Keyscrambler is a good one that specifically befuddles keyloggers.
Works as a plug in for both Firefox and IE
Bummer Ry. Hopefully you’ll get your shit squared away soon. I have had AVG for a couple years and run AdAware and Spybot periodically. I am hoping that is why I have had no incidents like yours. Must. Stay. Vigilant.
Don’t forget, if you log into the wow forums or the account website from any computer that isn’t secure they will have your information as well since Blizzard doesn’t let you create a user/pass that is only for the forums.
So, how about that OpenID?
Man that sucks Ry. Once you’re back up and running try to steer clear of linking to anything, specifically from the WoW forums. That’s a hotspot for links to bad sources. They know for sure if you’re there, you already run wow. You hear it all the time, but you MUST keep up to date on patches (for your OS, browser and internet based apps) as well as have a good AV program.
Beyond just anti-virus, if you want to take an extra step, take a look at host based intrusion detection software (HIDS.) Think of it as all the stuff that AV usually misses wrapped up in one. There are even free versions of it (OSSEC) but the general idea is you have to set it up a bit to tell it what runs on your PC, then allow or disallow actions outside of that. In your case the keylogger would have had to connect back to report your data to some source, and that would have been caught. HIDS, due to the way it works, will also help significantly with blocking spyware.
A few years from now, all these programs will probably be wrapped up into one “PC defense platform” but until then you have to apply each piece in order to really protect yourself. Good luck with Blizzard and your reinstatement.
One other thing - if you use any WoW mod packages, be very wary of the ones with an install program. Depending on where you download them from, they can have keyloggers or just plain WoW password forwarding stuff in them. It’s really best to only install mods by dumping the mod files directly into the interface addons directory yourself, and not running executables that auto-upload stuff.
I never, ever run addon .exe’s (with the exception of WAU, of course).
I just realized… sweet Jesus! Did they take all the Delicious Cave Mold?! PLEASE TELL ME THEY DIDN’T!!!
You were plugged directly into the wall? I’m surprised it took so long to get penetrated.
Remember, WOW accounts are worth more than credit card numbers. Amazing.
Man that stinks. Hopefully they get everything squared away. Thankfully, I don’t think there was anything spectacular in the guild bank, but still a few hundred gold worth of dough (not to mention the gems). Good luck with getting your pc ship shape, hope to see you on soon in all your geared up glory.
How much is 6000 gold worth in dollars? What’s the average 70th level character worth in gold?
Or in other words, just how much do key logging bozos stand to make from hacking WoW accounts?
Judging by the spammers that keep popping up in Orgrimmar on my server (at least they’re not flooding my mailbox anymore), it’s around $30 for 1000 gold. Of course, it probably varies by how dumb/desperate and willing to shop around you are.
I doubt blizzard has your password proper. It will have a hash (or something) of it. I guess it might be possible to distribute that and then run a brute force on the hash to find the actual password, but the likelier scenario is web-based (or other) keylogger got installed.
The most likely scenario is a keylogger, and it’s probably been distributed via one of the WoW fan sites.
If the keylogger can’t read your buffer you can type in a bunch of letters into a text file or copy and paste a bunch of text and then copy and paste parts of your password in several chunks into the web page to logon. If they can read your buffer then you are SOL with this tactic.
There is a keylogger firewall that you can download and use for free for a couple weeks.
I was told that formatting and reloading may be the only sure way to be sure you don’t have a keylogger.
Fyi, Firewall does -nothing- against keyloggers…
As they will transmit ‘outbound’ from your computer, its most likly that your puter will accept those transmissions…unless you’ve locked yourself completly in and then you prolly don’t need internet at all, as you can’t get out :)
Janster
Hey, no one mentioned User Access Control in Vista.
Yes, it’s annoying when you’re setting up the computer. Yes, it’s annoying to add a couple of keystrokes when you’re doing admin tasks. Once you get it set up, though, you rarely if ever see it, and you’re immune to rootkits.
Thing is at home it’s my gaming machine dedicated to gaming and downloading some stuff. No financial or other sensitive stuff is done on that computer.
Therefore I thought a possible attacker couldn’t do much harm besides downloading my save games or the latest game demos…
So why getting an anti-virus on that computer possibly slowing it down?
I never clicked on anything dubious ever so I considered myself save.
I didn’t think about my WoW account and that was my mistake.
Well I learned my lesson and now I’m secured again with some anti-virus program but I refuse to make it a high tech fortress running 5+ programs as defense.
That is not worth the hassle to me at all!
I’d rather stop playing WoW in that case and yes I’m serious!
Curious - what browswer and version were you using? What sort of websites did you visit - forums?
I’m using Firefox. I don’t know what version, but I have auto-updates turned on (same with XP) so it regularly downloads security patches and whatnot to itself. I browse all over the place, including forums, and including WoW-oriented sites – the official WoW forums, outside WoW forums, and WoW spoiler sites such as Thotbott, Ten-Ton Hammer, WoWWiki, etc.
Although S&D, AA, and PC Tools AV didn’t catch a keylogger, AVG caught and eliminated something with an innocuous filename but which AVG identified as “Trojan horse clicker.7.BB.” I assume that’s the keylogger.
The other annoying thing for WoW itself: there’s no log of guild activity, so it’s possible they used my character to invite in one of their characters and promote them to officer, leaving the guild bank vulnerable. So now we’re going to have to comb through the roster and start demoting people we don’t know for sure, many of whom will probably turn out to be friends of friends who need re-promotion.