A few ?'s about WoW

I know this game is evil to begin with!!

However, I have been hearing a few rumors as of recently. One of the biggest rumors has been about how people have gotten their accounts hacked into. This rumor is claimed to be from the add ons that people get from the curse gaming site. A few have said once they got d'loaded a file /add on they had gotten a virus. Then the next thing they know their account has been hacked into and their characters are either gone, or everything on the chara has been sold. One person said she had a bunch of level one characters all over her account.

They are saying that the add ons have this key logger virus in them. But the files are zip files and others are saying that it is impossible for something like that to happen. Others have given an example here and there of how it is possible.

So The question is this:

Is this truly possible? If so then how I can prevent something like this from happening (short of not having any add ons)? How do the hackers really get into the accounts and how can I prevent that from happening?

I know this is just a game.. however, I don't wish to have anything get hacked into and all this talk about it, I have actually become a bit concerned. I have d'loaded a keyscrambler program but, it's just a basic one and I don't think it covers the games login info. I can't afford to use the payed scrambler programs.

Any advice is greatly appreciated thank you.

 

Your best bet at getting a good answer to this would be to go to the forums on the WoW home site and ask your question there.

Other than that, general good rule of thumb for mmorpgs like WoW is to only download and install material available from the official site itself. That pretty much ensures you're not going to get some nasty malware in the download. In the case of Everquest (I'm an eq player, only familiar with WoW thru my friends), almost any 3rd party software that installs into the eq directory itself is a violation of the game's EULA and can get you banned... anything you download directly from the game's makers, obviously, is going to be ok.

In general, if you don't know or trust a site or the material you are downloading, either don't download it, or download it thru a site (like MG) where you know it's been tested and is clean.

Or... play EQ instead! Down with WoW!

 

I'm guessing you have checked out the wow authenticator? http://www.blizzard.com/store/details.xml?id=1100000442

I don't have it yet but I should probably look into it myself. Its a device you can buy, fairly cheap at 6.50, that gives you a code that you then have to enter as you log on. You mention that you can't afford a payed scrambler program but this might be reasonable enough to check it out.

 

Yeah, I bought the authenticator last year. Just don't lose it, otherwise you can't play.

 

Forgo the Authenticator key FOB and download the iPhone Authenticator app.
Easier to read and if you lose your iPhone they will not know what account it is for unless you store your acct and pass on the iPhone.

 

WoW addons do not contain executable code. All code is evaluated at runtime within the WoW environment and what it can do is limited to in game things only (and the list of things it can do in game is also very limited). As long as you do not execute any programs that may be included in an addon (there shouldn't be any as they aren't needed) it isn't possible to get a virus from an addon.

I can also tell you that curse regularly deny's approval of projects to host if they contain executables (they use a whitelist system so each project is looked over by an administrator), those that are approved are thoroughly checked and must have a very good reason to need to be executable in order to be approved. Not sure about the other two major addon distribution sites, but the "don't run executable code" applies at any of them also.

It is possible to get virii from some flash ads through the ad network they use (though if that's the case let them know as I can assure you no one wants those kind of ads on their site making them look bad) and you have not patched your flash plugin and browser. This of course is a risk you take when you visit any website that uses an ad network, not just curse.com.

To reiterate: You cannot get a virus or malware from wow addons unless you execute any files that are distributed with them (ie shouldn't ever run setup.exe, just decompress the files inside into the appropriate folder). You should always have a fully patched system, especially when it comes to browsers, browser plugins, and OS.

 

Specifically regarding the account hacking:

The way WoW runs code for addons is in such a way that they aren't even accessed until after you've already logged. As the above answers will tell you, Curse doesn't accept exe's, so they're not going to contain key loggers, and WoW already transmits your login data before it accesses the addon files, so they couldn't get your password.

Frankly, I think it's people who play WoW, get keyloggers from other sources, and decide that it MUST be the addon because that's the only thing that they've done recently.

Use a decent password, that helps. Like, a 10+ character alphanumeric password that's completely random. You'll memorize it eventually.

 

I have a normal authenticator myself, that doesn't show what account is tied to either, please make sure your accurate in your info. The keyfob authenticator has 1 button and 1 led display, push the button and it shows your random code to put in. Very good investment if you can. As far as addons go, pretty much already been said, most people get viruses or keyloggers from random sites, not from addons. Some addons try to get you to use "installers" which i would shy away from as thats an infection vector, but generally anything you copy from a zip file and place in the /wow/interface/addons folder should be an ok addon as far as that goes.

 

I played age of conan when it first came out, and there were sites popping up, that would let you keep track of your characters outside of the game. All you had to do was provide your in-game name and password, and you could view your character info...but that was a red flag for me. The same thing happens with myspace spoofs, and just about all the others, like bank websites. Just be safe when using your login info, like just in game only, and it sounds like you should be safe.

 

Wow does have lots of legit sites that let you view character info, ie http://be.imba.hu/, and wow-heroes.com, but neither ask for password just servername and character name.

 

thank you all for the advice. I had a feeling that it wouldn't be from the addons themselves. My dad and my husband also think it happens to those people who buy gold and p'leveling type stuff.

As for everquest, I played that for the longest time. then all my friends disappeared and I really had no where to go. :confused So wow took over.

And yes, I have had thoughts about that authenticator and will probly get it soon enough. I have heard a lot of good things about it and it seems to be highly recommended. It is definitely cheap enough as well.

again, thank you for the comforting comments and advice.

 

I know someone who has the authenticator, and they love it, only thing is when they forget it somewhere, theyre screwed.

 

To err on the safe side of caution, if a file seems suspicious, try scanning it with Jotti.
Most 'hackers' that steal accounts are little more than script kiddys who trick other users into installing programs that let them see what happens on the computer, and let's them record keystrokes. (and passwords)
Real hackers generally have better things to do.

 

Bleh i just got my account hacked a few days ago =/. I will be on the phone with blizzard once they open up on the east coast. I hear copying and pasting on the login screen deters keyloggers because they can only record keystokes. I'm scouring my system for the keylogger that compromised my account.