PROTECT YOURSELF FROM GETTING HACKED

[Markus]

Fuck Norton.
Use Firefox.
Use AVG.

[tempus]

And never ever click on a forums link that ends in ".cn"

-t

[McClebby]

Just watch what activeX your DLing

[eclavdra]

Basically, don't click on any link that's not a screenshot on the official forums unless you:

a. Know the site being linked; or
b. Are not logged in.

[tempus]

eclavdra said:

Basically, don't click on any link that's not a screenshot on the official forums unless you:

b. Are not logged in.

B doesnt matter, you dont have to be logged in to the fenris forums to catch something nasty on another site.

-t

[plague]

I just called the wife and told her to download firefox again and to un-install norton and reinstall avg. I also recommend Spyware Doctor, seems to be a great program for tracking cookies/malware.

[lockejv]

Part 1:

For those who don't know, a keylogger is a malicious program that records all your keystrokes and stores them somewhere. People will then use this information to "hack" your account or your identity. Usually they will try to capture the usernames and passwords you type, especially when you are on a credit card or a banking site.

There are three ways someone can get a keylogger on your PC:

1. The keylogger installs through your browser, from an infected web page that you simply view. You just have to look at the page and the keylogger will install.

2. The keylogger installs from a program you download and proceed to run, such as an .exe file. Serial number / license key crack programs for unlicensed software is a popular place to do this.

3. The keylogger installs through viewing an email or downloading and running an email attachment.

Aside from your own judgment, the best defense against keyloggers and any virus is Microsoft patches. Keep your MS patches up to date at one of the Microsoft update sites, or you will be infected with a virus.

Part II soon, off to lunch.

[lockejv]

Part II

Keep your Microsoft patches up to date, keep your Anti-Virus up to date, and only run programs you can trust. Use Firefox instead of IE because Firefox is less of a target - for now. Use Ad Block Plus with Firefox, because it blocks adds that might contain viruses.

Use a firewall that alerts you when anything on your computer tries to access the Internet.

[Ruuk]

Any recommendations for a trustworthy website to download MS patches?

[lockejv]

Hey Miruuk, hope you had a great christmas / new years!

You can download patches at www.worldofwarcraft.com.

Or try windowsupdate.microsoft.com, you can manually install patches from there. I recommend turning on automatic updates, so you don't have to worry about it. You can do this in control panel. You'll just get a notification in your systray that the patches are downloading or that you need to reboot.

[Ruuk]

lockejv said:

Hey Miruuk, hope you had a great christmas / new years!

You can download patches at www.worldofwarcraft.com.

I set myself up for that. Thanks Locke!

[Markus]

Lmao.

<3

[Grimgore]

I don't know exactly where I got my keylogger from (or else I'd have eliminated it before it did any harm) but I'm 99% sure it was a link from the official WoW forums. There was a page that I randomly stumbled across (on the druid class forums) about 'alternate' druid animal shapeshifts. It was basically a collection of pictures that someone came up with of cooler looking bearform/catform/travel form/etc animals. I didn't even look at the URL so I have no idea if it ended in .cn or what. Once I clicked the link, it send me to a fake google main page (I could tell it was fake b/c the URL of the page was all weird looking, plus my computer locked up for a few seconds when I accessed the page b/c stuff was auto-downloading and pop-ups started getting blocked (and of course there should never be pop-ups on the main google page anyhow). I quickly exited out of my browser, assuming that nothing had been downloaded to my computer. I ran anti-virus software but it didn't pick it up. About 3-4 days later, my account was gone.

So let that be a lesson. To be safe, I'd suggest not looking at ANY WoW-related page with the exception of a few that have been proven safe. Wowwiki.com, Alakhazam.com(sp), Wowhead.com, Thottbot.com, Worldofraids.com, mmo-champion.com... you should be able to get pretty much any info you need just from those sites. Avoid forums of all types, especially on the WoW page. I foolishly assumed that Blizzard policed their own forums and that a keylogger thread wouldn't be up long if it got posted. And yet that 'druid forms' thread was over month old (hence the reason I figured it'd be safe).

