I realized one of my accounts was hacked and the password was changed somehow. They took all the gold ;(

I reset the password now and started to look for how they could have done it. I have scanned my Vista64 system with NOD32 AV, Windows Defender and LavaSoft Ad-aware 2007. I then changed the access password to my router.

So far no viruses, spyware or ad stuff is on the Pc. I am pretty careful with what I download, but somehow they got the password and managed to change it.

Do you guys have any advice what I can do to ENSURE my PC is indeed clean and will remain so? I want to play today, but I am uncertain it is safe :cursing:

My only advice is something like ZoneAlarm. It prompts you every time a new program or process is trying to access the internet, or if anyone on the internet is trying to access you. You can either choose to block it, or let it through (and check off that you want it to always do that).

It's fairly annoying at first, but I feel good knowing that any time a program wants to access the net, that I get to see it.

Account Security is generally violated by one of two ways, first and most common is account sharing. Assuming you haven't done this, you've probably gotten a keylogger.

There is a 3rd, however I believe it's relatively rare and only affects those who have been nailed with a keylogger int he first place. But I believe that once these guys identify a username they run brute force attacks on the passwords... a guy in my guild had his account hacked/stripped 4 times with a complete reformat in between. He finally bought a new account, moved toons to it, and hasn't had a problem since.

ah crap the key logger does not sound good if that is what they have. Just running brute force on the account will break it after a while for sure. I guess I can reset the password on a weekly basis, but still.



Anyway to detect if there is a keylogger installed? NOD32, Windows Defender and Ad-aware did not find one.

?(
My only advice is something like ZoneAlarm. It prompts you every time a new program or process is trying to access the internet, or if anyone on the internet is trying to access you. You can either choose to block it, or let it through (and check off that you want it to always do that).

It's fairly annoying at first, but I feel good knowing that any time a program wants to access the net, that I get to see it.

Unfortunately, Zone Alarm does not support Vista 64 bit. :thumbdown:

Talk to a GM also. They can TRY to get you your stuff back. So I think. Also be very carefully what you download. Make sure its a reliable source

Talk to a GM also. They can TRY to get you your stuff back. So I think. Also be very carefully what you download. Make sure its a reliable sourceThis should be the first thing you do if this happends, as the sooner you do it, the bigger are the chances you'll get your stuff back. A mate of mine experienced exactly what you experienced, and he's VERY carefull about what he downloads and wouldn't share his acc info if it ment extending his life. He got all his stuff back, though, and it only took about a week, which ain't much considering all the logs, etc., they would have to investigate.

Don't worry about it... In December my g/f got a keylogger from the WoW forums while she was trolling at work. She logged in to respond to a post and they got her info. We happened to go out of town that weekend, and when we got home our guildbank and all of her toons were missing. Was like 8,000g + items and they renamed her toon and moved it to another server. We submitted a ticket and then got in contact with a guy who's sole job is to investigate compromised accounts. Long story short we got EVERYTHING back. It took about a week for the investigator to restore the stuff, however with Christmas it made it about a week in a 1/2. The first time he restored the stuff he left her mage on the other server and the majority of the guildbank was missing. We had his direct email and emailed him again and he was like oh and took care of it like the same day.

Talk to a GM also. They can TRY to get you your stuff back. So I think. Also be very carefully what you download. Make sure its a reliable sourceBe very careful with this now. I am not saying you are being dishonest in any way. There are people that have others log on and "steal" peoples accounts, sell items, take gold and have the accounts recovered. Later on down the road they get the gold back from their buddy and have a boat load of cash, cloned items.... then a knock on the door, or a letter in the mail saying you have now committed Electric fraud. Yes folks these actions are not seeing court. Your Accounts get banned and you can end up with jail time, fees, and Public service. The law is finally catching up to technology.

