Impotence
Do you know the feeling? You see someone log on, you say hi, they don’t reply. They port to Shat. You see them head to a vendor and start stripping down. And there’s nothing you can do about it.
It sucks.
Yes, AC had another member hacked again. A non-raider but still a good friend who didn’t need this cr@p. Heck, even our enemies don’t deserve their stuff being stolen.
Nope, not even melee hunters.
Secure your stuff, keep your password secret, use a spyware removal tool, don’t click funny links, and pray the hackers get crabs. Or lice.
No, both.
Comments
42 Responses to “Impotence”
Leave a Reply
-
Got Something To Say?
Email icon provided by Nexodyne. -
-
-
BRK's Site Meter
-
BRK License Agreement
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported License.
-
BRK's RSS Feeds
lol…any ideas on a new guild name? NEWB HAXXORS?
I hate to say it BRK.. But are you sure it’s not you somehow?
I’ve never known someone in this game who’s been guilded with so many hack victims.
Is there some quirky addon that you require in your guild or promote? Something as big as Omen or Deadly Boss Mods having a trojan would get detected pretty quick. Maybe share passwords a lot? Your guilds hack rate just seems really high.
Ahh, I’m really sorry to hear that =/ I know what you mean about the irritating script kiddies, my boyfriend recently had one destroy his internet forum. No love for them, that’s for sure.
I wonder the same thing that guy and Revanant said. I got hacked last week, the person even tried to hack into my bank account. The last addon I added before this happened was Cooldown Timers, which I added from seeing the BRKtestbed video.
This is really crappy, I hope Blizzard can restore his stuff to the full effect. Maybe they should keep doubles of everyones characters or something to secure people’s time and effort that has went into their characters?
Has this ever happened to anyone using a Mac?
Our GM is heavily speculating that our old forums were infected and anybody who visited them could be hacked. We have deleted our old forums and moved to a new server, but everybody in the guild has been warned to clean their machines.
And we are unaware of a Mac user having their WoW-account hacked. Anybody?
BRK-
And anyone else who has had to deal with this. THERE IS SOMETHING YOU CAN DO!!! If you see a friend, or a guildie, or someone you know well enough to have some idea of their regular activities, behaving in a way that is _not_ like them… open a ticket with a GM- Tell them what you know of the person (i.e. “Name” is my friend, normally spends x amount of time on any one char, tends to chat with me for x-y amount of time when I see them-and is currently behaving very oddly, including: a. xxxx b. xxxx) ask in the ticket for the GM’s to protect them. The GM will look at the character file and take a screenie, and then when your friend is back on you tell them to open a ticket. If everything is ok, the GM will verify your friend is who they are supposed to be and either replace the lost stuff, or if nothing bad happened, unfreeze the selling ability of the person, and merrily merrily…
I did this with a friend, She was logging on and off very rapidly (2-2.5 mins between swaps) and not talking to me- she says hi before I do most times and we can chat for hours…so I warned her if she didn’t say hi I was going to open a ticket, and when she still didn’t say hi, I opened the ticket. About 6 hours later she came online and we talked, and I told her what I’d done. She talked to the GM’s and they told her I’d done the best possible thing to protect her account. So.
No more impotence. At the Very Least we can now screw the jerks out of the satisfaction of ruining the game for others. So what if AH prices fluctuate a bit now and then. What we really care about is our friends’ fun quotient (stole that saying from my sweetie).
Crowgirl -Gnomer
Crowgirl tickets don’t work THAT fast. It only takes a few minutes to log on, vendor everything and mail gold. However, it can take hours to get a response to a GM ticket.
it’s true, i was hacked in between the two hours i was off. it took nearly 6 hours to get a gm….and even then i didn’t get any of my stuff back, but items i can’t even use anymore =(. i’m really considering about getting a mac, and i’m a windows programmer =(
Wow. Sorry to hear that is still happening.
Just to add that Kaspersky, Panda, Bit Defender,and probably others,have good free online scans available.
I’d be very curious to know what each hacked guild member was using for computer security.
Our guild has had 3 members hacked in recent weeks and it is a sad thing to see as their toon is ravished.
Fortunately they had most of their stuff restored although one (a 375 enchanter) had to make all of his enchanting rods all over again at some considerable expenditure of time and gold.
