Recently, there has been an increase in the amount of reported key-loggers in various websites tailored to WoW. For those of you who are unaware of what a key-logger is, it is a malicious program that installs itself in the memory of your computer and reads your key-strokes as you log on to your game of choice, or website of choice, thus snapping up your login information and sending it back to the author of the program.
There are several ways in which these people attempt to catch you off guard. In regards to World of Warcraft, I will list the most common methods used.
- Addon Download:
A .exe file is either included in a compressed archive (such as a .zip or .rar) and the users then run the .exe file unknowing that the file is not what it is supposed to be.
- Addon Download:
The actual download is a .exe file (to be confused with a self-extracting compressed archive), to which the user runs thinking it will install the addon.
- Poor Website Security
Certain websites have poor security set up in regards to their site, thus allowing malicious users to seize control of the content the website delivers and input their own code in web pages, thus making the entire website compromised with the potential of running Java-script(*) to install/run applications on your computer.
- Masked/Fake URLs
Certain people will create urls and file-links that "appear" to be coming from legit content, while in fact they are hoax URLs that follow the same security breaches as mentioned above.
What can you do as a user to avoid falling in the trap?
- Install an updated and secure browser. (Our recommendation is Mozilla Firefox 2.0.1)
- Have up-to-date antivirus/security software installed on your computer.
- Use common sense. Don't visit URLs or Links spread on the internet that vary from the actual addresses you are used to. Don't run executables you download without running security checks on them first.
In closing, to supplement the already robust security we have here at Curse, as a precaution I advice you to be cautious about links to Curse URLs that begin with media1.curse-gaming.com. We will be going over the routines on our website over the next 24 hours to ensure we have the highest security possible and that you can continue to expect Curse to be free of malware.
As an addendum; Should you as a user at some point locate mal-ware on our website, please report it to either myself or Werik immediately and we will have the issue resolved.
Thanks, - The Curse Crew