you visited the official WoW Forum with this account?Originally Posted by 'schlange',index.php?page=Thread&postID=29392#post 29392
RE: Hacked - need advice
you visited the official WoW Forum with this account?
[align=center]
Deutscher Multi-Boxing Blog mit Tutorials, Einleitungen, Hardware-Setups ....
Klickt hier und ihr werdet erleuchtet: http://beyond-tec.blogspot.com
[/align]
RE: Hacked - need advice
[quote='schlange',index.php?page=Thread&postID=2939 2#post29392]Do you guys have any advice what I can do to ENSURE my PC is indeed clean and will remain so? I want to play today, but I am uncertain it is safe :cursing:[/quote][color=#154268][b][b][color=#154268][url='http://www.dual-boxing.com/forums/index.php?page=User&userID=2288']schlange[/url][/color]:[/b]
[/b][/color]
This probably isn't want you want to hear, but restoring the integrity of your machine is going to be a time-consuming process. This is a simplified process from the process I normally use, but it should work for your purposes.
1. Connect a USB hard drive to your computer, copy over all the data that you want to save. Don't copy any executables (*.exe, *.com) files. When you are done, disconnect the hard drive.
- The more complicated version of this step is to remove your hard drive and connect it to a known very-secure machine to copy the files. This is usually a computer that has never been connected to a network (any network, local, wireless, Internet).
2. Grab all of your pristine (pristine means the installation CD has come from a known trusted source) Installation CD's for Windows and all the other software you have (Microsoft Office, Virus scanner, etc). You would also want to put a copy of your Virus Scanners up-to-date data files onto a USB drive from a known secure machine (this machine will have to be connected to a network to get these files from the Manufacturer's website).
At this point, make sure the USB drive that you are copying the anti-virus software data files over to *does not* have any executable files on it. You don't want to introduce another path for executable code to enter your computer.
3. Use some sort of software that will overwrite all information stored on your compromised computer's hard drive(s). A good free open-source software that can do this is Darik's Boot and Nuke (http://dban.sourceforge.net/). Just choose the option to write all zero's to the hard drive. The idea here is we want to get rid of all data from the compromised systems hard drives.
- The more complicated version of this step is to image the compromised hard drive so it can later analyzed. We don't need to do that here.
4. Disconnect the network connection from your computer. Take your pristine Windows Install CD and install your operating system. When you install Windows *do not* use any password you have historically used. All your old passwords have been compromised. At the risk of being snarky, if you have to ask if the password you want to use is a good password - it isn't - make it more complicated.
5. For windows computers, turn off auto-run. I believe the stock consumer version of Vista will prompt you if you want to run from any inserted CDs/DVDs/USB drives, so you may be able to skip this step.
6. Install your anti-virus software and then copy over the updated data files from your USB drive.
7. Now we want to do some quick cleanup tasks on your local network. I'm going to assume you have the common residential setup of a high-speed cable/DSL router connected to a separate cable/DSL router (which may or may not have a wireless component). Reset the cable/DSL router back to factory defaults (there is usually a indented Reset button on these devices). At this point you will want to connect it up to your newly installed computer to finish any last configuration steps you may need to do to get it up and running. Make sure to use a different password to login to this device. If it has a wireless component make sure it is configured to use WPA-level encryption (Use WEP if you have to). Now, disconnect all other computers in your local network and reconnect you cable/DSL router to the cable/DSL modem.
8. Make sure you have some sort of firewall software turned on you newly installed computer. I believe the consumer version of Vista comes with the firewall turned on by default. Connect your newly installed computer to your local network. Activate Vista and download all Vista updates.
9. At this stage you could reconnect other computers to your local network. Make sure you don't access your newly installed computer from any of your other computers until you have reestablished their integrity (read; reinstall from scratch).
10. Reinstall any other software from your pristine installation CDs and download any updates (at this point, any and all software that is downloaded should be scanned by your virus scanner, either manually or with a virus scanner that supports on-access scanning).
11. Now comes the fun part; installing software that isn't from pristine CDs. This is usually stuff like Adobe Acrobat Reader, Flash, etc. Download the software to your hard disk and make sure it is scanned by the virus scanner before running.
12. Now, copy all data files from your USB hard drive you used in step 1. Make sure all data files are scanned by your virus scanner (some virus scanners come out of the box to only scan executable files, make sure to change it to scan *all* files. This is slower and in many cases unnecessary, but do it anyways. When you are done using the USB hard drive from step 1 you want to wipe it clean (for example, Derik's Boot and Nuke).
13. Create an account that is not an administrator on you machine. Use this account for *everything* and only use an account with administrator access when you absolutely have to (installing software for example). The idea here is if something does happen, whatever the code is will only have access to what this limited privilege user account has access to. Sometimes, you can restore the integrity of the system by deleted this limited access user account and creating a new one.
14. You might also want to change every account password you have (gmail, forums, credit card, and bank accounts). Make sure to do this from a secure computer.
How to maintain the integrity of your system (keep it from getting compromised). Here is a simplified list:
0. It is going to be hard to effectively secure your computer if you can not maintain physical control of it. Essentially, if you live in a situation where multiple people have physical access to your computer when you are not around (college dorm, roommates, siblings) you are always going to have some risk.
1. Don't let anyone you don't trust use your computer (period). I generally define this as anyone that doesn't already have administrator access to your computer, or doesn't already have a limited access user account. I sometimes use the more lax definition (for example, in a non-business environment); Only trust the people who you have access to when they are sleeping, and then, only after you have had to educate them not to touch your stuff. I had a college room mate who thought it would be funny to mess around with my computer (read, installing a virus). It took once to correct that behavior.
2. Don't run executable code sent to you by other people.
3. Install VMWare Workstation and do all your web-browsing from a separate virtual machine. Make sure other computers in your network are configured to not accept any network traffic from this virtual machine. When you need to transfer files, use a USB drive (you can directly connect a USB drive to your virtual machine with VMWare and other software like it).
4. You may even want to take the approach of using a Linux Live CD to run Firefox from (depends on how obsessive you want to get with this) in a virtual machine. Since there is no "writable" file system anywhere, even if the system does get compromised it resets back to a known state when you power cycle. With all the complaints I've heard recently of things being posted to the WOW forums, this may be a good idea for your WOW forum fix.
5. Make sure your system is up to date with Windows patches and application patches.
6. Don't expect to maintain the integrity of your computer running anything from the Peer to Peer networks (this is not an accusation, just a statement of fact).
7. Regularly backup data.
8. There are Linux Live CDs that include the open source ClamAV antivirus software. This Live CD will allow you to boot your computer up from the CD and perform a virus scan. (warning: over simplified reason follows) The idea here is since you are not using the operating system on your computer, but, instead, the pristine copy from the Live CD, you will have a better chance of detecting any thing that may be on your computer. Depending on your security policy, you may want to occasional perform this (that was a snarky comment).
9. Don't use any of your passwords from insecure computers. If you have to, have a different password for each account. For example, I would never log into the WoW Forums from a computer in an Internet Cafe (or a public library, or any other random computer). This includes your "friend's" computer.
This doesn't mean you can never use your accounts from computers other then your own, just be aware of the risk. I do, from time to time, have to log into my e-mail account from questionable computers. My e-mail account has a separate password from my other accounts. It also gets changed after I do something risky like using it on a public computer (and I change it from a secure computer).
10. If security was simple we wouldn't have a large industry setup around it. While the Security+ certification isn't the best in the industry, it is recognizable and does pull large pieces of the CISSP knowledge base. It is also a little more approachable. Pick up a Security+ book and read - security begins with policy.
Very good write up leukos that should be a sticky on every forum.
I love my wife but she does not touch my gaming system. I have had ZERO virus on my computer in 3 years. Hers 180 in 2 years
70 Warrior main 70 Lock add 70 Mage add
Team Sick and Twisted. 5 lvl 21 shamys. :P
...blizzard doesn't have some sort of exponential log on wait period on failed login attempts? this really doesn't seem likely. brute force attacks are really only viable when the attacker can do an offline brute force attack by obtaining the hash somehow.
well I tried to log in a bunch of times. it didn't seem to keep me waiting longer each time like it should. who knows, maybe it tells you to diaf after the hundredth attempt. stil though, online brute forcing it would be really obvious to blizz if they bothered to check...
Always always always always always use the LAUNCHPAD and not the direct wow.exe. Blizzard has put very good keylogger detection in the launchpad and it protected a friend of mine against one one time.
if your password is OmgtaHciyM%$56 then yes a brute force attack would be obvious to blizzard...
if your password is kitty then not so much....
pretty good advice from lekous, however the only way to completely ENSURE that it's clean is to reformat and reinstall everything from disks without saving anything to a usb drive and copying it back....
of course if you don't figure out how you got hacked in the first place then it's likely to happen again assuming you continue doing things the same way you did before the hack.
This is also good advice, unfortunately I believe that keyclone uses the direct wow.exe's so many of us are skipping this step.
Posting Rules
Reply With Quote
Connect With Us