VIRUS!! ui.worldofwar.net again
 

http://www.virustotal.com/analisis/7...f0fbff035f9e8a

there is the viruses and keyloggers from a stolen version of metz remix, and a wowace upddater file at ui.worldofwar.net.

Can anyone help us take care of this. No one at the site is doing anything about it and we are getting harassed on the wowUI forums. I made posts on their sites interface forum and nothing :(

****, and here I am with no popcorn.

Rushster = Cowan :mad:

http://www.worldofwar.net/forums/sho...d.php?t=418214

Please help me fight back guys they are calling me a liar now? :*(

I thought it was established a while ago that ui.worldofwar.net wasn't a site to be trusted. I think it was just as 2.0 came out that a large number of complaints of virus' started popping up about that site.

Lots of people still use that site, though not me. One of the virused files over there is a UI I uploaded to here that got stolen and put over there. I'm making it my business because it has to do with me.

Not to mention, not everyone knows not to go there.

Imo we should write blizzard and complain. A site like this should stay operating. The virus scanners they use apparently don't catch some things.

Create a video while downloading the files from their site, opening them, and uploading the infected files to VirusTotal. Then upload to YouTube, and tell em to kiss your ass.

I really really hope this makes their entire site go down the tubes. We will never now how many files are infected with this thing over there.

Warning others about this is good. However, do please remember the rules of THIS site. No flaming.

Sorry Cairenn, i'm really really really really mad :(

What's more ridiculous is the

banner at the top of every addon they host!

Edit: Whoa first post! (Even though I joined this site over 20 months ago!)

I know and I understand. Keep it civil regardless dear. :)

*hugs syrupk*

**** "civil"... I don't have any popcorn!

*hands tekkub some bacon*

Your guys' support means very very much to me. I don't know why it upsets me so much because the guy fortunately didn't make an account with my name or anything. The UI community is very important to me and I hate seeing people get treated this way.

I was personally willing to give them the benefit of the doubt until today, but this is a fraking travesty really.

*Hides in corner, staying silent, to avoid flaming*

Theres responses now, lets see what they do for damage control.

Appears your thread got deleted. :mad:

That's their standard damage control there.

They moved it to the other ongoing thread.

ah. here it is: http://www.worldofwar.net/forums/sho...d.php?t=418210

with a reply from Rushter: "It wasnt an exe, it was a zip :)"

:rolleyes:

Maybe their doing "their" best. It's not warm and cozy everywhere you know.

...... :mad:

Easy, guys ....

where Is My ****ing Popcorn?

*edit* also the de-caps-ing that this forum does sucks.

Oh bite me, tek. :p

You know I only like MALE meat :P

*grins* ;)

Reading through the 'blue' responses really makes me appreciate the 'Red and Orange' responses we get here :)

Thanks for letting this f'oob into the community here at WoWI :D

Awww, thanks Yhor. :o

Warning: New "Curse Updater" on wowui

http://wowui.worldofwar.net/?p=mod&m=6663

Virus alert!

Seeing all that crap on ui (again) makes me glad I left that place after the Ace mirroring fiasco. I was one of the more prominent members there and was even a candidate for a moderator. It seems they still don't learn. Note this is not trying to bash ui, its just my thoughts.

That "Curse Client" upload there just screams "Trojan!" to me. I doubt that ui would allow a "competitor" to upload nor do I think Curse would upload their software to a third party site.

That's from F-Secure Client Security.

There's one thing that needs saying though.

Always in the past when one site found itself in the crosshairs,
it indicated an increase in activity by those that try to upload malware
on ALL addon hosting sites.

It seems it's not an isolated incident.. there's multiple malware uploads
at wowui even after all the ruckus has started and their staff is supposedly "alerted".

The weakest link is the first to break (wowui constantly in the recent period)
but it should sound the alarm for other addon sites as well to enhance their vigilance.

I left the wowui site 3 years ago. I was their Mage class webmaster/moderator, and also had FTP access to their worldofwar main page website.

While I still have 2 addons uploaded at wowui since 3 years ago, I have not uploaded any new ones since then, I only keep them updated so as to have less support issues of un-updated addons.

They just keep repeating their mistakes again and again.

I guess I don't really understand why they are allowing uploads if they have done nothing to fix the problem.

Stuff like this is the reason the ONLY add on and mod site I trust is this one!

To be fair any site can have issues, including this one. The important thing is educating the users and making sure they have the knowledge and information necessary in order to make informed decisions.

No system is bulletproof. Computers fail, humans get lazy, it happens. How you react to the issue is almost as important as the fact that the issue happened in the first place. I'm glad to see WoWUI is finally getting around to removing the files in question.

thank you for saying that.

Cladhaire is absolutely correct.

But, I think the thing that bugs most users is that the devs on ui.worldofwar.net seem more intent during the initial hours of a security breach return-slinging mud at the users on their forums and firing back with "It's ok/Don't worry" rather than immediately (regardless of immediate "testing/scanning" of their servers) putting notices & possibly shutting down the ability to download the suspected AddOns.

I personally was breached from an AddOn from worldofwar.net back in the day (Benecast) that resulted in the loss of everything my wife & I's accounts had. I think users/players simply expect a little better of a turnaround & attitude from the site devs in regards to the situation. Sure, someone might seem out of hand with spamming the forums and whatnot regarding the issue, but among the camaraderie with the AddOn/UI Community, we're simply looking out for one another by informing folks through the most immediate way we know how. The users cannot post the news or shut down the AddOns in question...so they resort to Comments/Forums/Etc. to get the news out. Each time this has happened, I think the community as a whole has been more judgemental not that it happened in the first place, but in how the situation was handled.

Just my 2 cents on the subject... ;)

True....

But some sites work harder then others. Having been a victim of the allakhazam debacle several years ago and having my account compromised from it I am EXTREMELY wary of most sites. I have seen what happens here when a attempt is made to pass an infection to users.

Wow Interface should be the example that all should follow. At least thats my opinion and I stand by it...

Just to compile the important posts into one:



That's right three viruses in two days. :eek:

Looks like the same people this time pretending to be the Curse Updater. Please don't be fooled into downloading this one either.

F-Secure Client Security says:

The relevant forum thread here is http://forums.wowace.com/showthread.php?t=14710



Just to clarify:

NO ONE from Curse had anything to do with this, I've reported it to have it taken down.


More Intel:

File is/was a fake. The readme.txt in the archive is a verbatim copy of the wikipedia entry on Kafka and the only other file is a file called MetzRemix.exe which is virus/trojan infected. This has nothing to do with the curse client nor does it have anything to do with the real MetzRemix which is an actual UI compilation, and everything to do with someone trying to trick people into installing a trojan by using a fake association.

The offending poster Quarenteen (http://wowui.worldofwar.net/?p=profile&u=411659) faked being WoWAce and Curse. WoWUI has claimed to have banned that user now. I hope they share IP with wowinterface and curse to avoid that the same folks try other ways to trick people again (without at least switching IP addresses).