There is really only 2 effective ways to "hack" an account:
1. is keylogger trojan horse and this is not easy to get.
2. Your friend, buddy, guild mate you trust did it. 99.9% of the time The IP ends up being someone you know that you gave access to your account. I wanted into by buddies room and he had is account information right on the table and it was as easy as his name and a word. Needless to say I logged onto his account and created a toon named Fatcamp and made a little gnome. Then I took his hearth stone away got him naked and ran him all the way into the top of the cave in winterspring. (on his main) with a little not attached "you have been hacked"


Now I know some of the bad guys. I admit freely that some times on my server I had gold farmers I would loan gold to. There is a guild on my server that had several of them in it. What they would do is they sold their gold to IGE people. I in pre-BC would take a rogue/druid/druid into Dire Maul and recoverthe book Foror's Compendium of Dragon Slaying ('http://thottbot.com/v261856') There was a bug for a few months where this thing was dropping at a rate of 25%. I sold 11 for 2k-7k Thats right 7K. The price dropped so I had to sell em for 1100-3k I also bought some off China god bless them for 900g

Long story short I got into a guild and then really started to care about my fellow gamers and Quit that business

I realized one of my accounts was hacked and the password was changed somehow. They took all the gold ;(

I reset the password now and started to look for how they could have done it. I have scanned my Vista64 system with NOD32 AV, Windows Defender and LavaSoft Ad-aware 2007. I then changed the access password to my router.

So far no viruses, spyware or ad stuff is on the Pc. I am pretty careful with what I download, but somehow they got the password and managed to change it.

Do you guys have any advice what I can do to ENSURE my PC is indeed clean and will remain so? I want to play today, but I am uncertain it is safe :cursing:to me this honestly sounds like it was someone you know. If it was a true hack, someone you didnt know they would have stripped your toon and deleted it to make it harder to track

I realized one of my accounts was hacked and the password was changed somehow. They took all the gold ;(

I reset the password now and started to look for how they could have done it. I have scanned my Vista64 system with NOD32 AV, Windows Defender and LavaSoft Ad-aware 2007. I then changed the access password to my router.

So far no viruses, spyware or ad stuff is on the Pc. I am pretty careful with what I download, but somehow they got the password and managed to change it.

Do you guys have any advice what I can do to ENSURE my PC is indeed clean and will remain so? I want to play today, but I am uncertain it is safe :cursing:
you visited the official WoW Forum with this account?

Do you guys have any advice what I can do to ENSURE my PC is indeed clean and will remain so? I want to play today, but I am uncertain it is safe :cursing:schlange ('http://www.dual-boxing.com/forums/index.php?page=User&userID=2288'):



This probably isn't want you want to hear, but restoring the integrity of your machine is going to be a time-consuming process. This is a simplified process from the process I normally use, but it should work for your purposes.


1. Connect a USB hard drive to your computer, copy over all the data that you want to save. Don't copy any executables (*.exe, *.com) files. When you are done, disconnect the hard drive.
- The more complicated version of this step is to remove your hard drive and connect it to a known very-secure machine to copy the files. This is usually a computer that has never been connected to a network (any network, local, wireless, Internet).


2. Grab all of your pristine (pristine means the installation CD has come from a known trusted source) Installation CD's for Windows and all the other software you have (Microsoft Office, Virus scanner, etc). You would also want to put a copy of your Virus Scanners up-to-date data files onto a USB drive from a known secure machine (this machine will have to be connected to a network to get these files from the Manufacturer's website).


At this point, make sure the USB drive that you are copying the anti-virus software data files over to *does not* have any executable files on it. You don't want to introduce another path for executable code to enter your computer.


3. Use some sort of software that will overwrite all information stored on your compromised computer's hard drive(s). A good free open-source software that can do this is Darik's Boot and Nuke (http://dban.sourceforge.net/). Just choose the option to write all zero's to the hard drive. The idea here is we want to get rid of all data from the compromised systems hard drives.
- The more complicated version of this step is to image the compromised hard drive so it can later analyzed. We don't need to do that here.


4. Disconnect the network connection from your computer. Take your pristine Windows Install CD and install your operating system. When you install Windows *do not* use any password you have historically used. All your old passwords have been compromised. At the risk of being snarky, if you have to ask if the password you want to use is a good password - it isn't - make it more complicated.


