Home The News Reflections: The PSA edition


PA Links

Registration Info

To new guildmates and applicants:

Register for the site on this page and complete your registration process, and you should be able to post as a guest on the forum.

Register on the forum, and you will have to wait for me (Ailinea) to activate your account.

In either case, please let me know when you have registered and need further access so I can promote your account.

Sorry for the trouble. Blame the spambots.

Reflections: The PSA edition PDF Print E-mail
Written by Ailinea   
Wednesday, 12 August 2009 16:12

I was surfing the web, gathering some resource material for the classes I'm taking, when suddenly my computer went crazy.


This all looked really official and scary.  It poppes up a window that looked like something Vista would do, started listing the viruses my computer's allegedly infected with, and then I tried to click out of it to stop them from loading, it popped up another window to install a "WindowsSecurity.exe" file.


Last night my computer DID download and install new Windows updates, but something seemed off.  Wouldn't such an application already be installed?

I was able to close my browser and start it up again.  To test things out, I opened a few tabs, surfed a few links, then went to Google and searched for that site again using the research terms I needed.  (I was researching astronomy stuff for my class...nothing to do with WoW.)  Sure enough, when I clicked on the link it went crazy again with the virus warnings and tried to prompt me again to install this "WindowsSecurity.exe" file.


However, last night we witnessed another person on our sever having their account and their guild bank cleaned out by a hacker, so I went to Google and downloaded AVG free just to be safe.  In the meantime, I went to my Start menu and ran Windows Defender (just the quick scan at first) if there was something that needed to be caught immediately.  Quick Scan found nothing.  I just finished the AVG full scan.  Again, nothing.

I started thinking about the alarm window that popped up, and things were clearly more fishy.  It said the keyloggers were in IE7.  I use Firefox for all my surfing except for class stuff, and even then I only use it to access my class accounts and never surf past the college sites.  The warnings also said my C and D drives were affected/infected.  It said my D drive was an external hard drive...no it's not.  It's my DVD-RW, and it's empty.  I don't have a second hard drive.

Something's not kosher here.  To also want to install an .exe file?  I don't think so.  If I actually was on IE7 and had a second hard drive, the big panic that the pop-ups causes might have convinced me to click the "OK" button to install that .exe anyway.  Bad things could have happened.

I bring this up because I may have stopped a crisis, but after having two of our members hacked, an attempt on a third (that was blocked by his virus scanner as he started logging in to WoW one night and his system flagged that he had a keylogger trying to initiate), and witnessing others on our server being hacked, consider this a warning.

There are ways to protect yourself.  Ideally, you can have one computer as your gaming rig, and another for web surfing.  Some people run WoW on Linux under WINE.  But if that is cost prohibitive and you don't like jumping through hoops (I certainly don't, even after working for a Linux company), please take some steps to protect yourself.

  • Merge your WoW account with a Battle.net account.  Go to worldofwarcraft.com or blizzard.com and follow the links they provide if you want to be safest.
  • Get an authenticator from the Blizzard webstore.  For just $6.50 you receive a little keychain-like device.  You will log into worldofwarcraft.com, go to Manage my Account, and follow the instructions to attach the authenticator to your account.  Trust me, even if someone gets your account information, they can NOT log in (even to the "Manage My Account") without the authenticator IN HAND...unless they're REALLY lucky with guessing numbers that occur at that very instant.
  • Download your add-ons with care.  Go to trusted sources.  It's better to download your Deadly Boss Mods from the official website rather than Curse.com or any of the other mod repositories, but if you do go to Curse (or other sites) do so carefully.  Hackers target those sites to insert their keyloggers into your system.  Curse does what they can to prevent and stop it, but it can still happen.  I do NOT use the automatic add-on updaters, but manually download everything.  Then I unzip the files, glance over them for anything that looks odd (an .exe file for example), and then copy them into my add-on folder.  It takes a little longer, but gives me some peace of mind.
  • Use a browser like Firefox with the AdBlock add-on.  There have been keyloggers attached to rotating banner advertisements in the past.  Block those from loading and you block a potential backdoor.
  • Know your system.  Again, the red flags went up when I saw it said that the keyloggers were in IE7 and on my D drive.  As I don't use IE7 and my D drive is a DVD-RW, it was fishy enough for me to stop before clicking the "OK" button to install something else that seemed fishy.

Stay vigilant, be cynical, protect yourself.

Comments (1)
Know your system, indeed...
1 Saturday, 15 August 2009 03:27
I get those all the time... formatted to look like Vista and XP popups on my Mac OS X machine. It makes me giggle.

On the level, though, everything here is excellent practice.
Please register or login to add your comments to this article.
Copyright © 2019 Portent Alliance. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.

WoW Insider