@guy
At first I was miffed at your comment, but after some thought I have concluded that BRK may be unknowingly exposing his guildies. This site is popular, and BRK regails us with loot stories often. It wouldn’t be hard for a hacker to ‘Armory’ BRK, look up the guildies, and go to work.
Allow me to appologise for my miffedness.
Hi BRK,
Sorry to hear that it has happened again…
Actually, besides just cleaning their machines, your guildies really should change their passwords as well.
However, the fact that it has happened again after you dumped the forum raises the possibility that it could be some other culprit. It doesn’t make sense for a hacker with your guildies’ login info to sit on it for a couple of weeks.
If that’s the case, it’s probably one of the add-ons in your guild’s recommended list. Might really want to re-look at that list.
Finally, a word of caution. While it’s probably true (for now) that no one using a Mac has gotten his account hacked, but it’s not because a Mac is somehow more impervious than a Windows-based PC. It’s just that there are a lot less of them around so the returns in making a Mac keylogger would be a lot less than making a Windows keylogger. I’m not saying this to inflame a Windows-Mac war, but just to remind Mac users not to be complacent. Take the same steps as what was recommended for PCs and protect yourself.
End of the day, losing a toon of epics hurts but you’ll get over it. Losing something more important, like your bank account login details would hurt a lot more and longer!
I guess its a good thing that i only surf the inter-web on a cheepo compaq laptop i got from ebay and never play wow on it. let them infect the evo POS all they want, nothing important is on there or done there. They can rape the $500 laptop all they want, as long as the $6,000 desktop/commad center rig is fine im happy.
but the only action the big rig sees is WoW.
This sounds incredibly targeted and I’m absolutely stumped at the blunt nerve these hackers have. Hope this’ll be fixed soon - and I don’t mean a Blizzard Soon™ but pretty dang quick!
For those who are suggesting it is a guild addon, here is our required addon list:
Omen
Here is our recommended list:
Deadly Bossmods
That’s it.
There was some speculation about a SQL vulnerability a bit ago, and that maybe those who shared passwords between our forums and WOW meant it could have happened that way. However, subsequent investigation lead us to believe this was not the case (as an example: When Tweeden was hacked, he changed his password, and then the hacker got in again. He had NOT changed his forum password).
Frankly, I wouldn’t be surprised if some jackasses were targeting our guild since we have at least a bit of notoriety now. How they’re doing it, I dunno. All I know is that my password is a 10-16 character alphanumeric string that is unrelated to any dictionary word.
And I’m keeping it that way.
Easy way not to get hacked, use a different username for wow then anything else and tick the remember my username box. Therefore, the hacker gets your password and nobody can log in with just a password… Unless they steal your PC?
Having had my account hacked a few months ago and having a guildie hacked last night, I feel your pain.
After getting my account back I did the following:
-Scanned for virus (Gridsoft AVG)
-Scanned for spyware\adware (Adware)
-Deleted Wow and reinstalled
-Scanned for virus
-Reviewed Daily virus scan logs (found 2 attacks against wow patch files about 3 months prior)
-Used parental controls to lock down access to match my play schedule (also a good way to remind yourself it is time to go to bed)
-Began changing my password about 6 times a month.
-Spent a week bugging GMs for a status on my account restore.
I did get most toons and gear back but man does that take the fun out of playing for a while.
Ouch. What ever the cause of the issue (bad luck, etc…) I feel sorry for you and your guild. I hope things get figured out soon BRK. It sucks that it happens at all.
Perhaps Blizzard could put in a system like Vanguard and other investment and banking firms have. For example, you can log in fine with a username and password from your own computer, but if you — or someone else — try to log in from a different computer, you (or he) would have to answer a random challenge question, selected from several that you had previously selected. I actually couldn’t remember the answer to one of my own challenge questions the other day when I was checking on some investments from my husband’s computer.
Maybe that’s too complicated. It’s not like there’s “real money” at stake. But if it is supposed to be safe to enter a username and password to make purchases from Amazon, LLBean, or iTunes, it should be safe here, too.
Simple:
1 - Select the option that has your username remain.
2 - Make a word/text doc on your desktop
3 - Write your password on it
4 - Before you open WOW, open text doc and copy (ctrl-c) your password
5 - Log on to WOW, your username will autofill and you paste your password(ctrl-v)
The only thing a keylogger will ever get is ctrl-v. Most of those keylogger programs are tied to the wow.exe and wont log until wow.exe is executed.
Just knowing Char names of BRK Guildies is a long way from being able to get software on to their computers.
No matter what the convulutions your talking about going from /who to installing a executable on a computer at a certain IP.
Its much more likely they are shareing some sort of common resource be it forum, add on etc.
Dont use your Wow Username/pw for Wow web sites.
As for keyloggers for Mac. While its not impossible they probably have would have to do a pretty good job on social engineering to get past why does it want my Admin username/pw.
Sorry to hear that, BRK!
Our GM got hacked twice in a year. The first time the hackers used his eBay account to try to sell of his WoW gold. It was obviously a keylogger and he had to change all his credit cards and banking info too.
The second time was only his WoW account but we lost a lot of nice stuff from the guild bank and he lost all his tier gear. He was putting his password into WoW with ctrl-c/ctrl-v so the copy and paste idea is not adequate protection. He found no viruses or keyloggers on the computer and he doesn’t share his WoW account.
I am starting to wonder about a security problem with the Blizzard forum or game servers. Anyone know if the username/password pairs are sent to Blizz encrypted?
I started doing what Sdcanyon suggests a couple of weeks ago, when I first read about this hackfest.
Condoleances to those who’ve been hacked, I can understand it really would take the fun out of the game for a while. But at the same time, it’s still only a game and not real money.
I was thinking of an alternate way to log in. I live in sweden, and in order to log on to my internet-bank I use a little “encryption box” to verify the code given by my bank. first a PIN-code to log on to the little box, then enter the code given by the bank, enter return code given by box into the ‘field’ on the banks website.
It’s not difficult or takes long time, and I’m sure for the security given, anybody would be happy to pay the ~10 USD (or whatever) extra that the device would cost to put into each game box. Or be sold separately.
What do you think…would it be doable, and would you think it’d be worth the little extra money?
I had hacked my account two times (or to be more detalied I should say that I had installed keylogger two times). I found it fast so it doesn’t have chance to sent my account information, but still - keylogger was worked and only thing which helped me was fact that I found it before it sent information. In that time keylogger wasn’t recognized by avast antivirus which I had, I had system firewall turned on too - it doesn’t block installation of that thing. I analyzed application, I was curious how it has chance to install TWO times in not too long period of time in my computer and when exactly I was infected (no, I don’t click anything which I don’t know, I don’t check gold sellers site, normally I’m using opera instead IE and I have always turned on antivirus and firewall - I don’t do anything which cross normal wow user behaviour), so my computer wasn’t completely defenseless. I found reason and source and - if I can suggest - ask your friend if they haven’t similiar problem. In my case it was lack of windows update in critical area in case of wow keyloggers. Windows had security issue in jpg system support - keylogger which I had used this way to install. Security patch which solve that problem is old, but it’s the must for wow users (ther is description of issue http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx). If anyone use windows system, wow and haven’t that patch - he is in danger. Just make automatic system update - it will be enough, no one shuld use system without it.
The most interesting thing is where I was infected - http://www.curse.com/. Of course that wasn’t intentionally by www site administrators and for now it should be clean, but I’m writing about that to show that using “safe” sites doesn’t mean that you are really safe. In my particular case one of keylogger author put addon (which actually was some kind of working addon anyway but it doesn’t matter anyway), and “screenshot” (keylogger was there) - that quasi screenshot was specially prepared JPG files which use windows security issue to push system to execute JPG file and install trojan.
To describe thing simpler infection procedure in my case looked this way - I hadn’t jpg security patch, I checked my wow favourite addon site (theretically safe), there was something new, which interested me, I checked description (and on author subsite was prepared trap jpg) - that’s it, in that moment my computer was infected. You don’t need to execute anything - lack of security patch and special, prepared jpg file make everything in the background. The same problem was at wowui site - I found the same keylogger in that time there. For now both sites are rather safe, but it’s not a point - the point was lack of jpg security patch.
BTW - idea with Ctrl-C Ctrl-V described above doesn’t help in that particular trojan which I had - it registered clipboard content too, but “remeber account name” option helped - in that case trojan registered password only. Of course I’m saying about old version of trojan which I had chance to analyze, for now there might be new ones in the wild.
Some botting programs include automatic logon features and the programs themselves are detected as keyloggers/trojans/rootkits by any decent antivirus program.
However if you are using a botting program, you deserve to get hacked anyway. It may be worth bringing up though, to make sure no one is still using programs like this if they have in the past.
One of our guild officers got hacked recently - the hacker cleaned out one of his toons (one without officer access), went to the gbank and took out his maximum number of withdrawals, switched to his main toon, went to the gbank and discovered that tadah, he had full access. Guild bank goes bye-bye…
It turned out he’d clicked on a picture link in the WoW forums and got some kind of keylogger or similar trojan. So he did all the necessary fixes to his computer, got his account sorted out, started the process of recovering the gold etc through Blizz… got the gold back, put it in the gbank… our other guild officers decided all must be well and reinstated him as an officer… bang, hacked again. Another guildie noticed his toon was online but not answering, looked at the gbank and could see stuff disappearing out of it as fast as the hacker could click, and alerted another officer who raced to the bank and started yanking stuff out of the “officer access” tab to save it.
So yeah, it’s actually pretty common for thieves (in real life as well as WoW) to go back to the scene of the crime a few weeks later in order to steal all the nice new replacement stuff you just got. In this case the keylogger probably had more than one part to the program, and installed a back door entry to his system that wasn’t detected by his scans.
I got hacked once too, it really sucks. I lost *all* of my pre-tbc items, the dark portal opening tabard, my Tabard of Flame (from the TCG), my tradeskills and most of my characters.
It took Blizz 4 weeks to get my account investigated.
KDH - Thanks for that writeup. I had always felt safe due to the number of precautions I take and just being overall computer science savy. Being infected by a jpg from a site I visit daily…there is no safe haven. My computer is always up to date with security patches, but my wifes..I’ll have to check that tonight.
Does anyone else think that the WoW website demanding your WoW game password is a security weakness?
Thank You Kindly,
Corwyn
The more I think about this, the more I’ve come to realize that I don’t think the problem is keyloggers. First of all, they need to know your character name to actually target you. Simple enough. But then they need your account name as well and I’m reasonably sure that the people in AC don’t type it in everytime. Plus, it seems everyone is running pretty good protection.
Soooo….this points me in the direction of the other side of the fence, Blizzard itself. I would bet dollar to doughnuts it’s either an employee of Blizzard or someone who either has access or has hacked access to some sort of player database. They would know everyone in the guild from the Armory profile of one person. Hell, click on BRK’s profile here and you got all of the AC toon names. Find said Drenden server. Find said character file. Oh look, there is their login and password.
Write down. Take home. Pillage booty…
@ Corwyn
I think it’s a pretty significant weakness..
@Róhirrim
You’re talking about a SecureID keyfob? Or different method?
The SecureID keyfob is great. Two factor authentication (Something you know, something you have), however the device itself costs $100.
Not an easy investment.
Ditto with many other physical devices. A USB key. Those are pricey, plus the OS has to support the USB device (Although that should not be an issue nowadays)
Challenge/response (first car, first street address, etc) doesn’t work either if it gets asked every time, as a keylogger will grab all the challenges and answers.
ING bank has a 4 digit code randomizer. You have a 4 digit numeric pin, and onscreen it shows a translation (1=A, 2=T, 3=C) that is different each time. Enter the 4 characters that your numbers go with and you’re authenticated. Next time you log in the numbers/letter translation is different.
But it’s a lot of work, regardless of which approach you take. Currently Price > Cost.
every security can be broken very fast and the security measures just bug the user afterwards (example => windows).
best thing you can do to minimize the chance of being hacked is to get rid of internet explorer and think before you run any unknown program. (or either switch to mac, or use a real operating system for PC
)
one more thing, visual keyboards (you click on letters on a screen) is a great solution to keyloggers. though I dont know if it would work with wow, or any app that grabs the whole focus to itself.
