Thread Tools Display Modes
06-09-09, 01:29 PM   #21
derailed1973
A Kobold Labourer
Join Date: Jun 2009
Posts: 1
Thumbs down bologna

I just bought a new computer, reactivated my account after about a year of not playing, downladed WOW and got on this web site and downloaded quest helper. Guess what your addon has a keylogger attached to it, thanks alot. And yes I was able to trace it back to the addon. I was able to play Friday and my account was hacked and switched to battle.net by Saturday. It was fun getting my account back, petitioning for a restore, cleaning out my new computer, and apologising to my guild mates for someone robbing the bank. From now on I think everyone should steer clear of this asian scamming site.
  Reply With Quote
06-09-09, 03:01 PM   #22
Auren
An Aku'mai Servant
 
Auren's Avatar
Join Date: Sep 2006
Posts: 37
Originally Posted by derailed1973 View Post
I just bought a new computer, reactivated my account after about a year of not playing, downladed WOW and got on this web site and downloaded quest helper. Guess what your addon has a keylogger attached to it, thanks alot. And yes I was able to trace it back to the addon. I was able to play Friday and my account was hacked and switched to battle.net by Saturday. It was fun getting my account back, petitioning for a restore, cleaning out my new computer, and apologising to my guild mates for someone robbing the bank. From now on I think everyone should steer clear of this asian scamming site.
Amusing.. ZOMG QH IS KEYLOGGER..
I've just downloaded QH, and there is nothing in the LUA coding that could even resemble a keylogger, nothing in the image files, that could be used to exploit a bug in windows.
You obviously, don't know much about Addons, to accuse an ADDON to be a keylogger, they have no way of sending out info, apart from in a /w but then you'd see it in the sourcecode.

Stop using ch33tz, paying ppl to level ur account. and double check your pc again.
__________________
Rogue [Combat] - 80
Paladin [Protection] - 80
Death Knight [Blood] - 77
Shaman [Elemental] - 77
Mage [Frost] - 76
Priest [Shadow] - 75
Hunter [Beast] - 72
  Reply With Quote
06-09-09, 03:06 PM   #23
Yhor
A Pyroguard Emberseer
 
Yhor's Avatar
Join Date: May 2007
Posts: 1,077
Originally Posted by derailed1973 View Post
<snip>

From now on I think everyone should steer clear of this asian scamming site.
Just to be clear, what site are you speaking of?

*do not post a link, a name will suffice*
  Reply With Quote
06-09-09, 03:15 PM   #24
Tristanian
Andúril
Premium Member
AddOn Author - Click to view addons
Join Date: Nov 2007
Posts: 279
Originally Posted by derailed1973 View Post
I just bought a new computer, reactivated my account after about a year of not playing, downladed WOW and got on this web site and downloaded quest helper. Guess what your addon has a keylogger attached to it, thanks alot. And yes I was able to trace it back to the addon. I was able to play Friday and my account was hacked and switched to battle.net by Saturday. It was fun getting my account back, petitioning for a restore, cleaning out my new computer, and apologising to my guild mates for someone robbing the bank. From now on I think everyone should steer clear of this asian scamming site.
The legitimate version of Quest Helper, also hosted on WoW Interface (among other websites the author has explicitly authorized to host the addon) is free of executables or any kind of file that would resemble a keylogger. Files approved for download on WoW Interface are checked "by hand" by a few select and reliable individuals. If you downloaded Quest Helper (or at the very least a file claiming to be Quest Helper) from an unsupported or otherwise unauthorized website, where the author did not opt-in, then it is very likely that your computer was compromised.

As far as pure addons go, I will just quote honem :

Your average run of the mill addon can not log your keys or steal your login and password.

An addon consists of a few text files , some images and some sounds maybe.

They operate in a sandboxed environment so hence have no access to the outside world , can't email anything , can't send anything any where and don't even have access to your hard drive. They can read in from the saved variables and write out to the saved variables at logout/game exit but even that's limited (afaik they can't even name the file).

