Page 10 of 13 FirstFirst ...
8
9
10
11
12
... LastLast
  1. #181

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    This is good. but not really how it works in this case. But still a good way of thinking of it. Its still very close to how this works which is the point. So people just watch out and dont go to the wrong kind of site and d/l things that you dont know about and should very safe.

  2. #182

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by Bluevomit
    I ran a search on my computer for "emcor" and it found three files. wbemcore.dll , wbemcore.lo_ & wbemcore (notepad file)

    wondering if i should delete it, not sure tho because i dont wanna fuck up my computer and it isnt exactly "emcor.dll" what do you guys think?.
    If you have a questionable file, just Google the filename. Generally the first couple of search result summaries can tell you if a file is good or bad. wbemcore.dll is a valid Windows system file.

    Now as for this dll, doesn't it contain somewhere within it the hacker's IP address or a domain name for it to report back to? Either way, it should be pretty easy to get them shut down (well ok, not always easy to do that, but it becomes a possibility anyways), in which case they'd have to move on to another domain or IP address, and all of those already distributed dlls wouldn't work at all anymore since they're trying to report back to an incorrect address. I suppose the alternative would be to have the dll report to an IRC channel on a major network, which could be more difficult to disrupt, but you get one IRCop who loves playing WoW, and hates account hackers and the place would be toast.

    Yeah, I'm just thinking out loud here, and I'm sure I've missed some other possibility, but I think it wouldn't be too easy for the malicious people out there to hide themselves completely without embedding a tor/onion connection in the whole thing, which would just needlessly complicate the whole act of ganking some guy's account.

  3. #183

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Are Macs susceptible to the trojan virus? Also, by which means can this virus be contrived?




  4. #184

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by ZrKrev
    he have 60 segs to log in in your account or the code expires
    Not 60 seconds
    Not 30 seconds

    It's about 15minutes last i checked.

    Edit: On US servers. Maybe Euro has a diff timer

  5. #185

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Hi again guys, i come from the far west (i wanna mean that ive infected my own pc) already im uploading some interesing things, nod32 detects its, give some mins and ill start editing the post with the screens

    ok, first of all, update the antivirus
    http://img20.imageshack.us/img20/7413/nodup2date.jpg

    go to the phised web
    http://img10.imageshack.us/img10/162/fakeweb.jpg

    download it
    http://img37.imageshack.us/img37/429...2detection.jpg

    lets scan the rar manually
    http://img202.imageshack.us/img202/1456/scanw.jpg

    nothing detected :S
    http://img7.imageshack.us/img7/7283/nothingdetected.jpg

    lets extract him
    http://img10.imageshack.us/img10/6448/exer.jpg

    ask for a wow folder, i created a faked one empty, and doesnt works, so ive created a fake wow.exe and worked for continue with the install
    http://img525.imageshack.us/img525/7...nowowexede.jpg

    here is a screen of the GUI and the only task created
    http://img132.imageshack.us/img132/5...skdetectec.jpg

    i closed all the programs and reopened it, the task have another name, 2 shots in the cuarentene
    http://img515.imageshack.us/img515/3947/variantab.jpg
    http://img694.imageshack.us/img694/4937/cuarentena.jpg

    there is the address in windows xp
    http://img8.imageshack.us/img8/3353/folderuxd.jpg

    scaning 87%
    http://img532.imageshack.us/img532/4376/scanl.jpg

    completed 100%, take an action, desinfect, remove, nothing, i take remove
    http://img14.imageshack.us/img14/9088/actionsc.jpg

    report removed
    http://img52.imageshack.us/img52/677/removed.jpg

    Something strange is that nod32 not removed it from the folder, i tryed to remove it manually and worked, atm im doing another full scan and at 90% dosnt found anything

    the scan has completed and nothing was found :P,
    http://img109.imageshack.us/img109/1372/cleanr.jpg

    im scaning now my main pc, maybe the trojan has spread out via pendrive when i copied the pics to upload them, but dosnt look like he does

  6. #186

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Three words...

    Buy a Mac.

    :]

    PM Requests-OPEN
    Making Signatures l No WMV. Only able to use armory and/or provided screenshots

  7. #187

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    I warned people that this would inevitably happen, but they didn't seem all that willing to believe me.

    I'd feel smug about it if it weren't for the personal implications.

  8. #188

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    If you have a questionable file, just Google the filename. Generally the first couple of search result summaries can tell you if a file is good or bad. wbemcore.dll is a valid Windows system file.


    ^ this


    Obviously you know nothing about SQL injections and search result poisoning. Just clicking a Google link is not going to give you the answer you seek, more likely the virus itself.........

  9. #189

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    People whom are to stupid to understand Man in the Middle attacks, I laugh of thee.