I’ve often wondered why Blizzard doesn’t require copying those randomized character generators I see on many sites. I ordered a book last night from a small publishing firm and had to take off my glasses to read the letter/number combo in the box before I could submit my order. Your other forum used to do that, BRK, and I botched several comments because my dyslexia got the letters/numbers mixed up. Yeah, it would be a pain to type “password” and then “what are these letters and numbers” to gain access to my toons, especially when I’m toon hopping, but I’d be willing to do that for a small additional layer of security.
I’d like to know if hacking is on the rise or are we just more aware because people BRK knows got hacked?
Hey guys.. just send me all your usernames and passwords. i will verify that they have good security on them.
And maybe the hackers are doing us a favor and controlling our WoW addiction.
Hahaha!..
Just kidding.. Was thinking that maybe we should just have WoW auto log us in. No typing username and pw. (just have it remember)
Never Play WoW from acomputer that is not yours
Do not play private servers
Everyone– Format and rebuilt your Operating System.
Update your PC’s
Update your Anti Virus
Reinstall WoW
Do not use Add-ons
Send me your username and PW to test
**And dont you think that Blizz would keep track of these “transactions” and spank the accounts that got emailed the gold/items?
Heck, If I was a hacker, I would sell junk then delete the character.
@Sdcanyon
That is what a bunch of my guildies and I are doing. Except we take it one step further. We place the text file in a zip file and put a completely unrelated password on it. This helps keep the honest people who like to use my computer while I’m not home… honest. Sure it takes a couple extra seconds to log in and get started but in the long run its more than worth it.
This method on top of practicing smart browsing and computing should help eliminate the chance of being hacked.
Always keep your computer up to date. Install the normal security updates, don’t download things you are not 100% certain of. Never run .exe files in addon zips.
No one is ‘immune’ to password theft. Sorry Mac and Linux fanboys, neither are you. Yes, your chances of being a victim may be lesser, but the chance is still there if you don’t stay one step ahead and smart about where you go and how you get there.
—I’ve often wondered why Blizzard doesn’t require copying those randomized character generators I see on many sites—
Bingo, Gimmlette! That would be an excelllent idea.
Also my Norton 2008 security suite has an auto log in feature for critical sites…..specifically to protect against keyloggers….but the WOW program won’t let it operate in the game…it should allow it by requiring a log in just to start the game program itself.
That said, it is amazing how many people have virtually no computer security at all. They should at least stretch a super condom over their computer tower…
Wow, there’s a lot of this going around. Our GL got hacked yesterday. He thinks it came from a video that he went to from the wow forum that opened up real player automatically and started downloading the keylogger. Why he didn’t do something to check for viruses right away I don’t know, but I guess maybe he’ll be a little more careful in the future.
Even more important than security for a computer is knowing what to avoid and where you can safely go. To be honest my symantec subscription ran out in June and I haven’t had any problems with viruses or hacks between now and then. I run spybot every month or so to see what it finds, keep an eye on my processes to see if anything unusual is running, and just generally think twice before going to a site or downloading anything.
@Canth
I couldn’t tell what algorhitm my device uses, or if it’s called “SecureID keyfob”, but from your description it sounds like something similar.
In this picture, the one I’m using is the one on the bottom right: http://www.swedbank.se/bildarkivet/motiv/33565/ORIGINAL.jpg
It’s the same size as a credit card and about as thick as ~4 credit cards.
I’ve signed for it at my bank and the S/N of the little box itself is tied to my ‘personal number’ (what you in the US call ’social security number’). Thinking about this, I’m not sure how that would be doable regarding WoW.
I also don’t know how much the device would cost, but ~100 USD sounds a bit much to me. I’m guessing they’d be way cheaper.
Anyway, this was just a thought.
My PC was infected by a keylogger, where I think I DL’d it from a link on the wow insider forums. Sometime later, I was in Nagrand farming (I believe) and noticed I couldn’t do anything without the WORST lag ever. My latency was skyrocketting and eventually peaked over 8k. I checked by running apps and found a keylogger running. 40 minutes later after having run adware, spyware and a whole system scan, I was back in business. Just glad the lag spike occured while I was somewhere I wouldn’t expect it (I expect some lag while in Shatt, or outside Kara sometimes).