Carbonite Keylogger

Mishlana · 10-10-09, 04:39 PM

My WoW account was hacked last night, and the only websites I downloaded anything from was wow-curse for addons and carboniteaddon.com. Is there a possible way for someone to implant a keylogger into the carbonite files? I'm no expert on this type of thing, but that is the only thing I can come up with, unless I got my information stolen from wow-curse.

Please, if anyone has any information on this, let me know. I'm trying to wrack my brain as to find out how this happened.

Vis · 10-10-09, 06:05 PM

I'd have to say the chances are very slim that you received a keylogger from either Curse.com or here at WoWinterface from downloading files or browsing the forums.

Here's a post to give you some extra information about what you can do to protect yourself and your computer.

http://www.wowinterface.com/forums/s...55&postcount=3

And also a bit more discussions about the security of the "Big 3" addon hosting sites, namely Curse.com, WoWinterface.com and also wowui.incgamers.com

http://www.wowinterface.com/forums/s...ghlight=hacked

QuestorWI · 10-13-09, 10:09 AM

I hope that Blizzard will get you your account and items back to you soon. In the mean time, go to the Blizzard store on-line and buy a "Blizzard Authenticator." It will help protect your account in the future and costs less then a months game time. As to the keylogger question: First: the only way that one could have come from either of the sites you listed as to where you get your addons from would be someone who works for either of them to have planted it and I find that very hard to believe. Second addons load only after you have inputed your account info and password, so a keylogger in an addon getting your info is almost statistical impossible. I have used both of these sites since day one and have never had any problems with them. I would suggest you have your computer checked out by a professional, you may have picked up a keylogger from another source, (ie. infected e-mail, music download site, youtube, etc...) just to name a few.

carboniteaddon · 10-17-09, 11:57 AM

I think most key loggers are from email attachments or infected websites. Program downloads from file sites could also get you infected. Addons are safe since they are zip files which unzip to files that are only loaded and used by the game, not your operating system. The addon Lua files have strict limits of what the game allows them to do.

Links in emails or forums can be very bad, since losers will put links in those that take you to infected websites. Those links can even be found occasionally in the WoW forums.

I use Firefox with the NoScript addon. NoScript stops scripts for all websites except ones you approve, which prevents nasty stuff getting into your computer when you click a bad link or otherwise visit a bad website. I have many of my family members using NoScript and highly recommend it.

Gethendriel · 10-20-09, 04:40 AM

Interestingly enough, I also just had my account hacked within hours of downloading Carbonite from Wowinterface. Circumstantial, but ... interesting. Also only 5 days after creating a battle.net account and merging my WoW account as per Blizz's current directives. Also interesting. Have been playing for years without issues and now this - all characters stripped, bank emptied, gold gone and a jolly note from Blizz giving me a 72-hours suspension due to:

"Account Action: 72 Hour Suspension
Reason for Action: Terms of Use Violation -- Exploitative Activity: Abuse of the Economy"

Obviously whoever snaffled my stuff wasted no time flogging off the proceeds for some real-world cash <heavy sigh>

Pretty much has to be either a keylogger or - dare I suggest? - some funny business back at battle.net admin - my account isn't shared, my password is reasonably strong - 8 characters, mixed case, alphas, numerics and specials. Antivirus and antispyware products all up to date and scans run regularly. Full scans post-hack haven't turned up anything yet - may go to the pros at some point for an exhaustive check.

So I'm currently running the horror gauntlet of dealing with the account admin process for a compromised account - several password resets, account suspended pending investigation, etc.

Will be ordering an authenticator once the account is reinstated.

Enough to make one go all Sartre and mutter "Hell is other people"...

***Cairenn*** · 10-20-09, 04:45 AM

http://www.wowinterface.com/forums/s...4&postcount=16

Petrah · 10-20-09, 08:10 AM

Originally Posted by Gethendriel

Interestingly enough, I also just had my account hacked within hours of downloading Carbonite from Wowinterface.

I download Carbonite from this site as well and I don't have a keylogger on my system. Secondly, it is a very well known fact that keyloggers sit on your machine for quite some time (weeks, even months) before they ever attempt to gain access to your account. You will never get a keylogger and have them get into your account the very next day.

Rastaah · 10-21-09, 12:21 PM

I was hacked after merging to battle.net a while back, within a few weeks actually. Anyway, I got all my gold/items and such back however I don't think they took away the warning I got for gold spamming :/

Good luck on getting your stuff back. I did just install noscript to my firefox, will see how it goes.

