| User |
Message |
unkleanone
Posts: 1423
Joined: 01/04/2006
Credibility: 4053 pts
|
Hello everyone,
I hate to have to tell you this but for the last few days we have been under attack from a very malicious person. He has been running around embedding code in posts. They appear in the form of lil squares. At first we didn't recognize it for what it was it appeared to not be doing anything so we went to deleting and banning....unfortunately this did not work.
Anyway, today we have awoken to a serious problem. There is a trojan on gameamp. It sounds really bad but know that there are steps you can take to protect yourself from being attacked.
Block the site:
Go to your control panel then do the following:
1. Click "Internet Options"
2. Select the "Security" tab
3. Select "Restricted Sites"
4. Click "Sites"
5. Add the site url (453787.com) into the field and click add
6. Click "OK"
*Image of steps 1-6
7. Switch to the "advanced" tab, scroll to the bottom and find "Security" settings.
8. Check/enable the following two protocols:
"Do not save encrypted pages to disk"
"Empty temporary internet files when browser is closed"
9. Click OK and were done
*Image of steps 7-9
Also if you're intrested in more info on PC security you should read this guide Securing your computer from attacks and check out this guide, Keyloggers and you for help seeing if you may have been infected and on ways to remove it if your virus program does not.
Another way from being hit by keyloggers is to be sure to use the remember username checkbox. That way they will only get your password....wich will do nothing for them without your username. If you have not been running wow in this way I suggest doing it now and changing your password.
Furthermore please be sure to check your comments on your userpages as we do not have the power to delete those...only you do. If you see the lil square in one of your comments be sure to delete it. If you come across the lil square box in a comment somewhere be sure to let both me and thejeni know about it via pm.
Know that we are doing everything in our power to neutralize this threat. But this is something that is going to take your help to fix. STay on the lookout for this lil bugger:
Thank you,
Unkleanone
WoW Site Manager
***THIS POST HAS BEEN EDITED***
|
| 11/13/06 13:16 |
Login to rate this user's post! |
blackphoenix
Posts: 513
Joined: 09/23/2005
Credibility: 1070 pts
|
Do you happen to have the name of the trojan? In case anyone would have to remove it, it is much easier when you know what one it is.
|
| 11/13/06 13:33 |
Login to rate this user's post! |
Xaviak
GameAmp Staff
Forum Moderator
Posts: 736
Joined: 02/25/2006
Credibility: 478 pts
|
oooh, thanks for that! O.o
AmpWoW<-- Check it out if you need to find something. ^^
WoW@GA is looking for new staffers! More info HERE!
|
| 11/13/06 13:35 |
Login to rate this user's post! |
Xaviak
GameAmp Staff
Forum Moderator
Posts: 736
Joined: 02/25/2006
Credibility: 478 pts
|
| QUOTE | | Do you happen to have the name of the trojan? In case anyone would have to remove it, it is much easier when you know what one it is. |
Some info here:
http://guildwars.gameamp.com/forum/showTopic/49574.php
AmpWoW<-- Check it out if you need to find something. ^^
WoW@GA is looking for new staffers! More info HERE!
|
| 11/13/06 13:36 |
Login to rate this user's post! |
thejeni
Posts: 1690
Joined: 08/12/2004
Credibility: 2600 pts
|
And just an update. We have mass deleted the comments this code as placed it. They should all be gone now. If you do run across that code, please PM me with a link to where you found it.
|
| 11/13/06 13:46 |
Login to rate this user's post! |
Unbeatable
Posts: 39
Joined: 09/24/2005
Credibility: 80 pts
|
Thanks for letting us know. I saw one of the threads with the little dot (it has been removed though), opened the thread and replied. Will the trojan be on my computer now?
Anyway gonna scan and such now.
Unb
|
| 11/13/06 16:47 |
Login to rate this user's post! |
MartinTheWarrior
Posts: 635
Joined: 12/10/2005
Credibility: 2684 pts
|
Crap. I replied to one of that guys posts...
And, a better question to you guys(or prolly the devs :p) is why do you allow html or even inline frames in a topic area? Kinda dangerous/stupid(no offense :P) becasue someone could baically do that or make a picture come up it the topic.
