Guess what... my account was hacked.

[paint4blood]

Yes it is true, my account was hacked. I know how too. I installed an add-on via wowmatrix and I guess it had a key logger on it. The add-on's name is Skada. Do not use this add-on or some guy named Harry will get your account information. He stole my account by; First creating a battle.net account, changing my password, then finnaly merging my wow account with his battle.net account. I have already contacted blizz on the subject but they have not emailed me back yet as of June 9 2009. I don't really see the point in hacking a game other than to piss someone off. I do have a couple of high lvl characters, but none of them are at max lvl. I searched the WoW armory and I saw that my chars. still have their items but we shall see if that remains the issue. What suks the most is that I will not be playing for the next couple of months and I can't even log in to cancel my subscription. So unless this problem is resolved by June 12th. 2009 this guy will be playing my chars for free for about 2 months. Anyone know ways to hack my account back? Well I'll look on the bright side and maybe when I get back from deployment and then I resolve the issue I'll have some 80's and better gear when I get it back, ha ha. Thanks.

[paint4blood]

Also, of course, I deleted Skada. I will also ask my guild mates to keep an eye on my chars. I have a friend in real life who is also in my guild in the game. I'm coming for you Harry.

[Cairenn]

paint4blood, it may not have been wowmatrix or skada. Don't point fingers unless you have incontrovertible proof to back it up, please. Not fair to ruin someone's reputation when you don't know for sure.

If you were keylogged, it could have been as long as six months ago. They almost never hit an account as soon as they get the info. It usually takes at least a couple weeks. It could very well have just been a brute force/dictionary hack, too, no keylogging involved at all.

You need to contact Blizzard's Account Support department to get the ball rolling on getting your account back. Then you need to run virus and malware checks on your system, to make sure it's clean.

[paint4blood]

Would you mind explaning the dictionary hack?

[paint4blood]

Nvm I googled the hack and I know what it is. My cousin has this hack, called rainbow, but he uses it for legitamit reasons, he even got a medal when the program did all the work.

[shyce]

Originally Posted by paint4blood Nvm I googled the hack and I know what it is. My cousin has this hack, called rainbow, but he uses it for legitamit reasons, he even got a medal when the program did all the work.

Rainbow tables and dictionary attacks are completely different.

Rainbow tables decipher a hash, whereas a brute force dictionary attack uses plain text in an exhaustive array.

I completely agree with Cairenn, don't spread slander against a talented addon developer if you don't have hard evidence.

[Petrah]

Originally Posted by Cairenn If you were keylogged, it could have been as long as six months ago.

QFT


[Important] Key-Loggers and Computer Security:
http://forums.worldofwarcraft.com/th...78038509&sid=1

Account Compromise Info Center:
http://forums.worldofwarcraft.com/th...73308319&sid=1

Account Retrieval Tips and Suggestions:
http://forums.worldofwarcraft.com/th...62836524&sid=1

[Kupotek]

Bliizard Authenticator

It's free if you have an Iphone or Ipod, and only $6 with for the physical keychain version with shipping. Peace of mind for only six bucks? Count
me in.

[Raxnor]

Originally Posted by Kupotek Bliizard Authenticator It's free if you have an Iphone or Ipod, and only $6 with for the physical keychain version with shipping. Peace of mind for only six bucks? Count me in.

Just to let some of the people who uses the Blizzard Authenticator i used to use this and guess what happen like 3 weeks ago?, that's right i got hacked even w/the freaking Authenticator and i spoke w/a billing account representative and she was :SHOCK: after i told her i got hacked w/the Authenticator.
Nothing i mean nothing its safe when you are in the Internet.
Anyways took blizzard about a full week to get all my stuff back , but its just a pain to see this happen

[Shtaiven]

Originally Posted by Cairenn paint4blood, it may not have been wowmatrix or skada. Don't point fingers unless you have incontrovertible proof to back it up, please. Not fair to ruin someone's reputation when you don't know for sure. If you were keylogged, it could have been as long as six months ago. They almost never hit an account as soon as they get the info. It usually takes at least a couple weeks. It could very well have just been a brute force/dictionary hack, too, no keylogging involved at all. You need to contact Blizzard's Account Support department to get the ball rolling on getting your account back. Then you need to run virus and malware checks on your system, to make sure it's clean.

I've scanned Skada and found it had no infected files, at least when I scanned it with ClamXav, a freeware virus scanner. If anything, I think I just discovered a new, awsome addon i can replace both Recount and Omen with

[Shirik]

Originally Posted by Shtaiven I've scanned Skada and found it had no infected files, at least when I scanned it with ClamXav, a freeware virus scanner. If anything, I think I just discovered a new, awsome addon i can replace both Recount and Omen with

In all honesty, most of the malicious files that are attempted to be uploaded here aren't even detected by virus scanners because they're new or one-shots. This is why we have a rigorous screening process for any executable files on this site (and why it could take as much as a week to get an executable approved), because we actually take it apart and prove it's clean -- even the slightest hint that it's bad will get it denied.

