Page 1 of 10
1
2
3
... LastLast
  1. #1

    Oh god, MMO-Champion got hacked

    Update - Huh, yeah, you had a message pointing to http://www.agoragames.com/ while the site was down. They're the very awesome and comprehensive techs in charge of MMO-Champion, the site was perfectly safe. The site database was also safe and none of your passwords are compromised here, it's really just a few JS files changed, and worst case scenario you are very unlucky and got a spyware that won't affect your WoW account.

    I'm just very serious when it comes to security and had no plan to hide the problem. (Even if I'm probably overreacting)

    Oh god, MMO-Champion got hacked
    Yay! It finally happened! MMO-Champion got hacked! But don't worry too much, the title is mostly here to scare you and make sure you will read the rest. The site got indirectly affected by a very nasty virus called Gumblar, the site is cached in various ways and it means that most users are potentially safe but I strongly suggest that you read the entire post.

    Gumblar, AKA Troj/JSRedir-R, is a botnet driven virus which attacks both websites and normal computers. Sounds scary, and to anyone who owns their own website it is, but to anyone else it's mostly harmless.

    How does it work?
    The virus is split into two parts. There's a javascript version, which infects websites, and the actual virus itself which infects computers. Whenever a browser executes the javascript on a website, it runs a Java applet and (through a Java exploit or two) installs the virus onto your computer. The virus, once warm and snug on a computer, looks for any FTP details you may have stored (In dreamweaver, filezilla, pretty much any FTP application) and makes a copy of them.

    For every FTP it manages to get, it attempts to make a connection and then infects the website with the javascript. It does this by opening .js/.html/.php files and attaching a unique version of itself to a position inside the file, usually at the end. This new code is unique per website, not per file, so removing it isn't as daunting as it sounds.

    In addition to spreading itself to every website it can get its claws on, the virus also reprises its role as a traditional Trojan and attempts to install other spyware onto your computer, including redirecting popular websites (such as Google) to its own unsafe alternative.

    How do I know if I have it? How do I get rid of it?
    Most modern anti-viruses should pick up the Gumblar virus. Personally I'd suggest downloading and installing Malwarebytes and doing a complete system scan. Make absolute sure your anti-virus is up to date before scanning, and make sure it's on a full/intensive scan, take no risks with a quick sweep.

    For webmasters, there's a lovely tool called Unmask Parasites for checking if your website is safe or not. However, if you suspect you may have been infected but this tool returns nothing, you may be best suited to manually look through the files. Open up a few random .js files, and look at the end for a line or two of code that you don't recognise. Open up some .html files for a <script> tag that shouldn't be there. If you find it, take your website down immediately and start removing it. If you have backups, make sure they're clean and restore them. Otherwise, you can manually fix the files. Automated tools do not work so well for this as it's unique code for every website.

    As always, it is recommended you change any private details (such as passwords) after you have confirmed you are safe. While World of Warcraft/Battlenet accounts are not affected by this virus, it is still strongly advised you change your password for it regardless.

    My epics are safe?
    Gumblar is a botnet driven virus, which means the infection process is entirely automated by other infected machines, no human intervention. As it was not designed to look for World of Warcraft details, it is not particularly interested in looking for them. This doesn't mean you can slack and use this as an excuse to never change your password though. It's always a good time to change your password!

    Technical details
    For more details about Gumblar, see this Wikipedia article or this Unmask Parasites article. For a technical summary of Gumblar, there's a nice article on iss.net about it.
    Last edited by Sunshine; 2011-08-10 at 10:46 PM.

  2. #2

    Re: Oh god, MMO-Champion got hacked

    Woah

    Downloaded Malwarebytes as I've had some problems with the Jawaw applet lately, kept getting errors from it. I read somewhere that it's just a bug they need to fix but right now I'm getting a bit paranoid so I need to check.

  3. #3
    Pandaren Monk Shalaman's Avatar
    Join Date
    Nov 2009
    Location
    Above you.
    Posts
    1,828

    Re: Oh god, MMO-Champion got hacked

    o_O!
    Ex-Ensidia & Clarity-Twisting Nether member.

  4. #4
    Field Marshal Boomshine's Avatar
    Join Date
    Apr 2010
    Location
    Kanto
    Posts
    76

    Re: Oh god, MMO-Champion got hacked

    No way!

  5. #5

    Re: Oh god, MMO-Champion got hacked

    god i was scared

  6. #6
    Pit Lord Worgoblin's Avatar
    Join Date
    Aug 2009
    Location
    Kronos WoW - Vanilla server
    Posts
    2,328

    Re: Oh god, MMO-Champion got hacked

    I was about to laugh, but then realized it's not April 1st. :'(

  7. #7

    Re: Oh god, MMO-Champion got hacked

    Nasty! Authenticator ftw 8)

    World of Warcraft: Map || Screenshots

  8. #8

    Re: Oh god, MMO-Champion got hacked

    Whoops.. and i thought ther ewould be an update :-\

  9. #9

    Re: Oh god, MMO-Champion got hacked

    MMOhshit.

    Just goes to show, nobody is safe.
    twitch.tv/Dingolicious - Various games streamed from time to time!

  10. #10

    Re: Oh god, MMO-Champion got hacked

    Gumblar will get you next!!!!

  11. #11

    Re: Oh god, MMO-Champion got hacked

    Quote Originally Posted by magaa
    jesus?

    CRAP SO WAS http://badurl.com/ bad to go on?!
    Considering it was the site linked to I would run a scan ;p (Take the hint and remove the link too)

  12. #12

    Re: Oh god, MMO-Champion got hacked

    Quote Originally Posted by magaa
    jesus?

    CRAP SO WAS http://www.agoragames.com/ bad to go on?!
    Hope not

  13. #13

    Re: Oh god, MMO-Champion got hacked

    Quote Originally Posted by Dingolicious
    MMOhshit.

    Just goes to show, nobody is safe.
    Nobody should assume he's save. Same as nobody should assume "insert security name here" can't be broken. Heck assumption is the mother of all fuckups!

    World of Warcraft: Map || Screenshots

  14. #14

    Re: Oh god, MMO-Champion got hacked

    Quote Originally Posted by WyriHaximus
    Nobody should assume he's save. Same as nobody should assume "insert security name here" can't be broken. Heck assumption is the mother of all fuckups!
    Assume makes an ass out of u and me, indeed
    twitch.tv/Dingolicious - Various games streamed from time to time!

  15. #15

  16. #16

    Re: Oh god, MMO-Champion got hacked

    Thanks for all the info on this virus. It would have been easy for most admins to just ignore it or even write a small news post with minimal information. As someone who has lots of FTP info saved locally, I really appreciate the detailed info on this threat.

  17. #17

    Re: Oh god, MMO-Champion got hacked

    wonder if this has anything to do with my account getting hacked 15 minutes ago.... The guy is on stealing all my shit right now.. and i cant even get ahold of blizzard.. i try'd to log on and it asks for an authenticator number, and i have never had one before, wonder if the 2 are connected

  18. #18

    Re: Oh god, MMO-Champion got hacked

    Quote Originally Posted by magaa
    jesus?

    CRAP SO WAS http://www.agoragames.com/ bad to go on?!

    boub can we get a confirmation on this?

    should we run a scan if we went on this website

  19. #19

    Re: Oh god, MMO-Champion got hacked

    I knew that shit was bogus

  20. #20

    Re: Oh god, MMO-Champion got hacked

    Hm, when was this exactly? And for how long and at what hours was the virus active and a potential threat?

    Author of: Goggle Cat Comics.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •