World of Warcraft

Taking up the fight against key-loggers

Posted Sep 17, 2008 by Nimloth

Post your Comment (23)

Recently, there has been an increase in the amount of reported key-loggers in various websites tailored to WoW. For those of you who are unaware of what a key-logger is, it is a malicious program that installs itself in the memory of your computer and reads your key-strokes as you log on to your game of choice, or website of choice, thus snapping up your login information and sending it back to the author of the program.

There are several ways in which these people attempt to catch you off guard. In regards to World of Warcraft, I will list the most common methods used.

  • Addon Download:

A .exe file is either included in a compressed archive (such as a .zip or .rar) and the users then run the .exe file unknowing that the file is not what it is supposed to be.

  • Addon Download:

The actual download is a .exe file (to be confused with a self-extracting compressed archive), to which the user runs thinking it will install the addon.

  • Poor Website Security

Certain websites have poor security set up in regards to their site, thus allowing malicious users to seize control of the content the website delivers and input their own code in web pages, thus making the entire website compromised with the potential of running Java-script(*) to install/run applications on your computer.

  • Masked/Fake URLs

Certain people will create urls and file-links that "appear" to be coming from legit content, while in fact they are hoax URLs that follow the same security breaches as mentioned above.

What can you do as a user to avoid falling in the trap?

  • Install an updated and secure browser. (Our recommendation is Mozilla Firefox 2.0.1)
  • Have up-to-date antivirus/security software installed on your computer.
  • Use common sense. Don't visit URLs or Links spread on the internet that vary from the actual addresses you are used to. Don't run executables you download without running security checks on them first.

In closing, to supplement the already robust security we have here at Curse, as a precaution I advice you to be cautious about links to Curse URLs that begin with media1.curse-gaming.com. We will be going over the routines on our website over the next 24 hours to ensure we have the highest security possible and that you can continue to expect Curse to be free of malware.

As an addendum; Should you as a user at some point locate mal-ware on our website, please report it to either myself or Werik immediately and we will have the issue resolved.

Thanks, - The Curse Crew

,
Share On:
  • Comments

Add Comment  

Add

You need to login or register to post.

Benefits of Registration

  • Interact with hundreds of thousands of other gamers on an open social network.
  • Post your stories, news, images, videos, and other content to share.
  • Create a network with your fellow gamers or join an existing one.
  • Gain reputation for everything you do.
 
  • Falditen said 
    Thu, Dec 21 2006 12:01 AM ()

    The bigger threat that no one seems to talk about is that if you are a victim of this you have potentially way more information sent to these thieves. Any account that you have logged into they have the potential to steal information or worse from.

    If your account was hacked. You need to change your logins and passwords from any and all accounts you access from your computer. It may also be wise to notify your financial accounts (Credit Cards, Bank Accounts, etc) and have them changed or monitored.

    You should treat this as if your wallet + day planner with all your passwords was just stolen because it just was.

    Report Permalink
  • CreationP said 
    Thu, Dec 21 2006 12:01 AM ()

    SOLUTION:

    www.free-av.com (Antivir): Download this free antivirus. It's the best that comes free in internet.

    NOD32: Find and download it full. I suggest a warez website or torrent.

    Sygate personnal firewall Pro: Find it from warez or torrent.

    Have the 2 antivirus fully updated and customized to scan every archive when read and writte in.

    For the firewall, don't let anything pass except you trust it.

    I strongly suggest downloading Firefox 2 and stop using IE.

    If you have questiongs, my msn is: pmacromanolis@hotmail.com

    I could even send you those files if you are bored to search for them.

    Report Permalink
  • Razorlord said 
    Thu, Dec 21 2006 12:01 AM ()

    Its not that hard to secure yourself..

    DONT RUN .EXE (dont even download them) only use zip and unzip in interface\addon folder.

    Again dont run .exe files (or .com, or any executable)

    Use mozzilla and not Iexplorer. (the updated mozzilla)

    and voila.. 98% risk gone

    Report Permalink
  • Syndication
  • Recent Posts
  • Tags
  • Archives