Recently there were a number of websites compromised due to an Adobe flash player vulnerability. This vulnerability allowed the injection of flash scripts that download keyloggers onto unsuspecting visitors' computers, opening up the potential for the player to be hacked and lose their video game account.
Thursday Adobe released an update, and it's important for everyone who has Adobe flash player installed to download this patch. If you do not, your computer and video game accounts are at risk.
Find out about the update, or download it and start installing it as soon as you can. You can also use the auto update feature within the flash player if you desire updating through that method.
Please, do this as soon as you can. This vulnerability is very real, and there are people attempting to steal accounts this very moment. Any website you visit until you've updated may be a potential threat to your computer's security.
As an extra precaution, please make sure to run virus scans on your computers to ensure they're clean of threats. The known keylogger files circulating related to this are:
- a.exe
- b.exe
- c.exe
- 6to4ex.dll
There may be variations of these files we don't know about yet, so please if you detect anything else let us know.
Unfortunately, several addon pages on Curse.com were compromised due to a obscure bug in the html sanitization process. We've removed these comments and released an emergency patch to ensure that this does not happen again.
While the Curse Client remained unaffected by the attack it is still very important for all users to to follow the above steps to make sure you're no longer vulnerable to these attacks.
Comments
Today, after repeatedly re-verifying the infection wasn't present, I came to the QuestHelper page on curse and immediately was hit with the same attack. In neither case had I downloaded anything when the attack hit.
I'm not saying curse is doing this, of course, but I think you have some compromised ads running on the site. I hadn't seen the warning because I go right to WoW addons area, normally. Anyway, I've installed the Flash update, so hopefully all is well now. Thank you for the heads-up.
BTW once again, im not insulting or anything, i
A friends account was compromised this morning.
So this is still a problem and everyone needs to be warned of it!
Place a warning message ON THE HOMEPAGE and in the CURSE UPDATER, or switch off all your Flashplugins, or no one will trust your website anymore !