Mishlana · 11-01-09, 05:04 PM

I was lucky enough to get my account back and everything restored. I'm scared to download addons again but man, life is so inconvenient without them. I guess I'll take the chance... I don't download things onto my computer unless they are from reputable websites. I'm very paranoid about that.

I looked into the Authenticator but I cannot get it beause I don't have the right phone, or something like that. I'll have to go back and take a look. I too had my account suspended for 3 hours for "spamming", and that actually helped get my account back faster because Blizzard had to reset the password and lock the account because of the abuse.

MidgetMage55 · 11-01-09, 05:40 PM

Originally Posted by Mishlana

I was lucky enough to get my account back and everything restored. I'm scared to download addons again but man, life is so inconvenient without them. I guess I'll take the chance... I don't download things onto my computer unless they are from reputable websites. I'm very paranoid about that.

I looked into the Authenticator but I cannot get it beause I don't have the right phone, or something like that. I'll have to go back and take a look. I too had my account suspended for 3 hours for "spamming", and that actually helped get my account back faster because Blizzard had to reset the password and lock the account because of the abuse.

Addons cant log your password or log in name. They don't run their code until after you select a character and begin to load in to the world. Well after you have typed these things in. The only way an addon would contain anything like this is if it is an executable install which the majority of the sites do not allow for obvious reasons. And even then that's no guarantee that it's loaded with anything malicious. In short addons are a very unlikely source of a stolen account.

As stated above its likely due to infected sites or email. I disagree with the idea that merging accounts has anything to do with it as I've had mine merged since it became available and have had no issues. Also, I have been using addons since I started playing 3 years ago and again have had no issues.

***Cairenn*** · 11-01-09, 09:34 PM

Originally Posted by Mishlana

I looked into the Authenticator but I cannot get it beause I don't have the right phone, or something like that. I'll have to go back and take a look.

There are two different authenticators. There are the ones that are used via your cell phones, and there are the original ones that are actual physical ones that are in no way tied to your cell phone.

joescat · 01-17-10, 08:27 AM

It's natural, after being hacked, to think about what you've done recently. But as mentioned, it could have "happened" a long time before you think it did.

You are not safe! There is not a list of things you can cite that declares you immune. But not to be over paranoid, just follow ALL of the advice you gather along the way, all of the time. Example: "I have anti-virus, and the only sites I've been to in the last 72 hours are this site and _____". And you may have forgotten to mention you were using a shared wireless connection at a coffee house - but only for a few minutes". And your logon details were sniffed right out of the air, with NOTHING done to your computer.

Safety tips: Use a separate username / password.
ANY time you are entering that password, think twice - where are you (physically and virtually).
Use the Blizzard Authenticator - you being hacked will be over with.

Use, and keep active and updated, anti-malware software. It's beyond the scope of this post to recommend a specific one for you, but a name brand, currently developed one should help a lot.

Do not visit "unsavory" websites. I can't stress this enough. I know people who are "always" hacked, and people who are never hacked. It tends to follow the person.

As mentioned, Firefox, with the NoScript addon (and don't just click "always trust" on everything!) goes a long way at stopping drive-by-downloads.

Be VERY WARY of email attachments. Especially from someone you know! It's the people you know, hence have YOU in their contacts, that are the most dangerous! Maybe they have been hacked, and the "virus" is combing its way through their contact list. The people you know have a style, don't ignore it. THINK TWICE, like when your uncle suddenly sends you an unusual email that just says "hey I found this interesting site click here __________". DON'T. Do not let curiosity get the better of you.

Be behind a firewall. Always. Always means every millisecond. As a security professional, I can assure you that your internet address is already known, and sweeps looking for weaknesses are constantly happening. Usually when setting up a new connection, I see "knocks on the door" within 10 seconds of connecting. If there is a weakness, it takes only milliseconds to perform an attack. There is no thing as "but I was only exposed for a little while".

Keep your O/S and other software updated. Many offer automatic updates now, take advantage of it.

People often tell me "whatever, I'm safe, no one would want to get into my stuff anyway". Wrong! Do you your own taxes? EVER visit your bank's site? EVER send a personal email? Still think you're immune? They still want your computer - to use it as a bot to infect others. If you have any connection to the outside world, the crooks and creeps would like to exploit it.

Don't be paranoid. But do be always suspicious and cautious. Just think twice.