This is exactly how they got to my account. It was inactive, got hacked, and the hacker attached an authenticator to it. Happened exactly as they went over to the battle.net account system, too.
Now I’m wondering how they’re getting at the inactive accounts since presumably you haven’t done anything with it that would leave you open to keylogging, unless the infection goes way back.
Yeah, mine was inactive for 3-4 months before it was hacked. I never visited a WoW related site or had a fishing email in that time and hadn’t started using Facebook until after.
I’ve been getting 3-4 emails a week at an email addy I only use for websites like Curse, etc. I’ve never received any at my various battle.net accounts (two WoW accounts, and a separate account for D2/SC), so I’m guessing these guys obtain email address lists from a third party site.
I read “somewhere” that a Blizzard employee leaked information about inactive accounts. I don’t know if that’s true or not, but it made me decide to renew my WoW account.
I got hacked by a trojan today. First notice was that I got banned for gold selling, then they changed my wow account password. I quickly changed my gmail password because it was the same as my bnet account. I got this bounceback which alerted me to the possibility. Then Google informed me my gmail account had been accessed in China.
So what should I do to my home computer to fix this? Windows Security Essentials did not stop this from happening, and I haven’t logged into Wow in months.
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 #5.1.0 Address rejected [email protected] (state 14).
----- Original message -----
MIME-Version: 1.0
Received: by 10.239.182.11 with SMTP id o11mr815379hbg.96.1274881639416; Wed,
26 May 2010 06:47:19 -0700 (PDT)
Received: by 10.239.166.194 with HTTP; Wed, 26 May 2010 06:47:19 -0700 (PDT)
Reply-To: —
Date: Wed, 26 May 2010 21:47:19 +0800
Message-ID: <[email protected]>
Subject: please help me
From: -----
To: [email protected]
Content-Type: multipart/alternative; boundary=001485f5b17c3f852804877f83e2
getting.
my account had been hacked. i lost all my stuffs and gold. please help me
.
Think you very much.
The program that has helped most in my household would be Malware Bytes Anti Malware. It should remove anything… If that doesn’t work it should at least tell you the name of whatever trojan has infected you and you can google for some more specialized information: http://www.malwarebytes.org/.
A supplementary program is CCleaner that throws out lots of temporary files and thereby cleans out places you might have some malware lurking: Speed up, optimize and clean your PC for free | CCleaner for PC
A good online based scan would be http://housecall.trendmicro.com/.
Among various WoW phishing emails I recently received and ignored last week, I also got an email yesterday that looked like it was actually from Blizzard saying that my password had been reset. Sure enough, I tried logging into the game and could not get in with my existing password.
I immediately changed my password, and downloaded the free iphone authenticator app, logged into the game and noticed that across various servers there were about 10 1st level characters created with nonsense names, like Jenafxgff. Oddly enough, none had been actually n the game, since when I selected them, I got the flyby introductory movie. All my characters appeared to be untouched, which I felt was odd, or maybe I got in before any serious damage was done.
A complete virus and malware scan indicated nothing but a perfectly clean system. The only mod I use is Carbonite, so I am kind of curious how my password was obtained. I always was a bit concerned when Blizzard changed their system so it required use of email addresses as log ins, as over the years I have signed up for a few gaming related sites, forums etc. My WoW password is a very strong one I have used in conjunction with said gaming related sites and forums over the years. I can definitely see some shady site admin somewhere using this information or selling it to unscrupulous parties.
I am hoping the authenticator will solve future incidents. This being the first time I have ever been hacked in any way, jeez, I feel totally violated.
Good advices.
I would throw “Ad-Aware” in the mix as well.
This and Malwarebytes should find everything.
For day-to-day protection I use AVG Anti-Virusat home and Avast at work (both on Windows 7).
Weekly I scan with Malwarebytes during the night just in case.
I’m pretty sure I got my password-stealing trojan from a NO-DVD crack since I didn’t play WoW / surf WoW-websites when my account was inactive back then.
You were very lucky.
I found a level 1 char as well once I got control of my account again.
I deleted him asap though which in hindsight probably was stupid since he might still had some shit on him.
I wanted to get rid of it asap since he felt like an intruder and I felt violated as well.
I also got the authenticator then and never had a problem since.