And of course, avoid all gold-selling and 'hack' webpages. Even browsing them is just asking to get infected w/ something. Also make sure to research your third-party add-ons before downloading them, as well as making sure that you are getting the program from a reputable source and not a 'copycat URL' type of page.

I don't mind people knowing about what I went through (ty anyways Markus for trying to help me avoid a stigma due to recent events) and I'd be happy to help anyone who thinks they may have similar problems. Trust me, my account and computer are safer now than they have ever been, as I've taken just about every precaution I can think of. Plus the full wipe of my computer means that there is a 0% chance that the keylogger is still on my system. Over the past 10 days or so I've been WoW-less so I've done alot of research into how accounts get hacked and how to go about recovering them and so on. I feel like I'm fairly knowledgeable on the subject now.

Oh, and one other thing that I WISH I had done. If you even accidentally come across a funky site and you suspect that you might have picked up a malicious program, go ahead and just wipe your harddrive. It's really the only way to be 100% safe. If you have access to a computer other than your own, change your WoW password and email password from a different computer and don't enter any passwords into your compromised computer until after you've wiped it. What really screwed me over in the end is that I used my current computer to change my password for both WoW and my email, while I still had a keylogger. That meant that the keylogger had access to my 'secret question' answer, my phone number, my address, basically everything they would need to steal my account. Once they had it, they changed my address, phone number, and email to non-sensical gibberish to prevent me from logging on to attempt an automated password recovery. If I had simply used my roommates computer to change my passwords after the compromise, the keylogger would have had no info about my account other than the password itself, which would have been easily recovered. By making the mistake of changing my password while still keylogged, I gave the keylogger all the info he needed to lock me out of my own account.

All in all it took me exactly 9 days to get my account back, and atm I'm waiting on seeing about getting my items restored. Blizzard is closed on the weekends (not sure if that goes for the 'Specialists' that help in situations like this, but I'm assuming it does) so hopefully I'll get at least the bulk of my stuff restored early next week.

It's been a tremendous ordeal and I don't wish it on anyone (well, except for the asshole hacker who got me... I wish it upon him as well as a healthy dose of cyanide).

[lockejv]

Glad you got things straightened out Grim! My guess is you were hit with the same exploit that was used by RMT companies to infect FFXI users last month. The RMT people paid to have their advertisements hosted on several of the most popular FFXI sites (ffxi.somepage.com, ffxi.allakhazam.com, ffxiah.com, etc.). The ads they displayed included a line of code that exploited Real Player through IE. When the browser (IE only) reads this code, it sends the text to the Real Player application, which then carries out the malicious activity (downloading and installing the keylogger application).

Just to recap:

1. Use Firefox instead of IE. I'm not arguing it's "more secure" or "better", it's just not as exploited (at the moment).

2. Use Ad Block Plus with Firefox. Ads are a huge vector of attack; Ad Block Plus eliminates most of them. Download it here: adblockplus.org/en/

3. Uninstall Real Player and never, ever use that piece of shit application. It's the worst software application ever written, and it's held that title IMO for about 10 years now. Boycott any sites that require it.

4. Keep not only your Windows patches up to date, but keep an eye on other applications you install such as QuickTime (another piece of shit), Acrobat Reader, Flash, etc.

I haven't dug too deeply but the virus that hit FFXI is allegedly part of the Agent.GDA series.

[feuerr]

One of the easier solutions for staying safe online is to avoid questionable websites. I've actually never had a virus on my own computer and I don't run anti-virus software.

Second to being savvy, you should have a router between your computer and the Internet. Linksys WRT54G is one of the best brands/models I've seen. It also has a wide range of aftermarket firmware available for it.

Lastly, use OpenDNS for your DNS servers. You can do this very easily by going to opendns.com and create a free account. It's very easy to setup, and not only does it help protect you from malware and ads. You also get the benefit of increased speed when browsing the Internet. There's also some content filtering they can do for you if you have children. I highly recommend this service.