WarcraftReamls.com
  FAQFAQ    SearchSearch    MemberlistMemberlist    UsergroupsUsergroups   RegisterRegister 
  ProfileProfile    Log in to check your private messagesLog in to check your private messages    Log inLog in 
Update Windows!

 
Post new topic   Reply to topic    WarcraftRealms.com Forum Index -> News and Announcements
View previous topic :: View next topic  
Author Message
Rollie
Site Admin


Joined: 28 Nov 2004
Posts: 5374
Location: Austin, TX
WR Updates: 480,131
Rollie WR Profile

PostPosted: Thu Apr 05, 2007 8:45 am    Post subject: Update Windows! Reply with quote

So looks like the way hackers were gaining access to WoW Login information was actually a cursor security flaw. A patch was released by Microsoft on the 3rd so be sure you update your version of Windows!

--------------------------------------------------------------------------------


<h1>Cursor hackers target WoW players</h1>
<p>
World of Warcraft has become hugely popular around the globe
World of Warcraft players are being targeted by hackers exploiting flaws in how Windows handles animated cursors.

The flaw came to light in late March and lets attackers take over vulnerable PCs via booby-trapped websites.

Warcraft players seem to be one of the targets because accounts for the game are potentially worth significant sums of money.

Microsoft has issued a patch for the flaw early to combat the rising number of attacks.

<b>Player power</b>

Security firms tracking how criminal hackers are exploiting the cursor flaw suspect there are many websites hosting the code that can be used to take over vulnerable PCs.

Some of the sites have been specially created but others have been hacked to be unwitting hosts for the infection.

The potential for the flaw to do harm grew significantly with the discovery of a website that automatically generates all the attack files needed to turn a site into a booby-trap.

A large number of criminally-minded hacking gangs are cashing in on the flaw.

One Chinese group known to be using the animated cursor flaw scored some success in February when it managed to hack a Superbowl website and use it to host code for spyware.

There is a ready market for card data on the net
Analysis of that malicious software showed that it lay dormant on a victims machine until they ran World of Warcraft (WoW) at which point it captured login data and sent it to the hacking group.

The group's enthusiastic use of the cursor flaw suggests it is trying to do the same again.

The online fantasy game now has more than eight million active players around the world.

Research by security firm Symantec suggests that the raw value of a WoW account is now higher than a credit card and its associated verification data.

One card can be sold for up to $6 (?3) suggests Symantec, but a WoW account will be worth at least $10. An account that has several high level characters associated with it could be worth far more as the gold and rare items can be sold for real cash.

In a bid to head off the growing threat from the animated cursor flaw, Microsoft took the unusual step of releasing a patch for the bug on 3 April.

Usually Microsoft issues security patches on the second Tuesday of every month. The patch for the cursor flaw arrived a week early and Microsoft has been preparing it since December when the bug was first reported.

Windows users can get the patch via automatic updates or visit Microsoft to download it manually.

On its security blog, Microsoft said the patch was released early "to help better protect customers from this threat".

The software giant urged Windows users to download and install the patch.

It said there was a chance that attacks via the vulnerability would increase but had seen little evidence of widespread use yet.


Original article from <a href='http://news.bbc.co.uk/2/hi/technology/6526851.stm'>http://news.bbc.co.uk/2/hi/technology/6526851.stm</a>
</p>
Back to top
View user's profile Send private message Visit poster's website
Babs



Joined: 11 Dec 2006
Posts: 133
Location: Holland
WR Updates: 201,763
Babs WR Profile

PostPosted: Thu Apr 05, 2007 9:07 am    Post subject: Reply with quote

so that's the new updates from yesterday =)
_________________
.
Back to top
View user's profile Send private message
oiseaux



Joined: 24 Oct 2005
Posts: 370
Location: Butler, PA
WR Updates: 526,961
oiseaux WR Profile

PostPosted: Thu Apr 05, 2007 11:37 am    Post subject: Reply with quote

Quote:
Research by security firm Symantec suggests that the raw value of a WoW account is now higher than a credit card and its associated verification data.

One card can be sold for up to $6 (?3) suggests Symantec, but a WoW account will be worth at least $10. An account that has several high level characters associated with it could be worth far more as the gold and rare items can be sold for real cash.


