Monday, February 4, 2008


Nope, not me. Sharon. The person who's only been playing the game for a couple months now. We slept in saturday morning, enjoyed a glorious morning of dozing and not having to climb out of bed. We go to log on to check mail and such, and her password isn't working. Odd, I think, maybe the authentication server is borked. Nope, I got in just fine. So I race over, reset her password, and log in to see what the damage is.

The majority of her stuff is gone. All of her alts have been deleted. She was left in the drain going to Coilfang Reservoir to drown when we logged in. Apparently, according to friends who saw her popping on and off all night, the person that hacked her were in and out of slave pens. My guess is they were farming ore out of there. They'd bought 89 flash powders, and there were 10 adamantite ore sitting in her bags.

There has been some amusing tidbits from this, while we wait on getting her stuff restored and her alts undeleted. They got her mining up to 375, upgraded two of her rings(or maybe sidegraded) and got her somewhere in the neighborhood of 100k xp. Rat bastards got her ahead of me! I call shenanigans!

So, right now we're playing the waiting game, and I know stuff like this has been going around lately. I was wondering if any of my faithful readers out there have any tips for cleaning up the problem locally? I installed and ran kaspersky, found no traces of anything. Installed zonealarm, nothing suspicious outbound that I can see(although anything that I'm not 100% positive of is getting locked down). She's running vista, and aside from a keylogger, I'm really not sure how they could have gotten her password. Brute force, I suppose, but that doesn't seem likely. Any thoughts?


Bruthah said...

When this happened to my Rogue, wayyy back in the day, the most common breakdown was Javascript exploits via Firefox or IE.

Most notably on some very famous Addon sites (, in my case).

Boy did I feel foolish, as an IT expert. :(

Since it doesn't require you to do anything but view the page and the keylogger was obscure and new enough to not be caught by any antivirus solutions of the time, I got "owned".

These days I only use Firefox with the NoScript and Adblock addons, and I use a reactive and logging firewall that watches for new processes and outbound connections (Comodo).

Malfean said...

Thanks for the response. Yeah, it kinda bugs me too, seeing as I'm also in IT(are there any WoW bloggers out there not in IT?) and should've known better.

My main issue, at this point, is since I haven't found any evidence of anything, how to make sure her system is clean. I've got Sharon moved over to Firefox with noscript installed, and running zonealarm at the moment(it was free, and that made it quick), but it's causing issues for her, so I'll have to look into Comodo.


blogger templates | Make Money Online