Hacked/Keylogged

Nehaxak

Yee-arr ! Had my account hacked last night, seems I was keylogged at some stage. Given though that I don't sleep much anyway and it was a hot night, I logged in around 2.30am and somehow managed to interrupt the hacker. They only got away with all the gold I had at the time (just under 4k) and didn't manage to wreck my account, delete or sell stuff etc.,

GM took ages to respond but was really nice (ofc they always respond just as you start a boss fight in a raid, we had just start Hodir).
Thankfully Blizzard released the authenticator iphone application for the EU on the same day I was hacked so I managed to merge my account into battle.net and add the iphone authenticator also. Brilliant, absolutely brilliant stuff. Would highly recommend it to anyone worrying about their own account security.

While I was raiding the hacker also tried to reset my account password, I got an email from battle.net with a link I had to click (this was before I added the authenticator). Was also just 5 minutes after I'd finished speaking with the nice GM.

Mad at AVG anti virus for not even picking up the keylogger at any stage. Have uninstalled it and put Avira premium on instead.

Wouldn't mind but I'd also ordered two of those blizzard authenticator dongles from their site 2 nights ago. Funny that iphone app will be sufficient for now though.

GM has escalated the ticket to some "specialist" now, so I'll get my gold back eventually I'm sure. Would be nice to find out though what country the hacker was from, I'm guessing the Asia region somewhere but I'll ask the GM if I get a chance to chat with him when they restore the gold (if it's not through the mail).

Anyway, just a warning to others and I would highly recommend you get the blizzard authenticator, either the dongle or the free mobile app.

I am really careful on what sites I visit, don't use warez or keygens, p2p etc., so really don't know how the hell I was keylogged in the first place, computer is always bang up to date with latest patches also. Don't account share, don't even let my kids or GF play on my account. Very strange how it happened, really can't figure out how at the moment other than maybe just AVG not picking whatever it was up, maybe something from a website I visited via flash or whatever ?? very confused.

Now I have the delight of having to also contact my bank and credit card to possibly get those details changed, just in case

Absolute bastards though :mad:

20 Times 20 Times

After reading this post i set up my Battle.net account and got the authenticator for my iphone also.

Dustaz

How do the authenticators work?

DO you have to type an 8 digit code from it every time you log in?

The amount of times i quit and come back in one session would put me off it

elexes

have you bought gold in the last 6 months ? or have you figured out if it was a keylogger

if it was a keylogger did how did you go about finding it and stopping it ?

from what i remember key loggers always slow down computers to snail pace

BadCharlie

I just have the Itouch will it work with that also ?
But might be best to use it on a phone... as you only found out when u got a text that someone was trying to change your password ?

Dont have an ipone

BadCharlie

I always have my account name as remember. So i never have to type that in... been like that for months now. So each time i only need to type in password. Even if im keylogged they will be waiting for a very long time to get my account name and by then i would hope my anti virus will have sniffed it out.

Rev Hellfire

That iPhone app is quite smart. Though are you screwed if your iphone goes crash ?

Rev Hellfire

elexes wrote: »

from what i remember key loggers always slow down computers to snail pace

There's no reason that a key logger will slow your machine in any noticeable manner.

20 Times 20 Times

Dustaz wrote: »

How do the authenticators work?

DO you have to type an 8 digit code from it every time you log in?

The amount of times i quit and come back in one session would put me off it

Thats exactly how it works , You log on using your battle.net account and then that gets accepted it then asks you for the code from your iphone. Now logging out to change char , and now exiting the game you wouldn't need to use the code all the times in this instance from my understanding.

20 Times 20 Times

BadCharlie wrote: »

I just have the Itouch will it work with that also ?
But might be best to use it on a phone... as you only found out when u got a text that someone was trying to change your password ?

Dont have an ipone

It will also work on the itouch ,Just do a search for Blizzard Entertainment on the apps section and it should come up.

Xyo

I just have my password on a textpad file and just copy paste each when I log in.

Dcully

I just have my password as a macro on g15 keyboard.

WellyJ

Dcully wrote: »

I just have my password as a macro on g15 keyboard.

A good Keylogger will still pick that up.

TheDoc

I just type in the name and password on connect. Takes me all of 5 seconds. Whats this iphone app thing do?

Nehaxak

Still can't figure out how I got keylogged, really can't. Only thing I can possibly put it down too is when I logged in at one stage on the kids' eeepc ages ago, just to see if Wow would run on it. Maybe the keyloggers are only now going through the details collected

Oh and no, I never bought gold either at any stage ever.

I'll switch from the iphone app to the blizzard authenticator dongle when it arrives but the iphone is excellent though, highly recommend it.
Far as I know it also runs on the itouch, you just need a wifi connection running on it to get it working (or also 3G or whatever on the iphone).

Still waiting on GM's to sort it out and get my gold back, probably take a few days I reckon.

TechnoPool

ouch

Black Swan

Nehaxak wrote: »

Mad at AVG anti virus for not even picking up the keylogger at any stage. Have uninstalled it and put Avira premium on instead.

Were you using the freeware AVG? I'm not a big AVG fan, preferring to secure my rig with KIS2009, plus layering my defenses with other apps.

Kiith

I've been using AVG Free for years now, and havent had any problems. Might be because i have sweet **** all gold in my Warcraft account though

cian1500ww

Thing I'll be getting that app too, its too bad our accounts have to be secured almost as strong as bank accounts :O

Nehaxak

Blue_Lagoon wrote: »

Were you using the freeware AVG? I'm not a big AVG fan, preferring to secure my rig with KIS2009, plus layering my defenses with other apps.

No, I had the full version, paid for 3 licences to secure my own, the kids and the GF's computer.

Got some 3 month coupon code for Avira premium secure suite so I'm using that now, plus Ad-aware free version. I hate slowing down my computer with stuff like this and extra processes but this keylog got me all flustered

TheDoc

This generator thing doesnt work for me

Downloaded to itouch but its a US code being generated, dont know whats going on or how to work it

So gave up : /

Black Swan

Nehaxak wrote: »

No, I had the full version, paid for 3 licences to secure my own, the kids and the GF's computer.

Got some 3 month coupon code for Avira premium secure suite so I'm using that now, plus Ad-aware free version. I hate slowing down my computer with stuff like this and extra processes but this keylog got me all flustered

Kids usage patterns, and where they visit, yikes! Perhaps you may want to consider going OS virtual? VMware (and other similar programmes) allows you to create mirror operating systems for you and your kids, and if one computer gets corrupted, because it's just a file, you can delete it (along with all the malware infections in one stroke), then reinstall a new and clean virtual OS without too much hassle?

Nehaxak

TheDoc wrote: »

This generator thing doesnt work for me

Downloaded to itouch but its a US code being generated, dont know whats going on or how to work it

So gave up : /

Strange that The serial code you need to enter from the generator to your account should start with EU.

Got all my gold back btw tonight, that was really fast from Blizz, they sent it in the mail to me.

Strangest thing though, about 4 hours later I got a mail from someone I don't even know with the exact same amount of gold I lost attached :eek:
I'm presuming blizzard found the culprit(s) and deleted the accounts (hence the mail was returned to me from whoever hacked my account sending the gold in the mail to that person).

I've left the mail there with the gold within, didn't take it yet as I presume blizzard are still sorting things out. Nice though, will do me for a couple hundred repair bills from Ulduar

Blowfish

Xyo wrote: »

I just have my password on a textpad file and just copy paste each when I log in.

That's not going to stop anything. It's easier to track the clipboard than it is to track keys pressed. Most keyloggers will do both.

Drakar

Wow itself detects alot (most?) keyloggers, if AVG didnt find it (sure its not infaliable), its probably worth considering if it's a keylogger at all (you dont mention if your new AV found anything).

Make sure your password isn't easy to guess (shouldnt be a word in a dictionary etc), ideally the same password shouldnt be used for other websites or services, and obviously someone else shouldnt know your password (where they might give it away by accident / social engineering / observed etc).

Remember if your new Avira didnt find a keylogger, either there isn't one, or it's still there.

Nehaxak

Well I think I might know what it was, a combination of crap AVG, Thunderbird email reader and spam/virus emails from dicks selling wow gold

Opened Thunderbird to check email last night and Avira immedieately found nearly 20 viruses including a few keyloggers. They seemed to activate via the email itself, html code within or something I suppose or attachments, though I noticed no attachments. AVG never ever even once detected anything within thunderbird.

I've switched now back to outlook as it has better security for emails.

That at least now is something I could possibly put it down too.

Avira didn't find anything after I installed it but I had run some online scanner via trend micro after I found out I was keylogged and it found something in (if I remember rightly) jpgutils.dll - whether or not that was the culprit I dunno.

The other thing I could put it down too was if my email itself was hacked at some stage as I stored all my emails on the server (no longer doing this) and yeah I stupidly used the same password or combination of it for multiple other services (no longer doing this now either) and I hadn't changed my wow password for well over a year at least anyway - so really, could've been keylogged at any stage but only recently they decided to use the details.

Horsefumbler

Nehaxak wrote: »

Strangest thing though, about 4 hours later I got a mail from someone I don't even know with the exact same amount of gold I lost attached :eek:
I'm presuming blizzard found the culprit(s) and deleted the accounts (hence the mail was returned to me from whoever hacked my account sending the gold in the mail to that person).

I've left the mail there with the gold within, didn't take it yet as I presume blizzard are still sorting things out. Nice though, will do me for a couple hundred repair bills from Ulduar

Reported, ofc.

Drakar

You're much safer using one of the online email providers like Gmail or Yahoo mail as they'll do the virus scanning, virus updates etc for you (and keep spam to a minimum too), and of course you can access your email from whatever machine you like.

CutzEr

Well you absolutely cannot get any viruses from 'html code', that being said - It is possibile that it automatically downloaded viruses from the email, but I would have thought that thunderbird would have blocked that.

If your password is a common one, someone could have guessed it (or in a large scale brute force it) basically just guessing a load of passwords until they got the right one.

AaronFitz

Thats harsh man, I am glad you intrupted it and your gold is being sorted out by blizz. I personally have my login on remember, use avast antivirus/malware my password in on a usb drive which is encrypted, I copy and paste it and change it every 2-3 months.

I have yet to be hacked, and I think my system is pretty much foolproof. Props to you for bringing awearness to the authen from blizz, its a good system, so good infact visa is implementing it for online purchases.

smithcity

Ok, I know this thread is ancient and some people are gonna get thick about me bringing it back...

I've read a little about accounts getting hacked.

Do I need to worry about playing over the wireless connection in college? Could people be hacking my account or any such thing? I've never had trouble there before, and there's always quite a few techies around on the same network who I know are probably exploring weaknesses in peoples systems.

Now, I might be wasting everyones time, cos it's summer, I've just started playing and haven't had a chance to try the college network yet. The administrators might have WoW blocked, but I doubt it cos I get amazing speeds for torrents there.

I'm running Mc Afee which I've found great so far.