Quantcast
Hack Alert! - WoWInterface
Thread Tools Display Modes
11-11-09, 11:01 AM   #1
todd3835
A Flamescale Wyrmkin
AddOn Author - Click to view addons
Join Date: Mar 2009
Posts: 89
Hack Alert!

Ok, not sure where to post this, but mods PLEASE put a front page post about this. I was minding my own business just farming herbs, and I get a message from a toon "Wowbizzusa" telling me I'm a lucky players. (Please note the improper english......). It's telling me to go to a site **** . Now I'm smart enough not to visit such a site, but I know some people out there would be like whoa, I better go there.... I went from my phone (haha *****es!) and it's looking for, you guessed it, username and password. I put in bogus info, and it then asks you to "confirm" your email address, and secret password info..... So please please PLEASE mods put a front page post! I've hopefully attached the screenshot......
__________________




People with OCD (Or CDO in Scott's Case) prefer nUI+! Find it at www.nuiaddon.com

Last edited by Shirik : 11-11-09 at 11:47 AM. Reason: Do NOT post links to malicious sites!
  Reply With Quote
11-11-09, 11:06 AM   #2
Katae
A Cobalt Mageweaver
AddOn Author - Click to view addons
Join Date: Jun 2007
Posts: 208
Why would you repost the url?
  Reply With Quote
11-11-09, 11:24 AM   #3
Xrystal
nUI Maintainer
 
Xrystal's Avatar
Premium Member
AddOn Author - Click to view addons
Join Date: Feb 2006
Posts: 5,535
It automatically linked it. Whenever I post a website, with the www part mind you, it auto links it. So, in hindsight maybe quickly edit out the www part so it doesn't auto link it.
__________________
  Reply With Quote
11-11-09, 11:34 AM   #4
todd3835
A Flamescale Wyrmkin
AddOn Author - Click to view addons
Join Date: Mar 2009
Posts: 89
Originally Posted by Xrystal View Post
It automatically linked it. Whenever I post a website, with the www part mind you, it auto links it. So, in hindsight maybe quickly edit out the www part so it doesn't auto link it.
Ok, edited to make it not work if your clicky it =]
__________________




People with OCD (Or CDO in Scott's Case) prefer nUI+! Find it at www.nuiaddon.com
  Reply With Quote
11-11-09, 11:47 AM   #5
Shirik
Blasphemer!
Premium Member
WoWInterface Super Mod
AddOn Author - Click to view addons
Join Date: Mar 2007
Posts: 818
Originally Posted by todd3835 View Post
Ok, edited to make it not work if your clicky it =]
No, don't post the name at all.

To others: Now would be a good time to review "how to know a Blizzard site" and "how to know a Blizzard representative."
__________________
たしかにひとつのじだいがおわるのお
ぼくはこのめでみたよ
だけどつぎがじぶんおばんだってことわ
しりたくなかったんだ
It's my turn next.

Shakespeare liked regexes too!
/(bb|[^b]{2})/
  Reply With Quote
11-11-09, 11:59 AM   #6
BlackAcid
A Deviate Faerie Dragon
 
BlackAcid's Avatar
Join Date: Nov 2005
Posts: 12
Do be careful when going to sites like this. Some sites (even if you post useless info) can harbor malware, spyware, and even click jacking* on the pages.
I know you were just trying to check it out, but you might want to make absolutely sure you weren't hijacked or installed anything.


* http://en.wikipedia.org/wiki/Clickjacking
  Reply With Quote
11-11-09, 12:22 PM   #7
todd3835
A Flamescale Wyrmkin
AddOn Author - Click to view addons
Join Date: Mar 2009
Posts: 89
Originally Posted by BlackAcid View Post
Do be careful when going to sites like this. Some sites (even if you post useless info) can harbor malware, spyware, and even click jacking* on the pages.
I know you were just trying to check it out, but you might want to make absolutely sure you weren't hijacked or installed anything.


* http://en.wikipedia.org/wiki/Clickjacking
That's why i did it from my iphone and not my pc =]
__________________




People with OCD (Or CDO in Scott's Case) prefer nUI+! Find it at www.nuiaddon.com
  Reply With Quote
11-11-09, 12:53 PM   #8
forty2j
A Cobalt Mageweaver
Join Date: May 2007
Posts: 232
Originally Posted by todd3835 View Post
That's why i did it from my iphone and not my pc =]
Hmm.. clickjacking may be possible on the iPhone, since it attempts to render pages as they would appear on the desktop. Be careful!

If you see the dog poop sitting on the sidewalk, would you step in it to see how fresh it is? Even if you changed into boots first?
  Reply With Quote
11-11-09, 01:04 PM   #9
Xrystal
nUI Maintainer
 
Xrystal's Avatar
Premium Member
AddOn Author - Click to view addons
Join Date: Feb 2006
Posts: 5,535
rofl, choke splutter .. what an analogy

But yeah I'm usually crafty and try to look at the source of the website before it is pulled up. I caught a potential card fraud advert that way and sent off the details to the official website it was trying to emulate. They were really good though as the only thing that shouted warning signs was the request for the 4 digit ATM pin no. No website needs that information.

Other than that they were using the official websites links and script files giving the impression that they were bona fide. The scary thing was that if I had used their company for more of my flights I may have fallen for it barring that ATM request. 'As a thanks for flying with us you are eligible for $500 blah blah' The fact that I had only flown with them once flagged up as suspicious hence the investigation.
__________________
  Reply With Quote
11-11-09, 01:43 PM   #10
zero-kill
A Firelord
 
zero-kill's Avatar
Join Date: Aug 2009
Posts: 497
As a final warning, don't go to websites if you have to question why you go to them. Also calling your ISP about why you got a virus on your computer is just lack of intelligence.

/rantoff
  Reply With Quote
11-11-09, 09:34 PM   #11
Bluspacecow
Giver of walls of text :)
 
Bluspacecow's Avatar
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 770
Another big tip I can share :

If the domain name in the url isn't some form of "battle.net" or "worldofwarcraft.com"

Do . Not. Put in your wow username and password anywhere on that site.

If it's not a sub domain of those 2 domains ... Do. Not. Want.

EG

us.battle.net is a subdomain of battle.net
us.battle.net.iwantologyourkeys.com IS NOT !!!!!

forums.worldofwarcraft.com is a subdomain of worldofwarcraft.com
login.worldofwarcraft.57.com IS NOT !!!
__________________
tuba_man on Apple test labs : "I imagine a brushed-aluminum room with a floor made of keyboards, each one plugged into a different test box somewhere. Someone is tasked with tossing a box full of cats (all wearing turtlenecks) into this room. If none of the systems catch fire within 30 minutes, testing is complete. Someone else must remove the cats. All have iPods." (http://community.livejournal.com/tec...t/2018070.html)
  Reply With Quote
11-11-09, 09:45 PM   #12
Bluspacecow
Giver of walls of text :)
 
Bluspacecow's Avatar
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 770
My last big tip ?

whois search.


You should only be putting in your wow username and password on sites that you know are owned by Blizzard.

How do we know if it's Blizzard owned ?

By looking it up on a whois database.

When a company registers a domain (eg battle.net) they pay a fee to a domain register company. Their details are then listed in the whois record for that website or domain.

This whois record can usually be looked up as it's public information.

The website I used for it is domaintools.com

How do I read this funny whois record thingy whatsey whosey ?

Good question !

The best way is to have a webpage open to domain you absolutely know is owned by Blizzard.

login.worldofwarcraft.com for example.

Look that up and have it open in a seperate window. Then compare the details for one you've looked up for the suspect website. The Blizzard owned domain would have an admin & technical contact in Irvine California. IP Location in California. All sorts of stuff that should match the one for the legit Blizzard website.

EU players compare your whois records with either battle.net or wow-europe.com (that last domain has an admin contact in California , IP location in France)

I've pumped every single key logger address I've ever seen through this system and it works - the key logger websites would have admin contacts and physical IP address in China or the Balkans or some other location not Blizzard's location.

If you need help I'm only a PM away
__________________
tuba_man on Apple test labs : "I imagine a brushed-aluminum room with a floor made of keyboards, each one plugged into a different test box somewhere. Someone is tasked with tossing a box full of cats (all wearing turtlenecks) into this room. If none of the systems catch fire within 30 minutes, testing is complete. Someone else must remove the cats. All have iPods." (http://community.livejournal.com/tec...t/2018070.html)
  Reply With Quote
11-12-09, 04:31 AM   #13
front243
Premium Member
Premium Member
Join Date: Jul 2008
Posts: 29
Worst thing I've seen recently from Blizzards side was the Blizzcon Stream pet redemption email. Actually it was not Blizzards fault but the streaming company.

They send out an email with the link text "blizzcon.com" or similar site name. But the link clearly went to an ".il" (Israel) domain. I actually thought it was bogus, and Thunderbird flagged it as phishing as well. I posted a warning on the Blizzard forums but was told it was in-fact the correct email
  Reply With Quote

WoWInterface » General Discussion » Chit-Chat » Hack Alert!

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off