Also they load after you've already logged in. So even if they could send it somewhere they wouldn't have the information to send as that authentication information's gone by the time they get loaded.
Some friendly advice :

1) Never trust random links pointing to X addon on Y website you've most likely never heard about.
2) Always check (and double-check), what is it that you are actually downloading, claiming to be a WoW addon. Run a virus scan and/or a malware scan on it, if possible. Obviously official site "updaters" are excluded from this, in case you decide to trust them.
3) Never, EVER (and I can't stress this enough) run executables on your machine, claiming to be even "installers" for popular addons.
__________________

Last edited by Tristanian : 06-09-09 at 03:24 PM.
  Reply With Quote
06-09-09, 03:27 PM   #25
Yhor
A Pyroguard Emberseer
 
Yhor's Avatar
Join Date: May 2007
Posts: 1,077
Originally Posted by Tristanian View Post
Please don't encourage posting anything of the kind. There are enough people rushing to these so called "addon websites", only to get fooled by downloading malicious executables, as it is. Any such posts, I will personally delete outright, for obvious reasons.

I only asked, so that the information could be given as an alert, at the very least in the past, there has been someone to verify such accusations. Also, I wanted to be sure they were NOT referring to this site, as the post was ambiguous at best.

My apologies for encouraging whatever it is you think I was encouraging...
  Reply With Quote
06-09-09, 03:27 PM   #26
Vyper
A Rage Talon Dragon Guard
 
Vyper's Avatar
AddOn Author - Click to view addons
Join Date: Jul 2008
Posts: 317
FYI, The ONLY sites authorized to distribute QuestHelper are WoWInterface and Curse. If you are downloading from any other site, you do so at your own risk.

We constantly have spam on the Curse comment pages (none that I have noticed here) saying "Download QuestHelper from XXX, its a great site" or some such. Almost all of these are hosting malicious executables. We delete them as fast as we can, and warn people constantly, but with 2 million users, there's always a few that see the post before we do and fall for it. This fellow is probably one of those poor saps.
  Reply With Quote
06-09-09, 03:32 PM   #27
Ackis
A Cliff Giant
 
Ackis's Avatar
AddOn Author - Click to view addons
Join Date: Oct 2005
Posts: 78
Can't just let the links stay, and let darwinism take effect?
  Reply With Quote
06-09-09, 06:36 PM   #28
Tristanian
Andúril
Premium Member
AddOn Author - Click to view addons
Join Date: Nov 2007
Posts: 279
Originally Posted by Yhor View Post
I only asked, so that the information could be given as an alert, at the very least in the past, there has been someone to verify such accusations. Also, I wanted to be sure they were NOT referring to this site, as the post was ambiguous at best.

My apologies for encouraging whatever it is you think I was encouraging...
No need for an apology Yhor. Point is, I've personally witnessed people mindlessly clicking those websites links, sometimes disregarding warnings, as Vyper pointed out, in the case of Curse. We do our best to protect our users and community and as far as file handling goes for uploads here in WoWI, I believe I've clarified on the procedure
__________________
  Reply With Quote
06-09-09, 06:49 PM   #29
Seerah
Fishing Trainer
 
Seerah's Avatar
WoWInterface Super Mod
Featured
Join Date: Oct 2006
Posts: 10,860
Yhor/Tristanian: I believe he was referring to *this* site. Which is odd, because I wasn't aware that this site is based out of Asia...
__________________
"You'd be surprised how many people violate this simple principle every day of their lives and try to fit square pegs into round holes, ignoring the clear reality that Things Are As They Are." -Benjamin Hoff, The Tao of Pooh

  Reply With Quote
06-09-09, 07:02 PM   #30
Yhor
A Pyroguard Emberseer
 
Yhor's Avatar
Join Date: May 2007
Posts: 1,077
Originally Posted by Seerah View Post
Yhor/Tristanian: I believe he was referring to *this* site. Which is odd, because I wasn't aware that this site is based out of Asia...

That is what I thought they meant, just wanted clarification before they 'got schooled' on what *this site* goes through to ensure the safety of it's member's/visitor's gaming customizations (addons) and this sites genuine concern for the community as a whole.

If they were/are referring to another site, I'd hope there would be efforts to investigate and put out an alert, if it's deemed necessary/wise to do so. No one likes being hacked and anything that can be done to prevent future instances, should be done... with exception to just ignoring it and hoping it goes away.
  Reply With Quote
06-09-09, 10:29 PM   #31
Shtaiven
A Defias Bandit
 
Shtaiven's Avatar
Join Date: May 2009
Posts: 2
Originally Posted by Cairenn View Post
paint4blood, it may not have been wowmatrix or skada. Don't point fingers unless you have incontrovertible proof to back it up, please. Not fair to ruin someone's reputation when you don't know for sure.

If you were keylogged, it could have been as long as six months ago. They almost never hit an account as soon as they get the info. It usually takes at least a couple weeks. It could very well have just been a brute force/dictionary hack, too, no keylogging involved at all.

You need to contact Blizzard's Account Support department to get the ball rolling on getting your account back. Then you need to run virus and malware checks on your system, to make sure it's clean.
I've scanned Skada and found it had no infected files, at least when I scanned it with ClamXav, a freeware virus scanner. If anything, I think I just discovered a new, awsome addon i can replace both Recount and Omen with
__________________
  Reply With Quote
06-09-09, 10:39 PM   #32
Republic
Paladin
 
Republic's Avatar
Join Date: Jun 2007
Posts: 277
Originally Posted by derailed1973 View Post
I just bought a new computer, reactivated my account after about a year of not playing, downladed WOW and got on this web site and downloaded quest helper. Guess what your addon has a keylogger attached to it, thanks alot. And yes I was able to trace it back to the addon. I was able to play Friday and my account was hacked and switched to battle.net by Saturday. It was fun getting my account back, petitioning for a restore, cleaning out my new computer, and apologising to my guild mates for someone robbing the bank. From now on I think everyone should steer clear of this asian scamming site.
Please describe in detail how you traced it back to the addon downloaded from this site...

<edge of seat with popcorn>
  Reply With Quote
06-09-09, 11:52 PM   #33
Shirik
Blasphemer!
Premium Member
WoWInterface Super Mod
AddOn Author - Click to view addons
Join Date: Mar 2007
Posts: 818
Originally Posted by Shtaiven View Post
I've scanned Skada and found it had no infected files, at least when I scanned it with ClamXav, a freeware virus scanner. If anything, I think I just discovered a new, awsome addon i can replace both Recount and Omen with
In all honesty, most of the malicious files that are attempted to be uploaded here aren't even detected by virus scanners because they're new or one-shots. This is why we have a rigorous screening process for any executable files on this site (and why it could take as much as a week to get an executable approved), because we actually take it apart and prove it's clean -- even the slightest hint that it's bad will get it denied.

I'd be more than willing to take it apart if you want to PM me a link to where you downloaded the file. The file hosted here is assuredly clean -- there's nothing in it that could be dangerous.
__________________
たしかにひとつのじだいがおわるのお
ぼくはこのめでみたよ
だけどつぎがじぶんおばんだってことわ
しりたくなかったんだ
It's my turn next.

Shakespeare liked regexes too!
/(bb|[^b]{2})/
  Reply With Quote
06-12-09, 07:08 PM   #34
Republic
Paladin
 
Republic's Avatar
Join Date: Jun 2007
Posts: 277
Originally Posted by Republic View Post
Please describe in detail how you traced it back to the addon downloaded from this site...

<edge of seat with popcorn>
...still waiting to hear from the op...

What do people get out of making forum accounts just to lie to people on the internet? Honestly...
  Reply With Quote
06-12-09, 08:19 PM   #35
Tearstar
A Cyclonian
 
Tearstar's Avatar
AddOn Author - Click to view addons
Join Date: Jan 2009
Posts: 42
Originally Posted by Shirik View Post
In all honesty, most of the malicious files that are attempted to be uploaded here aren't even detected by virus scanners because they're new or one-shots. This is why we have a rigorous screening process for any executable files on this site (and why it could take as much as a week to get an executable approved), because we actually take it apart and prove it's clean -- even the slightest hint that it's bad will get it denied.

I'd be more than willing to take it apart if you want to PM me a link to where you downloaded the file. The file hosted here is assuredly clean -- there's nothing in it that could be dangerous.
A good example of an addon that has a non lua, xml, toc file in it is EpicMusicPlayer which has a .bat file in it, but as it's been said if a file that is infectable is detected it's reverse engineered to double check, WoWI admins wanna make sure no file ruins their rep
__________________
Author of Mini-Targ

Magelo Profile
My Myspace
My Youtube Channel

My First Video I made for my kids - please comment and/or rate

  Reply With Quote
06-12-09, 11:41 PM   #36
Mooshroom
A Murloc Raider
Join Date: Feb 2006
Posts: 5
Originally Posted by Ackis View Post
Can't just let the links stay, and let darwinism take effect?
Cruel, but i like it

When this thread started i actually typed up a lengthy reply about account security (how to create a safe password, how to keep that password safe), steps to do to make sure your PC is safe (patch the OS, patch your browser, using virus/malware protection, etc.), and general behavior on the internet (Hey look, a new Dragonballs screensaver in .exe format! Let's install it! It's on this cool new site i never heard about before, can't be bad right?)

After frantically typing away for an hour i realized i could sum up the entire post with "Use your brain(s)". Which brings me to the darwinian approach Ackis brought up ... if you're too greedy, lazy and stupid to fall for any of the scams or compromised files, you probably deserve it and you'll not be missed on the server you're playing on. The information on what to do and how to do it is out there; if you chose to be ignorant ... oh well

That only applies to people that click stuff without taking a second to think about what they're doing. I don't know of a single "hacked" account that couldn't ultimately be tracked down to some kind of user fail.

Of course there is ways to unknowingly help other people to access to your account that about nobody ever brings up: Ever played WoW in a public place like LAN party or internet café? Over an unsecured wireless network even? Just food for thought
  Reply With Quote
06-12-09, 11:54 PM   #37
genicyde
A Defias Bandit
Join Date: Jun 2009
Posts: 2
i had my account hacked 2

i had my account hacked following a transfer. i have no idea how it happened. although i bought an authenticator and my account has been secure since. its probably the safest way to keep you account from being hacked. word to the wise... if you get the authenticator be sure your system is clean before entering the authenticator identification code. if there is a weakness in this it would have to be here.
  Reply With Quote
06-13-09, 01:40 PM   #38
Republic
Paladin
 
Republic's Avatar
Join Date: Jun 2007
Posts: 277
I feel like some of you are missing the point. The guy said he was able to trace his "keylogger" back to the addon he downloaded from "this site". I believe he also refers to "this site" as an "asian scamming site".

I'm still waiting for detailed information to back up and support these claims. I'd like to know the steps taken to trace anything back to "this site".

(for those of you unable to detect sarcasm, I'm calling this 1 post wonder's bluff)
  Reply With Quote
06-13-09, 01:49 PM   #39
voodoodad
Large, Friendly Letters!
 
voodoodad's Avatar
Join Date: Oct 2008
Posts: 1,632
Originally Posted by Republic View Post
I feel like some of you are missing the point. The guy said he was able to trace his "keylogger" back to the addon he downloaded from "this site". I believe he also refers to "this site" as an "asian scamming site".

I'm still waiting for detailed information to back up and support these claims. I'd like to know the steps taken to trace anything back to "this site".

(for those of you unable to detect sarcasm, I'm calling this 1 post wonder's bluff)
I have a feeling it's a rogue element of the WM supporter's league still trying desperately to get in a new shot at WoWI. The old arguments didn't work, why not try something new? Or is this all just my inner conspiracy theorist trying desperately to break free?
__________________

~ no need to make the message completely obnoxious - Cairenn
  Reply With Quote
06-13-09, 01:51 PM   #40
Petrah
A Pyroguard Emberseer
 
Petrah's Avatar
AddOn Author - Click to view addons
Join Date: Jan 2008
Posts: 2,988
Originally Posted by voodoodad View Post
I have a feeling it's a rogue element of the WM supporter's league still trying desperately to get in a new shot at WoWI. The old arguments didn't work, why not try something new? Or is this all just my inner conspiracy theorist trying desperately to break free?

Me thinks it was nothing more than a troll /nods
__________________
♪~ ( ) I My Sonos!
AddOn Authors: If your addon spams the chat box with "Addon v8.3.4.5.3 now loaded!", please add an option to disable it!
  Reply With Quote

WoWInterface » General Discussion » Chit-Chat » Guess what... my account was hacked.

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off