Boards.ie uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Click here to find out more x
Post Reply  
 
Thread Tools Search this Thread
19-03-2008, 15:50   #1
Krieg
Registered User
 
Krieg's Avatar
 
Join Date: Oct 2007
Posts: 2,343
Thottbot/wowhead keyloggers - Please read

My guildys just passed on this info today

Quote:
just read an alarming post on the main forums

http://forums.wow-europe.com/thread....sid=1&pageNo=1

the gist seems to be that if you accidently click on an ad on one of these sites, which are now wholly owned by a gold seller company, you might well get a keylogger.

If you use Firefox and no-script / opera that helps.
Info about the new owners
Quote:
Thottbot owner Zam Network acquired the World of Warcraft database Wowhead in June 2007 according to Next Generation magazine.[7] The Inquirer noted that Affinity Media, parent company of Thottbot and Allakhazam, bought Wowhead for $1 million, giving them ownership of all three major World of Warcraft databases.[8] Affinity Media was the previous parent company of IGE, which generated revenue from selling World of Warcraft gold, but Affinity Media later severed ties with IGE.[9]
Im going to try and find more sources, but I thought I should inform others

Edit:
Quote:
Originally Posted by WoW forums
From what I've read the trojan virus is spread through advertisements on Wowhead, Thottbot and Allakhazam. The advert will appear in the form of a browser highjack which grabs your front window and resizes it to fake a warning dialog. You will either get a warning that it wants to download a Microsoft Add-on or redirected to XPantivirus site. You may need to click on the advert for it to respond, but use alt+f4 to close it as the close button will probably act as a download trigger. - more information can be found at http://boards.worldofraids.com/topic-11536-1.html
Looks like this is a legit problem and not some upset player blowing smoke

Quote:
Originally Posted by WoWhead
This is Malgayne from Wowhead. I know this is totally inexcusable. If I had my way we'd have shut down all ads on the site already, but unfortunately I don't handle the advertising directly.

I can tell you with assurance that this has nothing to do with Affinity Media. Our Director of Ad Ops has been staying up until all hours of the night desperately trying to find which of our ad networks is causing the problem, and has been for days. But i've seen this exact same redirect on hotmail.com lately.

These ads come in through banners that appear to be totally innocuous, unfortunately. Even the ad network that's showing the banner doesn't know it. And Right Media doesn't narrow it down as much as we'd like, since Right Media is an exchange platform that all of our ad networks use at one point or another--nearly every ad network in the business does. =/

Last edited by Krieg; 19-03-2008 at 16:00. Reason: adding info
Krieg is offline  
Advertisement
19-03-2008, 15:53   #2
rainbow kirby
Moderator
 
rainbow kirby's Avatar
 
Join Date: Aug 2003
Location: North London via Dublin
Posts: 25,082
Mod: London
Guildie of mine lost 3k gold and all his gear to one of these. Please, be careful.
rainbow kirby is online now  
19-03-2008, 16:12   #3
Anti
Banned
 
Anti's Avatar
 
Join Date: Apr 2004
Location: 44 75 62 6c 69 6e
Posts: 10,801
Send a message via ICQ to Anti Send a message via AIM to Anti
Gonna change password now just incase.
Anti is offline  
19-03-2008, 16:26   #4
Kiith
Moderator
 
Kiith's Avatar
 
Join Date: Jan 2004
Location: Dublin
Posts: 12,030
A friend of mine lost all his stuff too, so another friend (with stupidly good gear) changes his password every 4 of 5 days now.
Kiith is offline  
19-03-2008, 16:29   #5
Orion
My karma just ran over your dogma
 
Orion's Avatar
 
Join Date: Apr 2003
Location: /home/Orion
Posts: 9,270
Quote:
Originally Posted by Kiith View Post
A friend of mine lost all his stuff too, so another friend (with stupidly good gear) changes his password every 4 of 5 days now.
Haven't used thottbot in ages. And always have noscript to to date as well as adblock. But good to know.
Orion is offline  
Advertisement
19-03-2008, 16:31   #6
ZorbaTehZ
Registered User
 
ZorbaTehZ's Avatar
 
Join Date: Aug 2006
Posts: 2,030
The link to the official forums isn't working for me.
ZorbaTehZ is offline  
19-03-2008, 16:38   #7
DRakE
Registered User
 
DRakE's Avatar
 
Join Date: Jan 2001
Location: Galway, Ireland
Posts: 6,734
who clicks on ads :O
DRakE is offline  
19-03-2008, 17:03   #8
Dustaz
W 26 D 12 - Arsena
 
