Page 10 of 14 FirstFirst ...
8
9
10
11
12
... LastLast
  1. #181
    Legendary! Gallahadd's Avatar
    Join Date
    Aug 2009
    Location
    Beyond the 1% barrier.
    Posts
    6,484

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    gotta say this authenticator hack stuff is freakin me out :S, but hey, I'm just gunna keep my virus scanner up to date etcetc and hope for the best :P

    P.S. I hearby start a petition to get the tabard of the Silver Hand's name change to Tabard of the BRO FIST!
    Reading A Song of Ice and Fire is like playing with an adorable puppy, then someone comes up out of nowhere, shoots the puppy and punches you in the face.

    Stands in front of 100 enemies with 10% health left "Myeh, I'll save my potions for when I REALLY need them." - every rpg player ever.

  2. #182

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Damnit! NO! With the possible addition of the deathchargers as quest rewards, i DEMAND a pally mount....and flight form.....and a warlock mount!

    Ill freakin flip if i ever see a paladin riding my precious Deathcharger -.-.

  3. #183

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Hello!

    first of all, english isnt my primary lang. so if something is wrong sorry


    I have an authenticator and i've used and ARP Poison and MitM attacks on neighborns networks, so i know a bit.

    Ok lets go, when you try to log on your userass:numer isnt sended to blizzard, that the reason of the invalid username box, its sended to the attacker who recieves the data in simple text, since he get the userass:numer he have 60 segs to log in in your account or the code expires, if this happen and u diddnt try to login again he havent the number again to login, therefore, the attaquer only can steal accounts while hes sit on his pc, if he is recording all text in a database and hes sleeping, when he wake up only have the user n pass, all the codes has expired.

    I was thinking a bit more, he can change your password to evade your login, but he cannot login again after steal you, because when hes gonna login again the randomcode is needed again, because to unlink the authenticator from the account you need the serial number printed in the back of the auth.

    if u guees that you are infected, dont try to login 10 times more, doesnt nothing, tell a friend to login your account asap to disconnect the attacker, and dont try to login again until your desinfected.

    btw, if hes recording wow, im sure 100% that hes recording the rest of websites such gmail, hotmail, anything that have login:user

    cya

  4. #184

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    I like Wikipedia's examples of a Man In The Middle Attack:

    1. Alice sends a message to Bob, which is intercepted by Mallory:

    Alice "Hi Bob, it's Alice. Give me your key"--> Mallory Bob

    2. Mallory relays this message to Bob; Bob cannot tell it is not really from Alice:

    Alice Mallory "Hi Bob, it's Alice. Give me your key"--> Bob

    3. Bob responds with his encryption key:

    Alice Mallory <--[Bob's_key] Bob

    4. Mallory replaces Bob's key with her own, and relays this to Alice, claiming that it is Bob's key:

    Alice <--[Mallory's_key] Mallory Bob

    5. Alice encrypts a message with what she believes to be Bob's key, thinking that only Bob can read it:

    Alice "Meet me at the bus stop!"[encrypted with Mallory's key]--> Mallory Bob

    6. However, because it was actually encrypted with Mallory's key, Mallory can decrypt it, read it, modify it (if desired), re-encrypt with Bob's key, and forward it to Bob:

    Alice Mallory "Meet me in the windowless van at 22nd Ave!"[encrypted with Bob's key]--> Bob

    7. Bob thinks that this message is a secure communication from Alice.

  5. #185

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    This is good. but not really how it works in this case. But still a good way of thinking of it. Its still very close to how this works which is the point. So people just watch out and dont go to the wrong kind of site and d/l things that you dont know about and should very safe.

  6. #186

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by Bluevomit
    I ran a search on my computer for "emcor" and it found three files. wbemcore.dll , wbemcore.lo_ & wbemcore (notepad file)

    wondering if i should delete it, not sure tho because i dont wanna fuck up my computer and it isnt exactly "emcor.dll" what do you guys think?.
    If you have a questionable file, just Google the filename. Generally the first couple of search result summaries can tell you if a file is good or bad. wbemcore.dll is a valid Windows system file.

    Now as for this dll, doesn't it contain somewhere within it the hacker's IP address or a domain name for it to report back to? Either way, it should be pretty easy to get them shut down (well ok, not always easy to do that, but it becomes a possibility anyways), in which case they'd have to move on to another domain or IP address, and all of those already distributed dlls wouldn't work at all anymore since they're trying to report back to an incorrect address. I suppose the alternative would be to have the dll report to an IRC channel on a major network, which could be more difficult to disrupt, but you get one IRCop who loves playing WoW, and hates account hackers and the place would be toast.

    Yeah, I'm just thinking out loud here, and I'm sure I've missed some other possibility, but I think it wouldn't be too easy for the malicious people out there to hide themselves completely without embedding a tor/onion connection in the whole thing, which would just needlessly complicate the whole act of ganking some guy's account.

  7. #187
    Stood in the Fire alextg94's Avatar
    Join Date
    Feb 2010
    Location
    NY
    Posts
    382

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Are Macs susceptible to the trojan virus? Also, by which means can this virus be contrived?




  8. #188

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by ZrKrev
    he have 60 segs to log in in your account or the code expires
    Not 60 seconds
    Not 30 seconds

    It's about 15minutes last i checked.

    Edit: On US servers. Maybe Euro has a diff timer

  9. #189

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Hi again guys, i come from the far west (i wanna mean that ive infected my own pc) already im uploading some interesing things, nod32 detects its, give some mins and ill start editing the post with the screens

    ok, first of all, update the antivirus
    http://img20.imageshack.us/img20/7413/nodup2date.jpg

    go to the phised web
    http://img10.imageshack.us/img10/162/fakeweb.jpg

    download it
    http://img37.imageshack.us/img37/429...2detection.jpg

    lets scan the rar manually
    http://img202.imageshack.us/img202/1456/scanw.jpg

    nothing detected :S
    http://img7.imageshack.us/img7/7283/nothingdetected.jpg

    lets extract him
    http://img10.imageshack.us/img10/6448/exer.jpg

    ask for a wow folder, i created a faked one empty, and doesnt works, so ive created a fake wow.exe and worked for continue with the install
    http://img525.imageshack.us/img525/7...nowowexede.jpg

    here is a screen of the GUI and the only task created
    http://img132.imageshack.us/img132/5...skdetectec.jpg

    i closed all the programs and reopened it, the task have another name, 2 shots in the cuarentene
    http://img515.imageshack.us/img515/3947/variantab.jpg
    http://img694.imageshack.us/img694/4937/cuarentena.jpg

    there is the address in windows xp
    http://img8.imageshack.us/img8/3353/folderuxd.jpg

    scaning 87%
    http://img532.imageshack.us/img532/4376/scanl.jpg

    completed 100%, take an action, desinfect, remove, nothing, i take remove
    http://img14.imageshack.us/img14/9088/actionsc.jpg

    report removed
    http://img52.imageshack.us/img52/677/removed.jpg

    Something strange is that nod32 not removed it from the folder, i tryed to remove it manually and worked, atm im doing another full scan and at 90% dosnt found anything

    the scan has completed and nothing was found :P,
    http://img109.imageshack.us/img109/1372/cleanr.jpg

    im scaning now my main pc, maybe the trojan has spread out via pendrive when i copied the pics to upload them, but dosnt look like he does

  10. #190

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Three words...

    Buy a Mac.

    :]

    PM Requests-OPEN
    Making Signatures l No WMV. Only able to use armory and/or provided screenshots

  11. #191

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    I warned people that this would inevitably happen, but they didn't seem all that willing to believe me.

    I'd feel smug about it if it weren't for the personal implications.

  12. #192

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    If you have a questionable file, just Google the filename. Generally the first couple of search result summaries can tell you if a file is good or bad. wbemcore.dll is a valid Windows system file.


    ^ this


    Obviously you know nothing about SQL injections and search result poisoning. Just clicking a Google link is not going to give you the answer you seek, more likely the virus itself.........

  13. #193
    I am Murloc!
    Join Date
    Mar 2008
    Posts
    5,274

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    People whom are to stupid to understand Man in the Middle attacks, I laugh of thee.

  14. #194
    I am Murloc!
    Join Date
    Mar 2008
    Posts
    5,274

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by Msdpr
    Three words...

    Buy a Mac.

    :]
    I can write a man in the middle attack for WoW on OSX as well, if you like. (Or any other OS for that sake).
    You just have to download it in the first place, likewise on Windows. Get the picture?

    (Also if you haven't updated your mac to Snow Leopard who have CAS enabled, it's much much easier to write a trojan for Mac than for Windows!)

  15. #195

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by simbuk
    I warned people that this would inevitably happen, but they didn't seem all that willing to believe me.

    I'd feel smug about it if it weren't for the personal implications.
    You can't just simply remove the authenticator. It asks for two new codes before you can.

    So your method fails.

  16. #196

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Virus != Malware/Trojan

    stop using the word virus ffs.
    Quote Originally Posted by cptaylor38 View Post
    Hope everyone is prepared for the 16 month wait for the expansion after this one.
    Date Posted: 20/8/14
    Review: 20/8/16

    Originally Posted by Blizzard Entertainment
    Hi Turtle. According to your account records an authenticator was not attached to the account until after the compromise.

  17. #197

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    The first thing I thought of when I saw that tabard was a photoshopped pic of that tabard giving the finger.

    Someone needs to make this happen.

  18. #198

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    U meen that 'wowblizzhack.exe' that I downloded the othr day dusn't work? :O

    lol

  19. #199

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quest - Sylvanas' Vengeance
    Reward - Item #52253 - Possibly another flavor item, probably tied to the Lament of the Highborne spell.
    Description
    So, it is done. I had not dared to trust my senses. Too many times has the Lich King made me to be a fool. Finally, he has been made to pay for the atrocities he imposed upon my people. May Azeroth never fail to remember the horrible price we paid for our weakness, for our pride. But what now, Hero? What of those freed from his grasp but still shackled to their mortal coils? Leave me. I have much to ponder.
    So, sorry for being lazy and not reading all comments to see if someone said this earlier, but there's a quest where these Highborn Lamenters are used I believe.

    http://www.wowhead.com/?item=22597#comments

    I've done that quest on my Blood Elf and she did something similar to that spell, I suppose. Then again, who knows. :-P
    inb4 "<insert instance> was merely a setback!"

  20. #200
    Herald of the Titans Keosen's Avatar
    Join Date
    Oct 2009
    Location
    Sin City
    Posts
    2,893

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by subanark
    The best Blizzard can do is limit the amount of damage a hacker can do:
    1. Any item you have equipped for 2 or more hours (or gemed/enchanted/ect) cannot be sold or disenchanted.
    2. All soul bound equipment that is destroyed can be recovered from any vendor up to 1 week later.
    3. Have an option to require entering your authenticator code whenever you make a large transaction (trade/mail money to another character on a different account, or by AH purchases). When you enter your authenticator code you can make additional transactions for up to 15 minutes later (as long as you stay logged in).
    4. Guild bank protection. When turned on, money and selected tabs withdraws require approval from another officer (who has been in the guild for a few days). To turn the protection off, the guild leader must either wait 1 day, or get approval from another officer.
    Really nice suggestions, especially the 3rd since the hacking is 99% of the time for gold stealing adding authenticator in your transactions with other accounts make it almost bulletproof

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •