Did You Know You’re in a War?
Brigin, the author of ThePositiveWarrior and the only tank from whom we’re unable to pull aggro, has been hacked. This marks the third member of our guild to get the keylogger up the keister.
Here’s the deal, folks. There are lots of people out there doing lots of nefarious things to try to get your account. They want it, they don’t care how they get it, how much effort you’ve put into your toon, or what level of h3ll they’re going to go to when the Universe – in whatever guise you wish to give it – exacts Its ultimate revenge.
We are Mac users and are not qualified to present a Complete and Total List of How To Protect Your PC, but we’re gonna give it the good ole BRK-College Try. Hopefully some comments shall point everybody in the right direction and perhaps we’ll even condense it all into a grand bal-mal of a Save Ur Assets post.
Protect Your Sh!t By Doing These Ten Things
1. Just Say No to Vista and Internet Explorer. (Edit: We have decided not to provoke an XP/Vista slamdown in the comments and just say this: Whether you run XP or Vista, get a little knowledge and make sure you understand how to make all the security features work in your favor.)
2. Right this second, install Firefox or some other browser that isn’t a disgrace.
3. Add a no-script extension so your fancy new browser doesn’t march you into trojan-horse city, population: your toon.
4. Click the checkbox on your WoW login window to have the launcher store your username so you never type it again. This way, a keylogger may get your password but they won’t get your username.
5. Never reuse your WoW username and password anywhere else. It may be too late to change your username, but go out and change your password tonight! Yeah YOU! Do it, sassafras.
6. We’ve heard good things about Spybot, but whatever, an anti-spyware program is mandatory.
7. Hey! Become a Mac User! /flex
8. Be extremely wary of URLs ending in “.jpg .html” and “.scr” and, in fact, just never touch em at all.
9. Get the latest version of Java. Older versions are totally exploited.
10. Of course, an Anti-Virus and Firewall are 100% essential. We’ll link to Avast and their free products, but others can recommend as they desire.
Right now there is a massive effort underway to hijack your account. If you read this blog and nothing else, you know three fully-Tier4-geared people who’ve been hacked. Do not think this won’t happen to you.
Protect yourself, starting right the h3ll now.
Edit: We are of the opinion that our guild’s former forums were the source of our troubles. As of two weeks ago, we have purchased a new server, URL, etc. Now what we want to do is see what we have to do to make sure the BRK Forums are secure. Our host should be doing that, but we want to get the low-down from them directly.
Comments
52 Responses to “Did You Know You’re in a War?”
Got Something To Say?
Email icon provided by Nexodyne.-
BRK’s Site Meter
BRK License Agreement
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported License.
BRK’s RSS Feeds
Nothing is wrong with Vista if you have firewall and spyware progams.
I love Vista, and have never gotten a virus or a keylogger.
Definitely get Firefox and the addon NoScript.
I use COMODO Personal Firewall, AVG Antivirus, and Spyware Doctor.
All three are freeware programs with regular updates.
I’ll recommend AVG Anti-Spyware as a powerful and cost-effective tool to guard your PC. Working in conjunction with my Norton Anti-Virus, AVG has stopped countless trojans and intrusions to my system. It only costs about $30 a year, well worth it for the level of protection it provides.
BRK, gotta call you out on this one. Your first point is half-right. If you are going to use Windows, then Vista is so much more secure than any other version of the OS, 2nd place isn’t even in the conversation. And, we ARE talking about security, right? Likewise, Firefox > IE7.
I’m neither a Microsoft nor a Windows apologist. I use MS products, because I don’t have a Mac and I don’t have Linux. I am a beta tester for several Windows products, including Vista. On the right machine, there’s simply no good reason not to use that OS. Yes, the hardware requirements are steeper than the requirements for WoW; that’s a different discussion entirely.
The same cannot be said for Internet Explorer 7. It’s better than IE6 by huge leaps and bounds, but if we’re assuming one is playing WoW from home (or at least from a personally-owned computer) there is no good reason to use IE7 over Firefox (assuming of course, one is using the latest production release of Firefox).
But to emphasize: If you have the hardware to run Vista, and elect instead to run WinXP or Win2K, you’re a fool.
I don’t proclaim to know a LOT about computers. I know enough to get by plus a little more. All in all, I may be off my rocker here..but isn’t there SOMETHING Blizzard can do to improve account security? Obviously the days of just an account key and password keeping your sh*t safe..just don’t work anymore.