I'd be more than willing to take it apart if you want to PM me a link to where you downloaded the file. The file hosted here is assuredly clean -- there's nothing in it that could be dangerous.

[Tearstar]

Originally Posted by Shirik In all honesty, most of the malicious files that are attempted to be uploaded here aren't even detected by virus scanners because they're new or one-shots. This is why we have a rigorous screening process for any executable files on this site (and why it could take as much as a week to get an executable approved), because we actually take it apart and prove it's clean -- even the slightest hint that it's bad will get it denied. I'd be more than willing to take it apart if you want to PM me a link to where you downloaded the file. The file hosted here is assuredly clean -- there's nothing in it that could be dangerous.

A good example of an addon that has a non lua, xml, toc file in it is EpicMusicPlayer which has a .bat file in it, but as it's been said if a file that is infectable is detected it's reverse engineered to double check, WoWI admins wanna make sure no file ruins their rep

[Everglow]

call Blizz account services at 1-800-592-5499 they will lock out your account, reset your password and restore anything that might have been stolen from your chars, usually within a week or two. Your job is to secure your computer with anti-spyware and not tell anyone your password.

Originally Posted by paint4blood ... What suks the most is that I will not be playing for the next couple of months and I can't even log in to cancel my subscription. So unless this problem is resolved by June 12th. 2009 this guy will be playing my chars for free for about 2 months. Anyone know ways to hack my account back?

[PigtailsofDoom]

On a side note, after you get your account restored I'd highly recommend either buying an authenticator, or if you have an iTouch or iPhone, downloading the authenticator app. It's nearly fool proof for protecting your account from hackers, although it is a tad bit annoying to deal with. Personally, I love the added account protection.

[Johnnaris]

Thanks for sharing. It's great.

simulation credit

[us2006027321]

Originally Posted by paint4blood Yes it is true, my account was hacked. I know how too...

I'm very sorry to hear that your account was hacked. That's never fun, and as you had high level toons (level cap or not), I can empathize with how that my feel like a lot of lost time and work.

As much as I would love to pick up the anti-WM banner with you and march on a crusade, I feel I should inform you that during my entire time using WM, I never picked up keyloggers. I am not the only WM user who has enjoyed being hack-free during my time. I know that personal experience doesn't exactly count as incontrovertable proof in WM's favor, it should at least be a reason to count WM out of the list of variables that led to this unfortunate event.

The other thing I wanted to mention (more in the nature of waving my anti-WM banner) is that knowing their "hosting" practices as I have come to understand them, I highly doubt that an add-on that "originated" from WM would have a virus. In Skada's case, it's one of the many add-ons WM nabbed from another site. I can't tell if it was nabbed from Curse or WoWI, but Skada is hosted on WoWI, and WoWI wouldn't keep an add-on if it was dirty. That should help you pull Skada out of the list of variables.

Again, I'm very sorry to you for the situation. I wish you all the best in getting it back. Oh, and... welcome to WoWI!

/hug
/soothe
/luck

[Zyonin]

Originally Posted by us2006027321 The other thing I wanted to mention (more in the nature of waving my anti-WM banner) is that knowing their "hosting" practices as I have come to understand them, I highly doubt that an add-on that "originated" from WM would have a virus. In Skada's case, it's one of the many add-ons WM nabbed from another site. I can't tell if it was nabbed from Curse or WoWI, but Skada is hosted on WoWI, and WoWI wouldn't keep an add-on if it was dirty. That should help you pull Skada out of the list of variables. Again, I'm very sorry to you for the situation. I wish you all the best in getting it back. Oh, and... welcome to WoWI! /hug /soothe /luck

Likewise, neither would Curse nor WoWUI.Incgamers (I wish they would get a more distinct name for that site as WoWUI is too close to WoWI). The "Big Three" do not tolerate "funny files" in the AddOns they offer for download.

[katrinav]

simulation rachat de credit

this is a very interesting post. thanks for sharing

[Bluspacecow]

I apologise if this has been addressed in the thread before but....

Your average run of the mill addon can not log your keys or steal your login and password.

An addon consists of a few text files , some images and some sounds maybe.

They operate in a sandboxed enviroment so hence have no access to the outside world , can't email anything , can't send anything any where and don't even have access to your hard drive. They can read in from the saved variables and write out to the saved variables at logout/game exit but even that's limited (afaik they can't even name the file).

Also they load after you've already logged in. So even if they could send it somewhere they wouldn't have the information to send as that authentication information's gone by the time they get loaded.

Finally there's never been any concrete proof that wowmatrix has any keyloggers in it. When I say proof I mean a packet sniffer / network report showing authentication data being passed to a non blizzard domain.

[derailed1973]

I just bought a new computer, reactivated my account after about a year of not playing, downladed WOW and got on this web site and downloaded quest helper. Guess what your addon has a keylogger attached to it, thanks alot. And yes I was able to trace it back to the addon. I was able to play Friday and my account was hacked and switched to battle.net by Saturday. It was fun getting my account back, petitioning for a restore, cleaning out my new computer, and apologising to my guild mates for someone robbing the bank. From now on I think everyone should steer clear of this asian scamming site.