hacked and closed

[DrChaos]

sisters account was hacked 3 days ago. 6 guild tabs. all gone. e verything. over 30k in gold alone from the guild bank. the guy from blizz on teh phone said they do not make it a point to restore gold but he would send it to a "gold specialist" to see what could be done. they transferred her main account to another server and stripped it clean. As you know you cant vender pvp gear so they had to drop it to destroy it. just to be asses I guess.



still nothing from blizz in game or email.

[ElectronDF]

The biggest thing that would affect me is HOW. I don't have an autheticator since I am scared what happens if I ever play away from it. I think I would love a way to block signing on away from the computers you allow. My bank does this. "You are trying to sign on a computer you have never used before, please answer a secret question to continue." Just ask a question that is simple if I use a computer I haven't used before. Shouldn't take long, never gets lost and my guess would protect you.

Back to the question. HOW? Did you not notice a bad website? Do you open mail on your computer? Do you download installers for programs, or just zip files? Do you update your OS when patches come out? You mention the anti-virus, but was it running in the background? Do you have it full scan your computer daily? Do you share your computer with friends/family that might do something questionable? I am not saying it isn't possible, but how the hell do some people get ganked and not others, why doesn't this happen to 90% of the people other than authenticators?

I feel sad that it happened to you. It isn't fair. I wish there was an easier way to protect things so it wouldn't happen. I would probably cry a few days for loss of guild bank and all chars stuff.

[falsfire3401]

authenticator is a 3" by 1" token, sorta the size of a typical car's keyless entry remote. You can plop it on your computer, stick it in your pocket, or attach it to your keychain and take it with you wherever you go.

I have one and love the security of it. All my accounts are in a b.net account with the authenticator tied to it. Best $17usd I ever spent (have to pay shipping to get it to Canada...at least they charge a reasonable $10 shipping now instead of $80 like originally)


Only problem is now the wife knows that she can just hide the authenticator if I get wife aggro and prevent me from playing...maybe I should keep it on my person at all times to prevent that lol...I just leave it on my computer desk at home.

[Aethon]

Well, there are many, many ways to modify a virus so it bypasses current definitions, and of course, many types of binders to do so.

The biggest risks are .wmv and .wma files, as for some stupid reason, Windows media play decided to let their files have certian background rights, like installing 'codecs' silently. The thing is, what hackers put into the codec needed portion is simply a pointer to a website with their virus.

And, I'll be honest, I'm sure not everyone that says they were hacked was actually hacked. Think of how many account trading/buying sites are out there. And they're not out there because people don't do it. So, say Joe sells his account, then either regrets it or something more malicious, goes onto the forums and claims he was hacked. Since he'll be able to answer all the right questions, he'll (usually) be able to get his account back.

No I don't really believe anyone on this site would do something like that, as we already get enough 'publicity' in game, but I do know a little bit about human nature, and a great portion of the populus wouldn't think that Blizzard owned their account when they were the ones paying for it for however long.

[jstanthr]

as to the "how" i have no clue and thats the scary part, i do this sort of thing for a living. im a datacenter analyst for cisco and have been in the feild for over 20 years, ive build entire networks for the DOD but yet i let myself get hacked by some gold theif? sad to say but the game has changed. (not refering to wow there) microsoft is actually the main reason all this stuff happens. the way the "infostealer.XXXXXX" series of viruses work is due to a stack overflow vunerability in the way windows itself installs applications. this wasn't even a problem until, like most viruses, Microslut releases the vulnerability on its knowledge base, and cisco followed suit due to the fact that it was a networking issue, this certain overflow error allows data to be sent wih no hopes of ever being able to track it. normally when data is sent from a pc there is a record of the transmitting and receiving ports, and its relevant ip addresses on both ends. since this is concidered an "overflow" error the data doesn't really exist and is never registered on anything. after i finally found the virus and all of its components, i loaded it into a secure sandbox applet to watch it, so i could see where the particular one i had was sending the data, i could see that it was sending packets in short bursts like around 50-100characters in about a second. since it was in a secure sandbox, all it done was send ascii charachters to the hacker that were of no relivance, all of this i done at work, i took out my hard drive from my pc, i put a new one in, and reloaded everything so i knew the virus would be gone. and as far as how i got it i have no clue, the ONLY things i do on these pc's is wow, db.com, blizzards sites, and thottbot/wowwikki. those are the only sites i EVER go to. here is what i "think" happend. earlier the day before 2 people randomly logged into my guild vent, im the gm of the guild and i own the vent, and one of the officers in my guild noticed they logged in and their names didn't correspond to anything in the guild, and he asked them what they were doing there, and they said, they just stubled across the server and thought they would use it. not likely- its a typefrag server and isn't listed anywhere, and what is the likelyhood some1 could guess the server/port/pass and be right on all 3 and hit a working combo, highly unlikely. he came to me and told me he kicked and banned them but they were still there, so i myself permabanned them from the vent server, i think that somehow they got a list of the connected ip's to that vent and knew that i wsa the highest value target that was logged in i think he scoped me out when he hacked one of my guildys accounts, and got my ip addresss that way, and then attacked that vulnerability with the infostealer.gampass exploit and that was it. if that is how he done it or not i don't know, but it seems to me like the only way. and that puts lots of people at risk, a hacker that can get u when you don't even go to a website. by hacking ur ip from the outside in and planting his viruses. all i can say is make sure u got your firewalls turned on and hope for the best, i got a feeling it'll get worse before it gets any better especially concidering what china just done with making trading virtual currency to real currency being illegal and all. i just don't see how they could police something like that i can just hope they kill it all, lol.