I mean seriously, 9 million players world wide paying $15 a month comes out to $135 million a month they are bringing in. Now I KNOW it doesn’t cost even a fraction of that to keep WoW running so you’d think with this vast pool of money, they could invest in some better security measures?
Just my 2 cents. Sorry your boy got hacked. I have to believe it’s someone you’ve wronged or something because one of you could be considered a fluke..two of you, coincedence..but 3 people..that’s plain targeting in my mind..
I use Internet Explorer from work, and try and access as many websites as possible that end with “.jpg” “.html” and “.scr”
Things such as autoweb.cn and ft6565.cr are DEFINITELY trusted sites.
I visit them daily.
Does this make me a bad person?
(At home I have two firewalls, use firefox, and spybot on auto-search/destroy every hour.)
@Deathrender: about all they could do is put your unique CD key on a USB thumb drive and require you to plug it into the computer to access your account; that has plenty of problems of its own.
@BRK: this is the first I’ve heard of the Java VM being full of exploits and, frankly, I can’t remember the last site I visited where the JVM icon came up in the Windows system tray when I visited it. Java in the browser is almost dead.
Deathrender has a point… three people getting hacked in the same guild in a relatively short space of time is probably not coincidence. If they shared account info with anyone at all, the odds are even greater. Worst case scenario is you have a mole in the guild who is playing you guys for all you’re worth (literally).
Everyone who shares or has shared account info would be extremely wise to change everything ASAP. When it comes to your info, DTA!
I strongly advise changing your password every few weeks. Make sure the addons you download come from trusted sources.
Deathrender does have a point about your Guild. Three members hacked within… three months, was it?
On another note, I was examining your list on the side there and it displays Critical QQ twice. Not sure if it was accidental or you like reading the mage’s stuff that much to recommend it twice =).
BRK – Thank you for the informative post. I hope my guild will pull their heads out of their @$$e$ and check out the knowledge.
My security setup:
1) Norton Corporate Anti-Virus (provided by my employer)
2) Spybot
3) Adaware (yes, with Spybot… one will often catch threats the other misses)
4) Hardware firewall
As for securing WoW, I avoid like the plague any addon that requires me to run an .exe to install it. I also make sure I’m only launching WoW with the Blizzard supplied launcher. Anything else is asking for trouble.
BRK hit the nail on the head with the checking the “remember your username” option. Also, always ALWAYS make sure you’re using the Blizzard supplied launcher to launch WoW.
Low tech keylogger spite:
When typing in your password click in the password field, type a few letters of the pass.. then click off the password field, type a few random letters, click on the password field, type more of your password, click off the password field, type more random letters.
Keyloggers are recording your keypresses. They don’t know what you were clicked on when you typed those keys. So you can manually obfuscate your keyword and prevent them from getting your “real” password.
Telling folks to avoid “.jpg” “.html” and “.scr” is pretty silly. espcially “.jpg” and “.html” since they are the common file formats for most websites.
The problem is that any jpg image on a page can be corrupted with a trojan. This is what happened to one of the tip sites, and the trojans were coming from jpg ads served by Google!!
Since a lot of the keyloggers that are looking for WoW info are likely coming from gold selling sites and ads (LIKE THE GOLD SELLING AD ON BRK RIGHT NEXT TO THE BOX I AM TYPING THIS IN!) you really shouldn’t be visiting those sites on the same PC you play the game on (unless you are on a Mac).
But really BRK, you have gold-ads on your site, and you are complaining about gold thiefs?.. Who do you think is funding the gold thiefs?.. It’s the gold-sellers silly. They aren’t farming all that gold… or not farming it the way you think they are.
Some more actions. When you download your addon (and these are almost entirely from addons) take a moment before installing them to examine them.
What, you use an autoinstaller? No, or at least not any more unless you’re willing and able to do the checks in the addons folders before running. (yes, I love Aces autoinstaller. I do manual checking.)
Anyway, examine them before you load WoW if not before you install. Safe files are those that end in nothing, toc, lua, and txt. Unfortunately all the addons have to have an xml as well so regretfully we have to allow that too. Now anything else is to be treated with caution – but not automatic rejection. For example Auctioneer has an mp3 file, and cycircled (along with most other addons that do visual changes) uses tga files.
If it’s an exe, com, bat, jpg, scr, html, or any other ‘executable’ file extension, stop. Delete. Contact the source and say, “You may have a problem…”
This happened to one of the officers in my former guild. At the time he was using avg and the other free programs, and after he found out he had been hacked he ran a scan he realized avg was missing two of the logger programs.
Not all free programs are bad but sometimes you get what you pay for. I use NOD32, spybot, adaware, and a couple other things weekly and after I dl some mod from various sites that I personally don’t trust are as secure as they claim.
I recently reformatted my computer and reinstalled XP I had backed up some of my important items on a secondary HD and during the install lost all that info.I had to completely redesign my UI and mods. It sucked cause I honestly had forgotten about the mods that are non-showing and help me. I was scared to death to dl mods from anywhere but WOWACE.com. But I scanned everything before installing it twice over.
As some above posters have said BRK I think you guys need to do a lil investigating within. It is very odd three people from the same guild have been hacked within the past three months.
@Halabar: I think BRK was saying to stay away from URLs ending in “.jpg.html”, which is a common ending designed to make it look like it’s a picture link when it’s really a webpage with trojans on it. As far as “.scr” goes, that’s the ending for a Windows screen saver file which is treated like an executable by the OS, so you really shouldn’t go to URLs ending in that also, if you’re on Windows.
My security setup is AVG Anti-Virus, Spybot S&D, and. Spywareblaster. I don’t use a firewall cause I have a router. Also use Firefox and No-Script.
Somewhere I also read a trick to finding out if you have a keylogger is to open WoW and type a random but easily remembered word (something that wont be found elsewhere on your system) for a password and try to log in, when it fails, exit and to a search of all files (including *in* files) for the fake random password you used. If you have a keylogger that word will pop up in (usually) type of regular txt file. Apparently most keyloggers keep their data in basic compact txt files which are then usually uploaded to a central server at some obscure time.
Rule #7 = win!
@Mandragerin and Felix are right. I use AVG, Spybot AND Adaware because one will often catch what the other misses. Firefox, etc.
I’ve heard of a trick where you put your password or login in a text file, then when you go to log into wow, simply cut & paste from the text file. No typing (hence no keylogging) involved.
I don’t think it’s a mole per se but something odd is definitely going on. I myself would consider it an attack directed at AC if it’s been three characters in three months. Whether it’s from within or not though, who knows..
I am glad you brought up the threat of Mods and UIs.
I have been lax and that woke me up. I’ve been testing out this mod and that mod and not really being too selective about where they come from.
Where is the safest site with the biggest selection?
You know, I’ve been singing the praises of Firefox and howling the fallacies of Internet Explorer for a few years now.
Just don’t even use it. Delete all the little icons off your desktop, and ignore the friendly little blue “e” in your start menu. Heck, if you can, set your firewall to block it.
I used to use it on my old computer. What happened? Viruses, spyware, trojans, worms… and I had a firewall and virus protection. Poor computer is in the trash now after a huge virus orgy that left nothing but dumpster-baby viruses all over my hard drive. I loathe Microsoft with a passion for some hardcore fashion, but darned if it’s just the only system I can afford right now. I’m saving for an iMac, but geez…
That two grand could be put toward my rent and WoW subscription for a couple months. Sigh…
Three members hacked from one guild? The obvious question is – are there any add-ons that your guild requires that you all have in common?
@Doncuailnge: you are correct indeed. .jpg.html is a huge problem.
However, the bigger problem can be that gold ad in the right column here. If that is served by an ad service, which it probably is, it can download executable code along with it, even without clicking on it.
And I stand by my point. Who is doing this?.. some light-and-RL-starved geek in their momma’s basement?.. No. It’s gold sellers. They steal it and resell it. simple.
One firefox addon recomendation. adblock.
I keep seeing people mention ads. Here. LJ. Other sites. I don’t see them. Not a one. >.>
Seeing as ads have been a HUGE source of keylogger/trojan problems, it’s good to have them blocked entirely.
@Suzanne
Agreed. However, at least on a site that won’t be mentioned by name (but who happen to have a large UI service) talking about ad blockers will get you banned from the forums, since they make money from the ads.
Go figure….
@Halabar
That same UI service is probably the one reponsible for the first flood of fake addon trojans that we were hit with.
just downloaded firefox and then noscrit. do not know why I had not before on this new pc. Thanks for the heads-up.
On the subject of the gold seller ad to the right. If I’m not mistaken, BRK can’t select which ads google puts up. Since this is a WoW related site, it gets WoW related ads which usually means gold seller ads.