  10. #190

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by Msdpr
    Three words...

    Buy a Mac.

    :]
    I can write a man in the middle attack for WoW on OSX as well, if you like. (Or any other OS for that sake).
    You just have to download it in the first place, likewise on Windows. Get the picture?

    (Also if you haven't updated your mac to Snow Leopard who have CAS enabled, it's much much easier to write a trojan for Mac than for Windows!)

  11. #191

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by simbuk
    I warned people that this would inevitably happen, but they didn't seem all that willing to believe me.

    I'd feel smug about it if it weren't for the personal implications.
    You can't just simply remove the authenticator. It asks for two new codes before you can.

    So your method fails.

  12. #192

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Virus != Malware/Trojan

    stop using the word virus ffs.
    Quote Originally Posted by Primohastat View Post
    That toxicity is normal in WoW. Even classic. And it comes from this what so called elitism, spreading everywhere. Average player say that classic is piss easy and every aspect can be done with minimal effort. But right after that, the same player ignites with rage when someone wants to apply that minimal effort

  13. #193

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    The first thing I thought of when I saw that tabard was a photoshopped pic of that tabard giving the finger.

    Someone needs to make this happen.

  14. #194

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    U meen that 'wowblizzhack.exe' that I downloded the othr day dusn't work? :O

    lol

  15. #195

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quest - Sylvanas' Vengeance
    Reward - Item #52253 - Possibly another flavor item, probably tied to the Lament of the Highborne spell.
    Description
    So, it is done. I had not dared to trust my senses. Too many times has the Lich King made me to be a fool. Finally, he has been made to pay for the atrocities he imposed upon my people. May Azeroth never fail to remember the horrible price we paid for our weakness, for our pride. But what now, Hero? What of those freed from his grasp but still shackled to their mortal coils? Leave me. I have much to ponder.
    So, sorry for being lazy and not reading all comments to see if someone said this earlier, but there's a quest where these Highborn Lamenters are used I believe.

    http://www.wowhead.com/?item=22597#comments

    I've done that quest on my Blood Elf and she did something similar to that spell, I suppose. Then again, who knows. :-P
    inb4 "<insert instance> was merely a setback!"

  16. #196
    The Lightbringer Keosen's Avatar
    10+ Year Old Account
    Join Date
    Oct 2009
    Location
    Sin City
    Posts
    3,709

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by subanark
    The best Blizzard can do is limit the amount of damage a hacker can do:
    1. Any item you have equipped for 2 or more hours (or gemed/enchanted/ect) cannot be sold or disenchanted.
    2. All soul bound equipment that is destroyed can be recovered from any vendor up to 1 week later.
    3. Have an option to require entering your authenticator code whenever you make a large transaction (trade/mail money to another character on a different account, or by AH purchases). When you enter your authenticator code you can make additional transactions for up to 15 minutes later (as long as you stay logged in).
    4. Guild bank protection. When turned on, money and selected tabs withdraws require approval from another officer (who has been in the guild for a few days). To turn the protection off, the guild leader must either wait 1 day, or get approval from another officer.
    Really nice suggestions, especially the 3rd since the hacking is 99% of the time for gold stealing adding authenticator in your transactions with other accounts make it almost bulletproof

  17. #197
    Pit Lord Doktor Faustus's Avatar
    10+ Year Old Account
    Join Date
    Jul 2009
    Location
    UK of Earth World & Northern Fat Land
    Posts
    2,420

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by Grimmer
    Jaina and Sylvanas aren't at the entrance either.

    They probably show up when the buff exists.
    Isn't he also at the Crusader camp on the edge of Icecrown/Crystalsong?

  18. #198

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by Herecius
    I think it's hilarious that people will go to such extreme lengths to get past the authenticator with this method just to get into a WoW account... when banks use the same authenticator tech to protect vaults.
    Doing that to a bank can land you in prison for a long time.

    Hacking into a WoW account won't. However thanks to people who buy gold, WoW accounts have some monetary value so it's "safe."

    Of course, that doesn't mean banks don't get hacked. Though I'm sure banks have much tighter security.

  19. #199

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Any word out on how people managed to get the trojan installed yet?

    I suspect a flash vunability.

  20. #200

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by Nezoia
    Any word out on how people managed to get the trojan installed yet?

    I suspect a flash vunability.
    Someone already posted this, but here: http://www.worldofraids.com/topic/15...atrix-website/

    Basically a fake WoWMatrix that google recommends (!), as well as a fake Curse and other specific addon sites. So I believe you still have to download something from these bogus sites to get it. What I don't like is that the first victim's NOD32 and anti spyware didn't pick up on it at all.

    Moral of the story is use your bookmarks and hope the legit sites never get hacked, and if you have to google one then triple check the url, and don't trust the sponsored links.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •