

I do not understand why every WoW player does not have one.

LeapingGnome wrote:

... they were perpetually out of stock right after they were announced.

I think you answered your own question. If they can't keep them in stock, how can everyone playing get one?

I picked up a WoW keylogger about 6-8 months ago. I caught it before it did any damage to my account (thank God for having an older computer that had serious performance issues with it). But, I'll second what everyone else is saying. Wipe your HD and re-install you OS. Change your account password and get an authenticator. Don't take any chances.

What are your thoughts on using Dell's factory settings restore that returns your computer to where it was when you first bought it? Should that be relatively (fancy BIOS viruses aside) effective?

Montalban wrote:

What are your thoughts on using Dell's factory settings restore that returns your computer to where it was when you first bought it? Should that be relatively (fancy BIOS viruses aside) effective?

If I recall, those types of restore use a hidden partition with a fresh copy of Windows XP (Or Vista, if you're livin' in the 21st century, which I am not) on it. You have the option of doing a full reformat on the "usable" partition when you do that. So, unless you have wicked angry viruses that infect your secret partition (I know it's possible but I don't know if that's an actual risk or not), it's okay. I used the HP version of the system restore to bring my laptop from the brink of collapse and it seems to have worked great.

I'm pretty sure that system image is stored on the drive in encrypted format, and not trivially visible from the OS, so you should be pretty safe. If you want to be absolutely certain, you'd need to restore from CD, but you're probably just fine using your restore image.

Mods themselves aren't _that_ dangerous. They can't steal your passwords. They could, in theory, steal money or items from you, but I've never heard of that actually happening.

They can't get to your passwords, because they're not running when you're typing your password in. And, as far as I know, they can't escape the WoW sandbox; they're unable to reach the outside world, and can't write files on your drive. In-game, they can pretty much do anything that you can do, but that's all. They're part of your client, so they can only do things that the client can normally do.

Not running .exe files will protect you completely from full account compromise from the actual mods themselves. You can lose items or gold, but not your account. But there are other avenues to get nailed. Flash, for instance, has been having many issues, and if you haven't been keeping up carefully with its patches, simply visiting the wrong web site can instantly infect you.

Once you know you've been keylogged, you need to change passwords on everything, posthaste (from a clean computer!). And the only way to be SURE your machine is clear is to nuke it. People, even smart people, keep insisting that you can safely recover from a compromise, but you simply cannot. Many of the infections now are delivered in small batches of just a few hundred, so they stay entirely under the radar of the antivirus companies. And they have many, many clever ways of hiding from scanners.

I saw a guy who was writing malware talk about some of the tricks he was using. They're clever and nasty, and very difficult for anti-malware programs to even see. One idea he was talking about, which he never actually implemented, was to install a bunch of interrupt handlers, each making sure the others were still alive. Interrupt handlers don't even show in the process list, because they're not processes; they look like device drivers, and malware scanners don't check those. And that was just a throwaway idea from a guy who got out of the malware business.

The only way to be sure you're clean after a compromise is a full nuke-and-rebuild. And, at the rate they're going, even that may not be enough -- you may have to actually reflash your BIOS before too much longer. There are proof-of-concept ACPI viruses out that can install themselves into the machine's BIOS... the ACPI environment is Turing-complete and offers access to hardware, so it's at least theoretically possible to write viruses that run directly on the motherboard, whether or not the OS is running.

I don't know that any actually have been released, but since they'd be so damn hard to detect, they could be in the wild for some time before anyone realized.

BadMojo wrote:
LeapingGnome wrote:

I do not understand why every WoW player does not have one.

LeapingGnome wrote:

... they were perpetually out of stock right after they were announced.

I think you answered your own question. If they can't keep them in stock, how can everyone playing get one?

Because they have been in stock for six months or more now?

Pages