[ElectronDF]

So the bad guys can just pick a random IP address out of the air and put a keylogger on your computer? Again, why haven't they done this to 90% of the people on the web, they would be gazillionaires. Is there no chance that you used your handle in vent the same as your account name? Is there no chance that you downloaded a helpful program for vent or WoW to help with your guild?

Again, the questions. You said you caught a virus, but was your anti-virus running the in the background (continuously monitoring)? You have a port open in your firewall/router for webpages, vent, etc. and they used what port to get in on? I was under the understanding that firewalls kept people out except on specific ports. You work for security people and you use what for browsing web pages and what malware blocking do you use? I understood that techies like firefox or opera or something. And they seem to brag about adblockers and noscript and such. Any of that working for you or just use IE with javascript enabled?

I mean damn, again, if what you say is true, we are all screwed. Sure we get a authenticator to stop WOW theft, but nothing stops any other misuse of our computers. If people have used computers for 10+ years and had no problems, then there seems like there should be a misstep that someone made if something goes wrong. You getting ganked is bad, but that doesn't help much if we don't have any info on what we can do to protect ourselves.

I admit, I had my alts on follow and they have fallen to their deaths. I have seen that my CPU was warm and thought, it must just be the room temp that heats it up and fried a chip. Yeah, the cooler fan's bearing/sleeve was going out. I have went to a few bad webpages and gotten like 10, then 20, the 30 pop windows that I almost couldn't stop from opening. I got pop-blocking right after that. I have screwed up, but at least I knew what happened. How come everyone, almost everyone's story that gets their accounts ganked, never ever did anything wrong? Does that make sense?

[Duese]

How come everyone, almost everyone's story that gets their accounts ganked, never ever did anything wrong? Does that make sense?

Because often times when we know that we got hit (went to a bad website, downloaded some bad software, etc.), the first thing we do is clean it out because we know we have a virus. It's like playing with a loaded gun, we know we have to keep the gun pointed away from us and the safety on. We are careful and make sure to put the gun away safely.

On the other hand, if you are playing with a rubber ball, you aren't playing safe because you assume that the rubber ball is safe. No, the rubber ball couldn't be sleeping with your sister, kicking the dog or drinking all your beer, so you aren't as overprotective.

I have no reason to look for a virus when I am not doing anything that I deem as risky.

I got hit with a hacker about a 2 weeks before Wrath launch. When I found out, I immediately checked my computer and sure enough, their were processes on it that I didn't recognize. I hadn't installed anything, only had been to thotbott, allak, wowhead and the o-boards. Just blows my mind.

[Klesh]

As far as I know, WoWhead, Thottbot, Allakhazam and others had trouble with malicious ads infecting systems in the past. That's why it might be a good idea to block ads and use some script-blocking tool as often as possible (Firefox + Adblock + NoScript for example).
And well, don't browse the web with your local admin user.

[spannah]

[quote='Klesh',index.php?page=Thread&postID=213676# post213676]As far as I know, WoWhead, Thottbot, Allakhazam and others had trouble with malicious ads infecting systems in the past. That's why it might be a good idea to block ads and use some script-blocking tool as often as possible (Firefox + Adblock + NoScript for example).
And well, don't browse the web with your local admin user.[/quote] ^ this.

And really if you can install keyclone or whatever other software to multibox, then installing [url='http://www.mozilla.com/en-US/firefox/upgrade.html']firefox[/url] with adblock plus extension is not just for techies

While you are at it also install avast ... free anti-virus with free daily definitions

I you want to be really secure then grab VirtualBox and install Ubuntu as a virtual machine for your browsing needs

[jstanthr]

no im not saying i done nothing wrong, im not at home, im running my mobile setup from the road. im piggybacking the connection via wireless router and directional ant. to the datacenter were working at from the hotel across the street. im sure there were many ports open that commonly aren't basically for managing the switches and routers while im in the datacenter. im sure thats probably how he got in, and as far as virus protection goes, norton 360 is running all the time, but if its a new variant or anything like that, it may take some time before its even recognized. going through all that transpired while i was being hacked i feel that i was more targeted specifially than it being just a random pw hash the guy caught. another member in my guild was haced in exactly the same manner, with the same little odd things (levled mining to 450 on both of us) and like i said in one of the earlier posts i made there was a strange user that logged into our guild vent that said he just randomly stumbled upon the vent, without being given any info, i banned the ip address and he still came back like i never banned him. it stuck on the second time tho. there are many ways that i see it possible for him to have gained access, but as far as getting it from a website i don't think that was it, the guy was pro, he knew exactly what to do and when to do it, he initially logged onto my accounts within an hour of me leaving for work. i thought that was odd. but anywy this time he'll be tracked down, and his isp notified, doesn't matter what country he is in hacking is still illegal, and if its across borders, it becomes federal, might take some time, but he'll get burned.