5. For windows computers, turn off auto-run. I believe the stock consumer version of Vista will prompt you if you want to run from any inserted CDs/DVDs/USB drives, so you may be able to skip this step.


6. Install your anti-virus software and then copy over the updated data files from your USB drive.


7. Now we want to do some quick cleanup tasks on your local network. I'm going to assume you have the common residential setup of a high-speed cable/DSL router connected to a separate cable/DSL router (which may or may not have a wireless component). Reset the cable/DSL router back to factory defaults (there is usually a indented Reset button on these devices). At this point you will want to connect it up to your newly installed computer to finish any last configuration steps you may need to do to get it up and running. Make sure to use a different password to login to this device. If it has a wireless component make sure it is configured to use WPA-level encryption (Use WEP if you have to). Now, disconnect all other computers in your local network and reconnect you cable/DSL router to the cable/DSL modem.


8. Make sure you have some sort of firewall software turned on you newly installed computer. I believe the consumer version of Vista comes with the firewall turned on by default. Connect your newly installed computer to your local network. Activate Vista and download all Vista updates.


9. At this stage you could reconnect other computers to your local network. Make sure you don't access your newly installed computer from any of your other computers until you have reestablished their integrity (read; reinstall from scratch).


10. Reinstall any other software from your pristine installation CDs and download any updates (at this point, any and all software that is downloaded should be scanned by your virus scanner, either manually or with a virus scanner that supports on-access scanning).


11. Now comes the fun part; installing software that isn't from pristine CDs. This is usually stuff like Adobe Acrobat Reader, Flash, etc. Download the software to your hard disk and make sure it is scanned by the virus scanner before running.


12. Now, copy all data files from your USB hard drive you used in step 1. Make sure all data files are scanned by your virus scanner (some virus scanners come out of the box to only scan executable files, make sure to change it to scan *all* files. This is slower and in many cases unnecessary, but do it anyways. When you are done using the USB hard drive from step 1 you want to wipe it clean (for example, Derik's Boot and Nuke).


13. Create an account that is not an administrator on you machine. Use this account for *everything* and only use an account with administrator access when you absolutely have to (installing software for example). The idea here is if something does happen, whatever the code is will only have access to what this limited privilege user account has access to. Sometimes, you can restore the integrity of the system by deleted this limited access user account and creating a new one.


14. You might also want to change every account password you have (gmail, forums, credit card, and bank accounts). Make sure to do this from a secure computer.

How to maintain the integrity of your system (keep it from getting compromised). Here is a simplified list:


0. It is going to be hard to effectively secure your computer if you can not maintain physical control of it. Essentially, if you live in a situation where multiple people have physical access to your computer when you are not around (college dorm, roommates, siblings) you are always going to have some risk.


1. Don't let anyone you don't trust use your computer (period). I generally define this as anyone that doesn't already have administrator access to your computer, or doesn't already have a limited access user account. I sometimes use the more lax definition (for example, in a non-business environment); Only trust the people who you have access to when they are sleeping, and then, only after you have had to educate them not to touch your stuff. I had a college room mate who thought it would be funny to mess around with my computer (read, installing a virus). It took once to correct that behavior.


2. Don't run executable code sent to you by other people.


3. Install VMWare Workstation and do all your web-browsing from a separate virtual machine. Make sure other computers in your network are configured to not accept any network traffic from this virtual machine. When you need to transfer files, use a USB drive (you can directly connect a USB drive to your virtual machine with VMWare and other software like it).


4. You may even want to take the approach of using a Linux Live CD to run Firefox from (depends on how obsessive you want to get with this) in a virtual machine. Since there is no "writable" file system anywhere, even if the system does get compromised it resets back to a known state when you power cycle. With all the complaints I've heard recently of things being posted to the WOW forums, this may be a good idea for your WOW forum fix.


5. Make sure your system is up to date with Windows patches and application patches.


6. Don't expect to maintain the integrity of your computer running anything from the Peer to Peer networks (this is not an accusation, just a statement of fact).


