Double check Leatrix Latency Fix

[irumi]

My arena partner and I just downloaded the Latency fix (me a month ago him 1-2 weeks ago) and were just hacked. He said he hasn't downloaded anything since that add on because the computer he uses is dedicated to WoW. I know its just a script to change the Packet sizing in the network card settings and I looked at it in visual studio and don't see any problems but we cant help but point fingers at the last thing we did on the computer. I could easily blame face book publicly showing emails and then it getting brute forced, but I think that would have been a bit too hard with the strength of my password.

I also hope this is the right thread to post this in!

[haylie]

/sigh

So you're not trying to blame LLF and yet you are?

LLF didn't get you hacked. It can't. Even if you haven't downloaded anything since you got LLF, the hackers could have your account info stored from way, way back and only decided to use it now.

There are numerous ways hackers can get your info. Scam emails, keyloggers, compromised flash animations... nothing is safe anymore.

If you got hacked, it's YOUR fault.

[Waverian]

All executables hosted on wowinterface are checked extensively before any user can even try to download them. Unless the database has been tampered with to alter the file after it was moderator-approved, then Leatrix was not the cause. If wowi's database wasn't secure I assure you it would be quite obvious, because there would be a lot of complaints.

You also mentioned downloading things; Most account compromises come from browser and media vulnerabilities. It's entirely possible for your computer to be infected from an advertisement, without any user consent, if you're not running current releases of both your browser and all media platforms, i.e. flash.

Originally Posted by irumi I know its just a script to change the Packet sizing in the network card settings and I looked at it in visual studio and don't see any problems but we cant help but point fingers at the last thing we did on the computer.

That's the problem. Keylogging isn't a one-day process. Rarely will your account actually be comprised on the same day that your information is received. If you haven't formatted recently then you could have been infected months ago. Lastly correlation does not imply causation. There are plenty of things you did before you got hacked, that doesn't mean it caused them.

[MidgetMage55]

Being that I have used LLF for several months before i rebuilt my machine. And now for several after i built it with a fresh install I'm disinclined to think its LLF.

As was mentioned above the process of taking an account is a very long one. If they were to use the info immediately after it was obtained then the method they got a logger on your machine would be easy to track down.

So while it may look like it the reality of the situation is LLF is not the cause. You even looked at the code yourself and didn't see anything out of the ordinary.

I would suggest taking the time to do a full scan of your system. From a separate machine if possible. Some malicious things are very good at hiding themselves when the OS is up and running.

[Cairenn]

Hi irumi. As others have said, we are very very careful about any executables we allow on the site, for precisely this reason. However, we also take any report of a possible problem very seriously. As such, I've re-scanned it all to make sure it is okay. I even submitted it to Virustotal in case our own virus checkers missed something. It comes up perfectly clean. You can see the results of the scan here.

[Bluspacecow]

Technically it's not changing the size of the packets.

Rather it changes the rate of TCP acknowledgments sent.

The upshot is if as long as you know exactly what to change on your computer you don't actually need to download this at all to get the benefits of the script.

On windows I understand it's a change in the registry. On Linux and Mac OS you can get the same results using a few shell commands.