Krieg Registered User
#1

My guildys just passed on this info today

just read an alarming post on the main forums

http://forums.wow-europe.com/thread....sid=1&pageNo=1

the gist seems to be that if you accidently click on an ad on one of these sites, which are now wholly owned by a gold seller company, you might well get a keylogger.

If you use Firefox and no-script / opera that helps.


Info about the new owners
Thottbot owner Zam Network acquired the World of Warcraft database Wowhead in June 2007 according to Next Generation magazine.[7] The Inquirer noted that Affinity Media, parent company of Thottbot and Allakhazam, bought Wowhead for $1 million, giving them ownership of all three major World of Warcraft databases.[8] Affinity Media was the previous parent company of IGE, which generated revenue from selling World of Warcraft gold, but Affinity Media later severed ties with IGE.[9]


Im going to try and find more sources, but I thought I should inform others

Edit:
WoW forums
From what I've read the trojan virus is spread through advertisements on Wowhead, Thottbot and Allakhazam. The advert will appear in the form of a browser highjack which grabs your front window and resizes it to fake a warning dialog. You will either get a warning that it wants to download a Microsoft Add-on or redirected to XPantivirus site. You may need to click on the advert for it to respond, but use alt+f4 to close it as the close button will probably act as a download trigger. - more information can be found at http://boards.worldofraids.com/topic-11536-1.html


Looks like this is a legit problem and not some upset player blowing smoke

WoWhead
This is Malgayne from Wowhead. I know this is totally inexcusable. If I had my way we'd have shut down all ads on the site already, but unfortunately I don't handle the advertising directly.

I can tell you with assurance that this has nothing to do with Affinity Media. Our Director of Ad Ops has been staying up until all hours of the night desperately trying to find which of our ad networks is causing the problem, and has been for days. But i've seen this exact same redirect on hotmail.com lately.

These ads come in through banners that appear to be totally innocuous, unfortunately. Even the ad network that's showing the banner doesn't know it. And Right Media doesn't narrow it down as much as we'd like, since Right Media is an exchange platform that all of our ad networks use at one point or another--nearly every ad network in the business does. =/

rainbow kirby Moderator
#2

Guildie of mine lost 3k gold and all his gear to one of these. Please, be careful.

Anti Banned
#3

Gonna change password now just incase.

Kiith Moderator
#4

A friend of mine lost all his stuff too, so another friend (with stupidly good gear) changes his password every 4 of 5 days now.

Orion My karma just ran over your dogma
#5

Kiith said:
A friend of mine lost all his stuff too, so another friend (with stupidly good gear) changes his password every 4 of 5 days now.


Haven't used thottbot in ages. And always have noscript to to date as well as adblock. But good to know.

ZorbaTehZ Registered User
#6

The link to the official forums isn't working for me.

DRakE Registered User
#7

who clicks on ads

Dustaz W 26 D 12 - Arsena
#8

Old news. Everyone freaked out at first when wowhead was taken over by ige, but its fine. just dont click on ads

Krieg Registered User
#9

Dustaz said:
Old news. Everyone freaked out at first when wowhead was taken over by ige, but its fine. just dont click on ads


Yeah I only noticed the date a few mins ago (10/3).
Wonder if its officially sorted though?

IgsTer Registered User
#10

i had wowhead open in firefox the other day while playing and noticed my processing went up to 100% constant when it was on the wowhead page..when i went back to google it went back down again...

also i had an ad pop up the other day which came out of no where..i didnt click on anything..was maybe the same day..which was like a free virus scanner ad..didnt think much of it and closed it..sounds an awful like what is being described

i ran a virus scan the day after this anyhow with avg and it didnt find anything..ill run one again just in case

Anti Banned
#11

run spybot search and destroy.

smellslikeshoes Registered User
#12

IgsTer said:
i had wowhead open in firefox the other day while playing and noticed my processing went up to 100% constant when it was on the wowhead page..when i went back to google it went back down again...

also i had an ad pop up the other day which came out of no where..i didnt click on anything..was maybe the same day..which was like a free virus scanner ad..didnt think much of it and closed it..sounds an awful like what is being described

i ran a virus scan the day after this anyhow with avg and it didnt find anything..ill run one again just in case

Thats definitely spyware/adware rather than something that would be picked up by a virus scanner, quite nasty and irritating in its own way mind. Like anti has mentioned run spybot search and destroy.

Dunno if its connected but after seeing this last night I scanned and found a keylogger, Don't really use thottbot myself anymore but I'm pretty sure my brother does. Changed my password and all last night and all seems to be well anyway.

IgsTer Registered User
#13

yeah ran both s&d and avg and cleaned everything again..i definetly got this popup that is mentioned as i remember it was the first popup i had seen in months..so was wondering how it got through..i just closed it and did a clean just in case that day...

it appears now from reading about it.. that it activates just from mousing over it in your browser..and it isnt actually a keylogger but just spyware..if it gets into your computer itll just keep showing a window saying to get this "xpantivirus" software i think its called and itll hijack your browser to the page..which im happy to say i havent seen any of the symtoms of it

smellslikeshoes Registered User
#14

IgsTer said:
yeah ran both s&d and avg and cleaned everything again..i definetly got this popup that is mentioned as i remember it was the first popup i had seen in months..so was wondering how it got through..i just closed it and did a clean just in case that day...

it appears now from reading about it.. that it activates just from mousing over it in your browser..and it isnt actually a keylogger but just spyware..if it gets into your computer itll just keep showing a window saying to get this "xpantivirus" software i think its called and itll hijack your browser to the page..which im happy to say i havent seen any of the symtoms of it

Heres a page about getting rid of it.
http://www.2-spyware.com/remove-xpantivirus.html

Want to share your thoughts?

Login here to discuss!