Being an IT professional I did not use anti-virus programs at home since I was pretty sure I wouldn’t be tricked into clicking on some “AnnaKournikova_naked.exe” or whatever but the bad guys are way more sophisticated these days.
I had the same eye-opening when a computer I used for some tests at work that wasn’t behind the company firewall but directly connected to the internet was remote controlled and prepared to serve as a public ftp loaded with warez a few years ago.
Since then all my computers have a software firewall even if there is a hardware one in front of them.
Great advice. I think I am going to reassess my setup.
Just added authenticator for my Droid after 5 years of WoW.
I’m about to cancel my sub again, but the fact that non active accounts get hacked freaked me out. I have MSE and Malwarebytes installed, but from these stories, it easily could be me.
Can you elaborate? I thought that required admin.
My inactive account was hacked a few days ago.
The only reason that I knew about it was a blizzard email stating that I deleted my credit card and that my sub would cancel. I thought this was strange because I did not have an active sub on that account. I attempted to sign into the account but found that it had an authenticator added. I changed my password and had blizzard remove the authenticator.
Once I was able to access my account all my credit card info was still intact and I could not tell if anything was missing. I had a few holes in my bank slots but that could have been normal. This was my secondary account so it only had four characters. The highest level was 18.
So someone hacked my account added an authenticator, added a credit card, activated the subscription then deleted the credit card. Since the deletion of the credit card triggered an email to me, I was able to change the password and lock them out. Strange stuff.
I have added my own authenticator to the account to hopefully stop this from occurring in the future.
I’m as close to positive as I can be that someone within Blizzard trawls the database looking for long-inactive accounts and sells them off.
The exact same story / scenario that happened to me has happened to at least 6 other people that I’m aware of. In all cases it effected an account that had been inactive for at least 6 months (usually over a year).
I do my due diligence with account security. Never share my login credentials (even with RL friends), I typically do my browsing on my laptop (which doesn’t even have the game installed), and routinely check for virii / malware.
Anyway, about a year after I stopped playing, I get a message from my friend saying “Hey did you re-activate your WoW subscription? Because you’re logged in”. So I go to the WoW account management page and funny enough, I’m able to log in, but I see it’s a different email address tied to the account as well as different credit card info. I hurried and changed the email address associated with the account (and the password of course). Just for fun I then queued up every character transfer, namechange, etc that I could (but all for naught, it appears the credit card was just a once-off).
I was really trying to figure out how the hell an account over a year old suddenly got hacked. In speaking with one of my friends, he had two guildmates of his that the exact same thing happened to, in the same week that my hacking occurred. It started making the rounds on the long-inactive accounts in my own guild as well.
Anyway, I can’t imagine it being coincidence. From now on I’m making sure my Blizzard passwords / info is different than any other game I play.
Remember that XP 32 IS admin. As well as Vista 32 shipping (or did they change that?) with admin on for the original user. Vista 64 ships with UAC on but I’m sure I’m not the first one to turn it off to get real work done.
I don’t know how Win 7 installs UAC because I’ve been too lazy to install Win 7.
Windows 7 and Vista work hard to make sure you don’t end up running as an administrator account. Unless someone specifically messes with it as part of setup, you end up as UAC-controlled admin.
My account was hacked after only 3 months of inactivity, so I don’t think there is a 6 month threshold.
I have not seen where they have divulged the stats on which Windows operating system is getting hacked the most. I would think though that if the hacks are dependent on admin access, Blizzard would warn against allowing your computer to run as admin. They have not and still do not ever mention that.
What I do know is that I see evidence of Adobe Flash ads delivered by Google being carriers for keyloggers. I’ve had this happen to friends and it’s happened here on Qt3. I know that if you run no-script add-ons to your browser, they will prompt you if a keylogger tries to install, but I have not read that those scripts need admin access to run.
I try to keep up on security issues as I absolutely hate disinfecting my computer. I’ve had to do it a couple of times and both times it just took a lot of research, re-booting, and sometimes re-installing everything. This doesn’t mean naturally that I’m any kind of expert, and I’m always willing to learn and be corrected of course.
This thread is making me paranoid about my currently inactive WoW account. I don’t even have it installed on my PC anymore but was thinking about re-upping when Cataclysm hits. Seems very odd that accounts that are completely inactive for months can get hacked (so no key logger), especially if you can’t brute force them.
Maybe I’ll go ahead and add an authenticator to it just in case.