Oh god, MMO-Champion got hacked

[Mimoo]

Turns out a lot of people are getting hacked with their WoW accounts.
I wonder if this is related in some way?
This is poopy.

[Kalserrar]

Just posting to clarify that as of five minutes ago, the virus is still here on the site. Just in case anyone was on the belief that it wasn't. It tried to download when I clicked on some of the old threads in the news section. Luckily, avast! was able to deal with them.

[oddigy]

It looks like the exact venue through which any user visiting this site could have been hacked would have been through an infected PDF file.

You are only vulnerable to this attack if you are running an outdated version of Adobe Reader on your computer.

More information here:

http://www.symantec.com/connect/blog...ramps-activity

Visitors to an infected site will be redirected to an alternative site containing further malware, which was once (redacted), but has now switched to a variety of domains. The site sends the visitor an infected PDF that is opened by the visitor's browser or Acrobat Reader. The PDF will then exploit a known vulnerability in Acrobat to gain access to the user's computer.

If you have Adobe Reader (any version) installed on your PC, please launch it, go to the Help dropdown, and continue to select "Check for Updates" and install what it finds until there are no more updates to install. This will also protect you against the majority of drive-by parasites that are on other sites.

[insurgi]

those who give they`r freedom for security--> deserve neither

and thanks for the heads up on virus

[Dinnerbone]

It looks like the exact venue through which any user visiting this site could have been hacked would have been through an infected PDF file.

You are only vulnerable to this attack if you are running an outdated version of Adobe Reader on your computer.

More information here:

http://www.symantec.com/connect/blog...ramps-activity

If you have Adobe Reader (any version) installed on your PC, please launch it, go to the Help dropdown, and continue to select "Check for Updates" and install what it finds until there are no more updates to install. This will also protect you against the majority of drive-by parasites that are on other sites.

Incorrect. The first variants of the virus were believed to have been spread via a PDF file. The latest (2010) variation utilizes Javascript to display a Java application with malicious code.

Just posting to clarify that as of five minutes ago, the virus is still here on the site. Just in case anyone was on the belief that it wasn't. It tried to download when I clicked on some of the old threads in the news section. Luckily, avast! was able to deal with them.

Details please. We removed the virus before this news post went up. Avast should have a log of the most recent attacks, please PM me a copy of the lines relating to MMO-Champion.

[quiz]

Scanning with Malwarebytes right now and already checked my websites :P. Nothing found yet .

[codixthedane]

i think my computer caught this virus or w/e, cause my main hotmail account and 1 of my wow accounts got hacked on the same night (last night to exact)

[Sting]

But what about the Melware?

[Mimoo]

i think my computer caught this virus or w/e, cause my main hotmail account and 1 of my wow accounts got hacked on the same night (last night to exact)

This happened to a lot of people. Use a virus scan to get rid of it.
I used Microsoft Security Essentials and ESET Smart Security to get rid of what I had.

[fantasy4fun]

ESET Smart Security

[Morsker]

This description of the hack was far too long, and a bit sensationalist besides. You could've gotten to the point in only one or two paragraphs. As much as I love MMO Champion for reporting on WoW things, the coverage of security topics has always been far too long-winded and confused.

[static1800]

Can the mods or someone delete the link to the unmask parasites article about gumblar it ironically appears to have gumblar on it!

I went to it a few hours ago and avg blocked it, having a lot of ftp details on this laptop I was most annoyed and instantly disconnected my network connection and scanned. AVG appeared to have done its work and everything came back clean though.

[Tayla]

This description of the hack was far too long, and a bit sensationalist besides. You could've gotten to the point in only one or two paragraphs. As much as I love MMO Champion for reporting on WoW things, the coverage of security topics has always been far too long-winded and confused.

i'm sorry that your small brain couldn't comprehend the nicely detailed and informative post about the situation. Yes, He could have gotten to the point in one or two paragraphs, but then, we wouldn't have all of the information that we need. i, for one, am extremely grateful for the "long-winded" post.

[Twest]

Very same day, I got hacked by a BOT which added an Authenticator (givin me a Core Hound Pup). Fortunately, all it did was empty the bags on both of my 80's and spend/swipe all but 90G, between the two of them. Got the acct back today, so I am golden, and very, very fortunate.

[sKoToNy]

Very same day, I got hacked by a BOT which added an Authenticator (givin me a Core Hound Pup). Fortunately, all it did was empty the bags on both of my 80's and spend/swipe all but 90G, between the two of them. Got the acct back today, so I am golden, and very, very fortunate.

Twest the same exact thing happened to me, and it was on the first day I registered an account here in MMO-champion....

[Dinnerbone]

To repeat for the xth time, this virus does not affect World of Warcraft accounts or battlenet accounts or accounts for anything other than FTP. Anything that happened around the same time as this notice was purely coincidental.

[parody]

Gumblar was named for the first website to host the scripting and associated malware.

The methods involved to exploit your browsers get updated regularly with the latest exploits. The bot included with the infection can vary on the end host that the exploit includes in its payload.

I've reviewed many infected sites in my lab and the malware downloaded can be a many as 10 variants of keyloggers and banking trojans. While the malware commonly included with the gumblar infection are not targetting WoW logins, they may be capable of capturing the keystrokes for logging in.

Many of the suggested AV solutions in this thread are good for cleaning up any infection, if you feel like your AV has not done a good enough job when cleaning up, backup your personal data and re-install your operating system. Once your system has been compromised it can be very hard to nail down exactly what has been changed, updated and installed by the infection.

Many malware will download other malware binaries as required or instructed by their C&C host. ( gumblar.cn was the first C&C host - hence the name ).

PM me here if you have questions or @lordparody on twitter.
I am an ISS Threat Analyst and was involved in the original review of the gumblar infections.

[wowremy]

malwarebytes should fucking love you guys for all the downloads and hits their gonna be getting the next week or so