1. #1

    2.4, Blue posts, UICentral, WoW Comic

    Nothing really new today, but a few interesting things to check if you've got some free time. Yes, I'm aware that there is a screenshot with supposed Sunwell loots screenshot (fake) (Link added because of the tons of requests I got in mail :/), but they're a fake from private servers, you can stop mailing it to me. (We're still accepting mails if cookies are included though)

    2.4 News ... soon.
    Blue posters are surprisingly inactive lately, however we got our weekly "2.4 news are coming soon" post.
    [blizzquote="Nethaera;http://forums.worldofwarcraft.com/thread.html?topicId=3881786824&postId=40025815337&sid=1#2]The Blizzcast is now out and we are working on compiling information on the Under Development for patch 2.4 to give everyone updates. It takes some time to do, but we will be updating before long. I'm sure what everyone is really waiting for are the actual patch notes, but you'll have to wait for those to hit the test realm.[/blizzquote"]


    Other blue posts
    Today's posts aren't really informative, but they might answers questions that people are asking themselves.
    Originally Posted by Blizzard Entertainment
    No date for Arena Season 4
    No one will be able to tell you when the season 4 starts. (Source)

    No date for the next Blizzcon
    BlizzCon doesn't have a time set in stone when it will happen. We have had a great time doing them in the past, but we have no details on when or if it another one will occur. (Source)

    Skulloc's Soul bug
    The bug preventing players to loot Skulloc's Soul will be fixed in an upcoming patch. (Source)

    Incgamers' UICentral Trojan Infected
    Update : Rushster has since moved the file to a separate server to avoid this happening again. If you'd like to read more about the issue, see the thread on Incgamers here: http://wowui.incgamers.com/?p=mod&m=2106.

    Cairenn, an admin of WoWInterface.com posted this thread on the official forums to warn users about a potential trojan in the latest version of incgamers'UICentral (the tool used to auto update your mods).

    (4:07:58 PM) Shirik: So here's the deal. UI Central is packaged with a program "patcher.exe" which has code in it to go download an "update.exe" from a non-incgamers site
    (4:08:05 PM) Shirik: update.exe is then immediately run
    (4:08:51 PM) Shirik: update.exe proceeds to install itself as wzcsvbc.dll
    (4:10:01 PM) Shirik: It installs that from a remote site if possible, and if that fails it will instead use its own copy
    (4:10:26 PM) Shirik: It then registers itself with lsass.exe so that it can be resident at every startup while remaining hidden
    (4:10:43 PM) Shirik: After all that's complete, update.exe attempts to delete itself and shut down


    Now luckily for everyone (in one sense) it is the same one as showed up previously. Therefore, we already know how to get rid of it.

    If you're using this software, I suggest that you read the whole thread and check your system to make sure it's not infected.


    Newest WoW Comic sneak peek
    The newest issue of the World of Warcraft comic book series from WildStorm arrives in store today, January 16th. In it, Rehgar takes Lo'Gosh and Broll to Thunder Bluff for a cleansing ritual. Unfortunately for the pair, lurking beneath the surface of the Pools of Vision is a force like nothing they've ever faced before.

    An online preview of the first 5 pages is available on the official site



    Holiday contests winners
    The Holiday Screenshots contest and the Holiday Dessert contest are now finished and a list of the winners is available on the official site, as well as screenshots and pictures of the best submissions.




  2. #2

    Re: 2.4, Blue posts, UICentral, WoW Comic

    Hey, Just a quick note to say the Incgamers UI problem, which happened last Thursday/Friday (10th/11th Jan), was resolved in a matter of hours. Only people who downloaded a new version of UI Central during the period of time the hacked version was on the server would have been infected.

    Rushster has since moved the file to a separate server to avoid this happening again, and stresses that this only affected people doing a new install of UIC on the 10th/11th Jan. If you'd like to read more about the issue, see the thread on Incgamers here: http://wowui.incgamers.com/?p=mod&m=2106.

  3. #3

    Re: 2.4, Blue posts, UICentral, WoW Comic

    I'm curious at Maticus' claim that only installs from 10/11 Jan were effected, as the first reports on incgamer's own forum suggests the issue went back to December 31st last year.

    Further, it should be noted that while the file has been moved to separate server, it would appear that this server is the same server that incgamer's host their IRC on. Add to this that they're apparently using a well known broken DNS that can easily have it's data polluted, the apparent old FTP server, I think it's only reasonable for folks to be doubtful of the claims that the IRC server will prove more secure.

    Add on top of this that for some reason or another, this variant of the original trojan wasn't picked up by pretty much every AV tool out there, and trojan scanner. Incgamer's had the data since sometime in November last year - did they not pass it on to AV companies for inclusion? If not, why not? If so, why did the AV tools fail?

    That the domain name used was so similar to incgamers, one cannot help but reach the conclusion that this is a highly targetted attack. I believe incgamers owe it to their customers, and to the community as a whole, to be more open about this. By effectively sweeping it under the carpet, they're merely opening themselves for more ridicule if, heaven forbid, it happens again.

  4. #4

    Re: 2.4, Blue posts, UICentral, WoW Comic

    I'll just address a few points. The DNS issue is due to the hosts having to remove a set of IPs from their servers, it will be resolved shortly. The trojan info was passed on to AV companies last year, if they don't do anything abou tit that's up to them unfortunately. We also passed on info we gathered to other UI sites based on our findings last year following the first incident.

    We have been very open about the issues keeping the community up to date with updates on the site support forums as well as the UIC page itself.

    The server the file is currently held on will obviously be more secure becuase it is not shared with any other website. We will continue to monitor the situation and in the past few days an new layer of security was added to the WoWUI site. Note also that no .exe files can be uploaded to WoWUI there for mods on the site can not affect the community.


  5. #5

    Re: 2.4, Blue posts, UICentral, WoW Comic

    For the benefit of those having trouble with looting Skulloc's Skull, I registered.

    We figured it might have been a "Gnome height issue" as it seems to spawn 6 feet off the ground. I'm not sure if other classes have trouble but after killing it four times we figured it out. Kill him right next to one of the sides of the crypt and you should be able to loot it standing on the crypt. Worked for me.

  6. #6

    Re: 2.4, Blue posts, UICentral, WoW Comic

    Quote Originally Posted by Rushster
    I'll just address a few points. The DNS issue is due to the hosts having to remove a set of IPs from their servers, it will be resolved shortly. The trojan info was passed on to AV companies last year, if they don't do anything abou tit that's up to them unfortunately. We also passed on info we gathered to other UI sites based on our findings last year following the first incident.

    We have been very open about the issues keeping the community up to date with updates on the site support forums as well as the UIC page itself.

    The server the file is currently held on will obviously be more secure becuase it is not shared with any other website. We will continue to monitor the situation and in the past few days an new layer of security was added to the WoWUI site. Note also that no .exe files can be uploaded to WoWUI there for mods on the site can not affect the community.
    Heya Rushter,
    Maybe it's my early morning brain and half a cup of coffee so far. I fail to see how having to remove some IPs relates in any way to using an out of date DNS daemon whose cache data can easily be polluted.

    Good to hear you did pass on the info. What's the chances of modifying your own application to detect it (I know this leads to an arms race, but it's merely an idle thought)? You don't say this explicitly, does the original trojan currently get picked up by AV/Spyware/Launcher.exe tools? (You just say you passed it on and if they did nothing it's their fault). What are the AV/Spyware/Blizzard responses as to why this trojan was never added to detection routines?

    With all due respect, the belief that a mission critical file is more secure because it's on a machine with and IRCd variant rather than a webserver is naive in the extreme.

    It's fairly obvious you have NOT been keeping the community up to date. You never reported it to the Blizz UI forums. You deleted/banned some folks from your site who discussed this. First reports of a new infection were from Dec 31st, yet it was nearly two weeks before you provided a 'No, not us, someone else go away' type response. Then another period of time, after even more reports, before you actually managed to get an infection yourself.

    Oh, yeah. I'm sure someone else would've suggested this, but I'll do it anyways. You may wish to consider using a web browser which has spell checking enabled for text input. Your repeated spelling mistakes look very amateur.


    EDIT: Oh, you may also wish to disable anonymous zone transfers from your DNS server.

  7. #7

    Re: 2.4, Blue posts, UICentral, WoW Comic

    How to know that the screenshot of supposed Sunwell loot is fake: it has a feral dps weapon in it! :9 Anyway, it was pretty believable until you looked closer on weapon dps. Besides, whichever responsible department at Blizzard is making these sort of things, their current staff wouldn't have the balls to make something like the Equip:... bonus on the Vial of the Sunwell - compare pretbc set bonuses with tbc ones if you don't know what I'm talking about.

  8. #8

    Re: 2.4, Blue posts, UICentral, WoW Comic

    @ bleeter, how do you know that is actually him :/

  9. #9

    Re: 2.4, Blue posts, UICentral, WoW Comic

    @Azain

    Well, I don't. Educated guess really; poor spell checking, similar (imo lame) response as previously... but yeah, you do have a point.

  10. #10

    Re: 2.4, Blue posts, UICentral, WoW Comic

    Hmm, now if they're making a movie, imo the series would have been an interesting story to use in it... but I suppose they already have somekind of story since they're working on it.. but meh :P


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •