Wednesday, October 04, 2006

March of the Keyloggers

Recently a couple of my friends became the victims of having their World of Warcraft accounts hijacked. Neither had recently used a power leveling service or let anyone else use their account. However, they both did some things that were kind of careless from a security standpoint. I am going to tell both their stories and give you an idea how easy it is to get your account stolen from you if you're not careful. Its not really a pain in the ass to safeguard your account and if you take a couple of easy steps you're practically immune to key logging programs.

Friend number one who we'll call Richard signed onto his account from a friend's computer. Richard was over at this friend's house one night and wanted to show his character off when he found out the friend also played WoW. This is a special danger to World of Warcraft players since the game has become so popular that it is probably installed on most gamers’ computers. However, just because its installed doesn't mean you should use it.

In the case of Richard the computer he used was infected with a key logging program. So even though Richard kept his own machine clean as a whistle by signing onto his friend's unsecured computer he gave his password and account name away to a gold seller. The next day Richard logged onto his account to find all his characters as naked as level one mules. Even their hearthstones had been deleted, those bastards! An hour later his friend called him to complain about getting hacked.

Friend number two who we'll call Michael found out he was missing the updated version of ctraid right before a Molten Core run. Quickly needing to update to get an invite he typed "ctraid" into Google and used the first mirror site that came up. This mirror site just happened to have a copy of ctraid with a key logger program piggy-backing on the popular addon. Thus as soon as some enterprising gold seller could be bothered all of Michael's characters also magically lost their clothes just like Richard.

Unlike Richard's case though this heist was done during the weekend thus most of Michael's friends were on when it was happening. After watching his characters pop on and off like flickering Christmas lights we recognized the pattern. Speaking in our general chat channel we made several comments to the thief trying to get him to respond. Finally getting annoyed we made a bet to see who could get him to respond. We had a limited timeframe to work in since the thief was quickly moving through all of Michael's alts. This guy was a professional.

One friend remarked that he hoped the thief was happy supporting terrorists. No response. Another released a string of obscenities at the thief which would have made Snoop Dogg blush. Still Ignored. Finally I asked jokingly if the thief knew a good place to buy gold. "cheap wow gold prices@ www.buywowgoldone.com" appeared 8 times in our chat window then the thief logged off. Well at least we knew Michael's gold wasn't going to be sold at expensive prices. I claimed my winnings of 10gp from the losers of the bet and did what passes for the dwarven victory dance. In all the commotion I don't think any of us remembered to report the robbery. Oh well its not like a GM could have done anything and at least Michael had 10gp waiting for him when he logged back on.


Steps to take to make sure your account does not get hacked.

1) Use the WoW launcher program instead of the WoW.exe file. This catches most key logger programs.

2) Avoid downloading addons from mirror sites and stick to the main site that actually makes the addon.

3) Use the checkbox on the logon screen which remembers your account name.

4) Type your password into a text file then when you want to logon just copy and paste the password into the logon screen

Your password is not stored anywhere on your computer so its impossible for someone to hack into your machine and steal your account information. The most a virus writer can do is trick you into loading a key logger program onto your computer. Now if you aren't protected by a firewall then its theoretically possible that someone could get into your machine but once again they're not going to magically find your WoW account information there. The only real way for your stuff to get stolen is if a key logger records you typing in your account name and password.


Advanced Anti Keylogger Advice

1 comments:

Relmstein said...

Anti-spyware products are gaining in advancement but they are always playing a game of catch-up to those who are writing viruses and key logging programs. Namely if your unlucky enough to get a new virus then most likely your anti-spyware won't catch it.

From what I understand most anti-spyware programs won't catch keyloggers disguised as addons but a good firewall will when the program tries to transfer data through a non-standard port.