Just a thought.
|
| 11/13/06 16:51 |
Login to rate this user's post! |
thejeni
Posts: 1690
Joined: 08/12/2004
Credibility: 2600 pts
|
| QUOTE | Thanks for letting us know. I saw one of the threads with the little dot (it has been removed though), opened the thread and replied. Will the trojan be on my computer now?
Anyway gonna scan and such now.
Unb |
I would strongly recommend running a virus scanner. I have not received any virus or keyloggers and I've been handling these things for about a week now. It seems it depends on what browser you are using (Opera seems to keep you safe).
|
| 11/13/06 16:52 |
Login to rate this user's post! |
MartinTheWarrior
Posts: 635
Joined: 12/10/2005
Credibility: 2684 pts
|
I use Firefox and nothing bad has happened yet...I don't think anyways.
Im running a full virus & spyware scan tonight though, just in case.
|
| 11/13/06 17:16 |
Login to rate this user's post! |
thejeni
Posts: 1690
Joined: 08/12/2004
Credibility: 2600 pts
|
| QUOTE | I use Firefox and nothing bad has happened yet...I don't think anyways.
Im running a full virus & spyware scan tonight though, just in case. |
If you do find anything, I would strongly suggest following the Guide Cyrix posted.
|
| 11/13/06 17:24 |
Login to rate this user's post! |
Unbeatable
Posts: 39
Joined: 09/24/2005
Credibility: 80 pts
|
I just finished a full virus and spyware scan and everything seems fine.
I also seem to recall that the thread I replied to had some broken HTML codes in it (Space between < and the actual code). That might have 'saved' me.
Btw, I'm running Firefox
***THIS POST HAS BEEN EDITED***
|
| 11/13/06 17:34 |
Login to rate this user's post! |
thejeni
Posts: 1690
Joined: 08/12/2004
Credibility: 2600 pts
|
| QUOTE | I just finished a full virus and spyware scan and everything seems fine.
I also seem to recall that the thread I replied to had some broken HTML codes in it (Space between < and the actual code). That might have 'saved' me.
Btw, I'm running Firefox |
It seems that using IE is what has made people vaunerable. Check out that thread to the GW site, they got into some technical discussion (most of which I don't understand).
|
| 11/13/06 17:46 |
Login to rate this user's post! |
MartinTheWarrior
Posts: 635
Joined: 12/10/2005
Credibility: 2684 pts
|
Why did the devs even let people post html code, much less post inline frames, on the forums? Strange to let frames work on a forums.
|
| 11/13/06 20:15 |
Login to rate this user's post! |
unkleanone
Posts: 1423
Joined: 01/04/2006
Credibility: 4053 pts
|
not sure I guess it just wasn't expected....Though it seems that thejeni is right if you run firefox or opera you are "safe" from the keylogger. Though you never know it may change so if you haven't already done a scan be sure to do so...and to answer the above question about the name of the keylogger cyrix reported that it was max.exe though no idea if it will always be this there are ways of making programs change there process name randomly.
Artistic Expressions, My new shop, purchase various items featuring original work and ideas from your's truly! Hell...It's about time.
The early bird may get the worm, but the second mouse gets the cheese.
|
| 11/14/06 03:07 |
Login to rate this user's post! |
blackphoenix
Posts: 513
Joined: 09/23/2005
Credibility: 1070 pts
|
The exploit was actually a vulnerability in Windows. The fix for it was actually released by Microsoft way back in April - see here. So it's possible it would work in firefox if the code was written to work properly there. It's just another reason to make sure you keep your computer up to date on the security patches.
http://windowsupdate.microsoft.com
You can check to see if you've already got that update installed by going to Add Remove Programs, make sure the Show Updates box is checked, then look through the list for and update that says Security Update for Windows XP (KB911562).
***THIS POST HAS BEEN EDITED***
|
| 11/14/06 07:53 |
Login to rate this user's post! |
thejeni
Posts: 1690
Joined: 08/12/2004
Credibility: 2600 pts
|
| QUOTE | | Why did the devs even let people post html code, much less post inline frames, on the forums? Strange to let frames work on a forums. |
I don't know what inline frames are, but I know that they Dev's allowed the html (that is past tense as you can't do it any more) for those people who used html rather than BB Code.
|
| 11/14/06 10:50 |
Login to rate this user's post! |
blackphoenix
Posts: 513
Joined: 09/23/2005
Credibility: 1070 pts
|
They did disable it? I just used HTML in a post today.
|