7. Regularly backup data.


8. There are Linux Live CDs that include the open source ClamAV antivirus software. This Live CD will allow you to boot your computer up from the CD and perform a virus scan. (warning: over simplified reason follows) The idea here is since you are not using the operating system on your computer, but, instead, the pristine copy from the Live CD, you will have a better chance of detecting any thing that may be on your computer. Depending on your security policy, you may want to occasional perform this (that was a snarky comment).


9. Don't use any of your passwords from insecure computers. If you have to, have a different password for each account. For example, I would never log into the WoW Forums from a computer in an Internet Cafe (or a public library, or any other random computer). This includes your "friend's" computer.


This doesn't mean you can never use your accounts from computers other then your own, just be aware of the risk. I do, from time to time, have to log into my e-mail account from questionable computers. My e-mail account has a separate password from my other accounts. It also gets changed after I do something risky like using it on a public computer (and I change it from a secure computer).


10. If security was simple we wouldn't have a large industry setup around it. While the Security+ certification isn't the best in the industry, it is recognizable and does pull large pieces of the CISSP knowledge base. It is also a little more approachable. Pick up a Security+ book and read - security begins with policy.

Very good write up leukos that should be a sticky on every forum. :)

I love my wife but she does not touch my gaming system. I have had ZERO virus on my computer in 3 years. Hers 180 in 2 years

...
...they run brute force attacks on the passwords... a guy in my guild had his account hacked/stripped 4 times with a complete reformat in between. He finally bought a new account, moved toons to it, and hasn't had a problem since.blizzard doesn't have some sort of exponential log on wait period on failed login attempts? this really doesn't seem likely. brute force attacks are really only viable when the attacker can do an offline brute force attack by obtaining the hash somehow.

well I tried to log in a bunch of times. it didn't seem to keep me waiting longer each time like it should. who knows, maybe it tells you to diaf after the hundredth attempt. stil though, online brute forcing it would be really obvious to blizz if they bothered to check...

Always always always always always use the LAUNCHPAD and not the direct wow.exe. Blizzard has put very good keylogger detection in the launchpad and it protected a friend of mine against one one time.

if your password is OmgtaHciyM%$56 then yes a brute force attack would be obvious to blizzard...
if your password is kitty then not so much....

Do you guys have any advice what I can do to ENSURE my PC is indeed clean and will remain so? I want to play today, but I am uncertain it is safe :cursing:

pretty good advice from lekous, however the only way to completely ENSURE that it's clean is to reformat and reinstall everything from disks without saving anything to a usb drive and copying it back....
of course if you don't figure out how you got hacked in the first place then it's likely to happen again assuming you continue doing things the same way you did before the hack.

Always always always always always use the LAUNCHPAD and not the direct wow.exe. Blizzard has put very good keylogger detection in the launchpad and it protected a friend of mine against one one time.This is also good advice, unfortunately I believe that keyclone uses the direct wow.exe's so many of us are skipping this step.

And don't use the same account name or password that you use for your WoW accounts on any public forums.

I've been hacked twice in 2 years - both times the GMs restored everything minus enchants etc back. A lot of my alts were deleted and I didnt bother trying to get them back either.....I mean who cares about a warrior or a rogue anyway lol.
After completely cleaning the infected machine (which was my little used laptop) by installing linux over windows I realised as had been stated before that the scammers could use brute force. I now obsessive compulsively change my password after each wow session on my main accounts, even if I'm only logging out for a few minutes.
The account data is all in the Firefox browser cache so it doesn't take long in the retrieve password screen on wow.

By the way the keylogger was really easy to get and loads of wow players got it back in November 06, it was an advert on the alakazham website which downloaded the logger.

Firefox + Noscript! (http://noscript.net/) = Annoyance + Safety

It's annoying at first, but once you get the hang of noscript, it works pretty well, lets you run the scripts you want and not get raped.

schlange (http://www.dual-boxing.com/forums/index.php?page=User&userID=2288):


After all the comments, what did you end up doing? Were you able to get your gold back? Was there a happy ending to the story?