A couple points here …
1. Do not rely on antivirus software to find keyloggers.
2. The below link has a great intro on how to deal with keyloggers.
http://www.raymond.cc/blog/archives/2007/09/20/how-to-beat-keyloggers-to-protect-your-identity/
3. Even if you have a hardware firewall (router etc) you should still have a software firewall. Even if you have a software firewall, you should have a hardware firewall.
4. What gold ads? oh yeah … Firefox with Ad Block Plus!. Don’t surf from home without it …
5. You do have some control over what ads google displays. Unfortunately, you have to report each and every ad that you want removed. Security on the internet would be easier without the ad networks.
6. So you have all this security software on your computer. Is it working?
7. Noscript is a great add-on for Firefox. I don’t use it anymore because it requires far too much work to make some sites run correctly. However, it gives you an idea how much of what you are seeing is NOT coming from the website you are viewing. It is not unusual, especially on multi-media rich sites, to see content coming from 5-7 or more different domains.
8. Windows up to date? Virus software up to date? Anti-spyware software up to date? Firewall up to date?
Sorry to hear AC keeps getting targeted. I hope everything works out.
Shoot, I must be the luckiest guy in the world according to y’all. As I’ve been using IE for years and have yet to have a single issue that I didn’t cause myself despite its super duper massive security issues!!11!
I tried Firefox, didn’t like it, and since my current anti-spyware/virus programs seem to be working quite well I felt no need to switch, even with the supposed flaws. And Macs are useless to me as WoW isn’t my only game of choice, plus I find “Finder” to be pants-on-hat retarded. Not to start a Mac vs. PC debate though as its just personal preference in the end. Both work quite well and as BRK mentioned knowing the security features and how they operate of whichever OS you choose is of the utmost importance.
Overall, a decent bunch of tips for keeping your account safe (besides 2 and 7
). And if your guild hasn’t already, you might want to have everyone reexamine their password choices and scan their computers thoroughly for keyloggers and such.
Oh, and thanks BRK for all the awesome info your provide.
Now there’s another issue when players get hacked…the guild bank. One of our officers got hacked a couple of weeks ago and the hacker made straight for the guild bank, withdrew the maximum amount of gold, shards and an epic gun…the items went straight on the AH. As we are a very small guild this was a big loss for us. We’ve ticketed a GM but have yet to hear if we will get the items back
So yeah, Last night my account was hacked also. As a guild officer the bank was raped as well. /gquit /sigh. I have found NOTHING on my Mac and am still scanning my pc. Problem is, they sold everything except Agno’s gear. All my lower alts were proudly standing by a mailbox naked. Agno, still had all her gear. (Although they did sell off all of my meat and run around with KittyWitty on red). The jerks. This leads me to think that they at least THINK they can get back on my account and are leaving me a way to build everything back up. Are Mac’s really as virus/keylogger safe as I thought they were or should I still be worried that something is roaming around on my beautiful new mac I just got for Christmas?
Wanted to add point 11
If your guild runs any websites, DO NOT use the same user/pass combo!
It is just way to easy with some free web apps to do an SQL Injection for example and decrypt the password that are usually stored in a simple manner (MD5).
Maybe your mates like to go surfing and click “ok” or “yes” to continue. Or how about this for security….
Go buy 2 computers…
Computer#1: Install WoW on this computer, configure your local software firewall to only allow traffic from the WoW ports. (It’s listed in the documentation) Delete IE and anything not needed on this computer. Delete all but WoW. Install your AV. Spyware not needed if your not surfing. But go add it if you want the overhead.
Computer #2 : your work/research computer. (AV, Spyare killers… erc.. Configure your FW to allow only traffic from port 80 and 443. Nothing else. Never search bad sites that contain things that start with P. (:-P>
DON’T USE MODS… or if you must, download them on computer 2, extract and scan them. Then put them on a USB, Floppy, CD etc.. take them copy to the other CPU.
Have a strong password that is 16 Characters long and contains Numbers, Letters, uppercase Letters, and Special characters. Do not use the same character twice.
example: It#1nKW0wRocK$!* stands for I think WoW rocks!*
Then go to WoW.WoWPassword.wow and tell me your username and password. I will test your account security for you. Make sure you put all your gold and high level items on one character though. So I can make quick work of it.
