Hacked with no signs of a Keylogger/Trojan

#0 - May 5, 2008, 4:36 p.m.

I was hacked over the weekend, and so far Blizzard has been very helpful. My toons and gear are being slowly recovered and replaced. The real bummer is how long it takes.

After 6 hours of scanning with all of the reccomended software, plus some extras, no security flaws were found on my machine. No virus/trojan/kelogger not even malicious cookies.... nuthin. My system seems clean as a whistle. I'm very security conscious and I've never ever had anything compromised in over a decade of having online accounts.

My question is:

Is it possible that they got me just by hacking my Gmail account?

I know they got in there because they transferred 2 characters to different servers, and that requires access to my email. I see the transfer and account change emails in there. (I've since changed email providers) They would have had to guess my security question but honestly... it's not that hard to figure out.

I'm calling accounts/billing to get as much of my account info changed as possible.

I'm reluctant to format my drive and reinstall windows without evidence that my machine was actually compromised.

Orlyia

#16 - Dec. 4, 2009, 7:39 a.m.

Malware isn't the only way this happens, although it is quite common.

Emails can indeed be compromised.

It is VERY unwise to reuse the same pass/IDs anywhere else - especially websites.

I didn't notice Malwarebytes on anyone's list - we've had excellent reports from players on that one, tends to find more keyloggers than some of the others.

I'd also recommend doing your scans with the launcher open and some junk entry in the account ID. We've seen some nasty keyloggers pop up lately that don't want to show on scanners unless the launcher is active.

Naturally any machine that has been used to access the game, Account Management - or these forums has to be suspect.

You may also want to look into getting an authenticator for your account. It's no substitute for good security habits, but it will keep anyone else out of your WoW account.

Blizzard Store
http://us.blizzard.com/store/browse.xml?f=c:6

Mobile Authenticator
http://us.blizzard.com/support/article.xml?locale=en_US&articleId=26109

Orlyia

#19 - Dec. 4, 2009, 8:03 p.m.

The other primary way this is happening is through social engineering, i.e., phishes.

Both ingame, and in folks regular emails.

I'd personally recommend everyone get in the habit and familiarize yourselves with how to open an email header and double check sender's information.

Remember - the information shown inside an email as a from address can be very easily spoofed, as can links in an email.

Just like a look-a-like website, these thieves have become quite adapt at taking legitimate emails and hiding a malicious url somewhere inside hoping to get a bite.