Dustaz's Avatar
 
Join Date: Jan 2000
Location: Duberlin towen
Posts: 8,906
Old news. Everyone freaked out at first when wowhead was taken over by ige, but its fine. just dont click on ads
Dustaz is offline  
19-03-2008, 18:16   #9
Krieg
Registered User
 
Krieg's Avatar
 
Join Date: Oct 2007
Posts: 2,343
Quote:
Originally Posted by Dustaz View Post
Old news. Everyone freaked out at first when wowhead was taken over by ige, but its fine. just dont click on ads
Yeah I only noticed the date a few mins ago (10/3).
Wonder if its officially sorted though?
Krieg is offline  
Advertisement
19-03-2008, 18:18   #10
IgsTer
Registered User
 
IgsTer's Avatar
 
Join Date: Aug 2006
Posts: 835
i had wowhead open in firefox the other day while playing and noticed my processing went up to 100% constant when it was on the wowhead page..when i went back to google it went back down again...

also i had an ad pop up the other day which came out of no where..i didnt click on anything..was maybe the same day..which was like a free virus scanner ad..didnt think much of it and closed it..sounds an awful like what is being described

i ran a virus scan the day after this anyhow with avg and it didnt find anything..ill run one again just in case
IgsTer is offline  
20-03-2008, 09:13   #11
Anti
Banned
 
Anti's Avatar
 
Join Date: Apr 2004
Location: 44 75 62 6c 69 6e
Posts: 10,801
Send a message via ICQ to Anti Send a message via AIM to Anti
run spybot search and destroy.
Anti is offline  
20-03-2008, 09:56   #12
smellslikeshoes
Registered User
 
smellslikeshoes's Avatar
 
Join Date: Nov 2005
Posts: 2,964
Quote:
Originally Posted by IgsTer View Post
i had wowhead open in firefox the other day while playing and noticed my processing went up to 100% constant when it was on the wowhead page..when i went back to google it went back down again...

also i had an ad pop up the other day which came out of no where..i didnt click on anything..was maybe the same day..which was like a free virus scanner ad..didnt think much of it and closed it..sounds an awful like what is being described

i ran a virus scan the day after this anyhow with avg and it didnt find anything..ill run one again just in case
Thats definitely spyware/adware rather than something that would be picked up by a virus scanner, quite nasty and irritating in its own way mind. Like anti has mentioned run spybot search and destroy.

Dunno if its connected but after seeing this last night I scanned and found a keylogger, Don't really use thottbot myself anymore but I'm pretty sure my brother does. Changed my password and all last night and all seems to be well anyway.
smellslikeshoes is offline  
20-03-2008, 13:33   #13
IgsTer
Registered User
 
IgsTer's Avatar
 
Join Date: Aug 2006
Posts: 835
yeah ran both s&d and avg and cleaned everything again..i definetly got this popup that is mentioned as i remember it was the first popup i had seen in months..so was wondering how it got through..i just closed it and did a clean just in case that day...

it appears now from reading about it.. that it activates just from mousing over it in your browser..and it isnt actually a keylogger but just spyware..if it gets into your computer itll just keep showing a window saying to get this "xpantivirus" software i think its called and itll hijack your browser to the page..which im happy to say i havent seen any of the symtoms of it
IgsTer is offline  
20-03-2008, 13:54   #14
smellslikeshoes
Registered User
 
smellslikeshoes's Avatar
 
Join Date: Nov 2005
Posts: 2,964
Quote:
Originally Posted by IgsTer View Post
yeah ran both s&d and avg and cleaned everything again..i definetly got this popup that is mentioned as i remember it was the first popup i had seen in months..so was wondering how it got through..i just closed it and did a clean just in case that day...

it appears now from reading about it.. that it activates just from mousing over it in your browser..and it isnt actually a keylogger but just spyware..if it gets into your computer itll just keep showing a window saying to get this "xpantivirus" software i think its called and itll hijack your browser to the page..which im happy to say i havent seen any of the symtoms of it
Heres a page about getting rid of it.
http://www.2-spyware.com/remove-xpantivirus.html
smellslikeshoes is offline  
Post Reply

Quick Reply
Message:
Remove Text Formatting
Bold
Italic
Underline

Insert Image
Wrap [QUOTE] tags around selected text
 
Decrease Size
Increase Size
Please sign up or log in to join the discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Share Tweet