PST> I forgot, buy a Router. Not Wireless. Configure your router to only allow the WoW and Internet ports to allow traffic. Deny all other traffic. And setup a username and password also… something with good password security.
Green
Moderation in all things. I’ve used Macs and PCs for a couple of decades and using minimal common-sense measures I have never had a virus or other problem except when I let my kids on my PC. I’m sadly about to move from a Mac to a PC for WoW, so it is back into the world of self-protection described above, but I just haven’t had enough problems with PCs to switch to Firefox, have two firewalls, or copy and paste my password. If someone wants to work that hard to hack my WoW account, they’re going to be a bit disappointed about what they find, and I’ll deal with the hassle of getting my stuff back from Blizzard. In the long run, I think that will be less hassle than maintaining elaborate security measures with limited computer expertise, and I can’t bring myself to pay an extra $1000 for a Macbook Pro (much as I want it) instead of a PC laptop on the off-chance it saves my WoW account. My credit card, maybe, but that’s been fine for however long there’s been online shopping.
@Alan
I was being sarcastic.. at the same time trying make a point. I agree with Alan. It is a game that we spend hours and hours working on our toons. But it’s only a game and in 5-10 years.. do you think that we will all be running around in with our level 150 toons wondering why we even thought about farming materials for our level 70 Epic Items that have 1/2 the stats that the current whites/greenies drop from trash mobs.
Heck by then.. Blizzard will implement retnal scans and WoW Goggles… and we will be able to Kite and Trap with our new WoW-Hardware while driving to work. No more keyboard either.. all voice and facial movements.
Imagine the tongue macros!
I like WoW, and will always be addicted. BUT if my account gets hacked. I think, I will, then again be able to devote time into the family and friends again.
I might be convinced to switch to Firefox, but even that’s doubtful.
I have a Firewall.
I do not have a Virus scan.
I do use IE.
I do type in my password (without trying to trick anything), though I do not type in my user ID.
I think the main thing isn’t “PROTECT YOUR PC!!!” it’s “STAY AWAY FROM BAD SH!T”. Don’t visit a goldselling site. Don’t visit a powerleveling site. Don’t visit a “hacks” site. These are the types of websites most likely trying to get your info.
The only concerns I have deal with the use of your WoW acct information on other people’s PCs. If I want to visit the official WoW forums from another PC, fine. But I can’t comment without using my login + password. Blizzard should really give us the option of a unique forum ID / PW.
Likewise, you can’t safely log into WoW from a friend’s PC. You have no idea what s/he’s been doing and may have a keylogger running.
But really… I’ve been on a broadband internet connect, using Window’s browsers, for 10 years now. I’ve never had a virus. I’ve had ad-generators and whatnot, but even those have stopped now that I’ve recognized what websites to avoid.
Keep your system safe… yes.
But stay away from the seedier sides of WoW even moreso.
BRK, thanks for the info. It woke me up to how lax i had been getting in regards to computer security. I also want to say thanks to all the feed back people. Theres a ton of good info here.
I know many people who do this:
If you think you can safely type your password in once in a random text file somewhere then you can just save it and simply cut and paste your password into WoW when you login. Never have to type it again and keyloggers will never get it. Up to you if you feel it’s safer this way.
One more related tip: Firefox isn’t the only alternative browser out there! I have tried Opera (no more adds even on free version) and its quite acceptable. I’m used to the Netscape/Mozilla/Firefox “feel” though, so that’s still my primary, even as it slowly bloats and goes through unstable periods, but those who DON’T like the Fox could try other browsers.
FYI – Other browsers have vulnerabilities also.. in fact, I believe that Firefox has had more flaws and updates in the past year than both versions of IE combined.
About a 1-2 months ago a keylogger kept making random posts on WoW’s forums (it was obvious that something was up from the lack of proper english in the text of the post, and it usually refered to something sexual). These posts always linked a .jpg. That .jpg was crafted to take advantage of a vulnerability in Windows. It executed code that went to the keylogger’s site and downloaded the keylogger, then installed it.
My anti-virus caught it, and I was protected anyways because my machine was up to date with Windows Update. As a precaution, I changed my password via the WoW website on a seperate machine.
My advice – make sure your Windows PC is up to date. A firewall won’t catch trojans, and unless your firewall is setup to restrict outgoing traffic, it’s not going to help in this situation. Watch what you click on when using the internet.
I’ve never used Firefox before, but unless it has built-in virus/trojan scanning or it’s own .jpg decoder it wouldn’t have caught my issue.
As for people saying that WoW mods can keylog, that’s just not true. The only thing that can happen there is if the mod has an actual installer, the installer could install a key logger. If you just download .lua files, you’re ok.
An even better low level gaurd against keyloggers. Cut and paste your password.
Since I use a hot key all the keylogger will see is ctrl-v.
I read about this on TJ’s blog. One of the things I have also heard is to beware of mods you are not familar with, because keyloggers could be hiding in them.
In other words, if you ask in your guild about a mod and no one has heard of it, it might be a good idea to avoid it.
@brk – Sadly, even your list isn’t fail safe. While running firefox with noscript, spybot, and avg antivirus all up and running, I got bit with a nasty Chinese keylogger, and 5 corresponding registry hacks, from clicking on a fake .jpg file posted on the wow hunter forums.
After landing on a fake google page with a .cn address, I read the other posts in the thread, and learned that I had probably been infected. Noscript was no protection. I was able to detect the malware with the trial edition of Spyware Doctor. To remove it, I had to buy a commercial version of the software on a clean computer.
I no longer trust that any of the freeware options can adequately protect against the most sophisticated of the current generation of keyloggers.
@z-man – I’ve heard that some recent keyloggers also record any information placed on your clipboard, so I wouldn’t rely on the copy paste method to protect you.
3 in one guild? You should pack each guild toon (other than the honest officers of course) in cement and throw em in darkshore waters….any who float are guilty…those who drown are innocent. ( horde point of view)
I have tried many security setups over the years. The best I have used I have now….the 2008 Norton Security suite ( I used to hate Symantec)….it is especially good at detection and removal of keyloggers + I also use the hardware firewall (belt and suspenders) in a fast gaming router…the DLink DGL 4100 ( give it a STRONG password and keep firmware updated). Whatever version of XP or Vista …if you have a MS OS…that you use, keep it on auto security update. That goes for any security software too. Set autoscan for daily use.
And like BRK says, watch where you browse and don’t be clicking on email links unless you know the sender well.
Not even an unplugged computer is completely secure of course ( somebody could sneak in and steal the hard drive)…but you can get pretty close.
BTW, my security suite is not real crazy about many of the things that the WOW program does…..but I guess WOW is harmless….Blizzard means well.
Another thing you can add:
https://psi.secunia.com/
This is a free scanner that will check your system for unpatched applications vulnerable to attack.
The funny thing about you saying to get Firefox (which I use 99.9% of the time) instead of IE is that your google search tool doesn’t seem to work in Firefox. I can only get it to work if I switch Firefox’s rendering engine to IE (using the IETab extension).
Great tips about keyloggers. I wonder though if WoW players that blog are more at risk, since they present their toonname and realm on display (most of the time) bringing it to attention moreso than use unfamous players.
Though I love your blog and others like, don’t stop giving us noobs good tips.
I would like to comment on what many others have mentioned… I honestly do not believe it is an inside job… I play on a different realm and we are having the exact same issues. In addition, we (in our guild) have checked many other realms and found that it is pretty much an issue across WoW. Do not get me wrong… I am not saying it CANNOT be an inside job (in fact I have suggested the same thing in my guild before I did any research of my own), just not likely. As far as the posting, that has gone on here… I have linked this page to my guild site and have asked them to read it because there is some awesome input here. Thanks BRK, and to the others who have posted!
Im a Mac user and don’t use any windows PC. I’m being vegiliant even though I use a Mac because if crap can happen it will try and find a way to happen eventually or try to.
Everybody needs to do things to protect their fun time hard earned Investment in their WoW character and their guildbank resources. It dampen the game a bit when everyday you hear keyloggers are stealing and outright rapeing players accounts for their item assets and gold. It sucks! Everyone needed to do simple things to protect themselves to being at risk of loosing their accounts due to malicious acts by keyloggers.
Lots of great info here in comments to heed by all and everyone guildmates. Its my thinking this problem will only continue to get worse in WoW with account stealing. You have to wonder how bad it has to get for all the player base in WoW before Blizzard try to implement added security measures for all its paying customers.
[...] known secure version. Other blogs with good suggestions for users to do to protect their accounts: Big Red Kitty: Did you know you’re in a war WoW Insider: WoW Rookie Security Basics Twisted Blog of the Week and Guest-Bellwether! This week [...]