I read this and couldn't believe it!! lol
Back to top
View user's profile Send private message
DM.
Census Tester


Joined: 03 Oct 2005
Posts: 1155
Location: Toronto, Canada
WR Updates: 841,833
DM. WR Profile

PostPosted: Thu Apr 05, 2007 11:50 am    Post subject: Reply with quote

Its true.... with a Credit Card you don't get as much info as you can with a WoW password. Because with WoW you got your name, address, phone number, etc... Identity theft Sad
_________________

Click my sig
Back to top
View user's profile Send private message
Tartara



Joined: 20 Dec 2005
Posts: 90
Location: Tucson, AZ
WR Updates: 844,914
Tartara WR Profile

PostPosted: Thu Apr 05, 2007 12:09 pm    Post subject: Reply with quote

Macs FTW

Laughing
_________________

and the rest
Back to top
View user's profile Send private message
WyriHaximus



Joined: 18 Oct 2005
Posts: 244
Location: Koedijk, Alkmaar, Noord-Holland, The Netherlands
WR Updates: 1,520,754
WyriHaximus WR Profile

PostPosted: Thu Apr 05, 2007 2:13 pm    Post subject: Reply with quote

Ffs when do they start adding affected browsers to articles. Now I still don't know it affects me since I use FF to borwse >_<!!!!!
_________________

My World of Warcraft Screenshots / Map
Back to top
View user's profile Send private message Visit poster's website
DM.
Census Tester


Joined: 03 Oct 2005
Posts: 1155
Location: Toronto, Canada
WR Updates: 841,833
DM. WR Profile

PostPosted: Thu Apr 05, 2007 2:26 pm    Post subject: Reply with quote

But if they were to get a keylogger onto your system the method they use is the method that Microsoft just patched. So if after you patch a keylogger came onto your pc it can't read your data.

So you should still update your system, regardless of what browser you use...
_________________

Click my sig
Back to top
View user's profile Send private message
Rollie
Site Admin


Joined: 28 Nov 2004
Posts: 5374
Location: Austin, TX
WR Updates: 480,131
Rollie WR Profile

PostPosted: Thu Apr 05, 2007 2:49 pm    Post subject: Reply with quote

It's a valid question though. I'm curious as well as I am betting if it was any kind of ActiveScript problem, then it is only IE who would be at risk.
Back to top
View user's profile Send private message Visit poster's website
Rollie
Site Admin


Joined: 28 Nov 2004
Posts: 5374
Location: Austin, TX
WR Updates: 480,131
Rollie WR Profile

PostPosted: Thu Apr 05, 2007 2:55 pm    Post subject: Reply with quote

According to this article, Firefox was vulnerable too:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=operating_systems&articleId=9015464&taxonomyId=89
Back to top
View user's profile Send private message Visit poster's website
Babs



Joined: 11 Dec 2006
Posts: 133
Location: Holland
WR Updates: 201,763
Babs WR Profile

PostPosted: Thu Apr 05, 2007 5:01 pm    Post subject: Reply with quote

The solution is simple:
don't use internet anymore Crying or Very sad
_________________
.
Back to top
View user's profile Send private message
Alanthus
Updater Extraordinaire


Joined: 23 Aug 2005
Posts: 370

WR Updates: 1,891,532
Alanthus WR Profile

PostPosted: Thu Apr 05, 2007 7:57 pm    Post subject: Reply with quote

Quite a few viruses out there targetting this bug, anyone running unpatched older versions of email viewers like outlook are just as vulnerable as someone browsing compromised sites. Had to clean one from a computer at work today and the infection vector was email, I was a little surprised at the virus spamming game sites but reading about the wow account theft angle explains it I guess.
_________________
Back to top
View user's profile Send private message
WyriHaximus



Joined: 18 Oct 2005
Posts: 244
Location: Koedijk, Alkmaar, Noord-Holland, The Netherlands
WR Updates: 1,520,754
WyriHaximus WR Profile

PostPosted: Fri Apr 06, 2007 11:15 am    Post subject: Reply with quote

DM. wrote:
But if they were to get a keylogger onto your system the method they use is the method that Microsoft just patched. So if after you patch a keylogger came onto your pc it can't read your data.

So you should still update your system, regardless of what browser you use...
True and thank Torwalds for linux Cool ! (Yes I have IE on linux aswell, just for developing reasons Wink.)
Babs wrote:
The solution is simple:
don't use internet anymore Crying or Very sad
That was/is also the best way not to get hacked Razz.
Rollie wrote:
According to this article, Firefox was vulnerable too:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=operating_systems&articleId=9015464&taxonomyId=89
The article says both 0_o!
_________________

My World of Warcraft Screenshots / Map
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    WarcraftRealms.com Forum Index -> News and Announcements All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
WarcraftRealms.com  


Powered by phpBB © 2001, 2005 phpBB Group