Thursday, July 24, 2008

20 Silver, 91 Copper

That's how much money I have across all of my characters this morning, down from about 8000 gold or so. I'm also out 8 Primal Mights, 32 Primal Fires, and just about any other Primal or item of worth that I had in my bags when I logged out late last night. In all, it amounts to well over 10k gold worth of materials lost.

So this is what it feels like... for the second time.

This is really getting old.

I logged into my Warlock expecting to be in Dire Maul, where I usually plant him upon logging out for hopes of finding a rare spawn upon my return. But when I logged in this morning, I noticed immediately on the Character Select screen that he was in Shattrath and felt incredibly uneasy about it. I loaded him up, and indeed found his bags empty. I checked my other toons--theirs were empty too.

The uneasy, eerie feeling I experienced during those first moments were not unlike those that I felt when I logged into my blog and found a vacant, empty space those many weeks ago. It's not so much an "OMG MY STUFF IS GONE!" kind of emotion as it is a "How on earth did this happen?" kind of thing.

Now before you go on thinking about all of the irresponsible actions and behaviors that could result in having an account compromised, hear me out.

I don't visit weird sites. I don't download weird programs.

I scan my HD regularly, and am very cautious and concerned about my internet security. I have set up Firewalls, both software and hardware, and felt pretty secure about all of the extra precautions I have taken.

Obviously, none of this was enough, and even after scanning my drive with two different programs, nothing turned up. I am totally baffled, but will be taking more time to figure out how things went wrong. Hopefully it'll be something to learn from.

In the meantime, I really have to ask myself if this game is really worth all of the trouble it has been lately. And sadly, I don't have an answer for that just yet. Ironically enough, the thief left all of my TOONS intact, allowing me to play just as I have been over the past many weeks. No gear was vendored. All gear is accounted for.

And if this is some sort of twisted joke, it's totally not funny. Not at all.

If any of you could offer up some advice on what to check, where to check, etc, after an account has been compromised, please let me know. And thanks if you do.


Anonymous said...

Damn Jag, who has it out for you?

Anonymous said...

Did you run the Hijack This program?

SN said...

Not a joke, buddy. If it were, the person involved would get fired, and no one wants to risk that in our department, or any for that matter.

By the sounds of it here, you'll be put back together shortly. Don't worry, and see you tomorrow.

Zyphre said...

Jago, there are many many ways that people can exploit your machine without your knowledge. Do you have wifi? Doesn't matter if its password protected, if its not changed regularly it can be bruteforced in about 36 hours on average. As is the case with most passwords.

If you use similar passwords for different things, and don't change them regularly I would suggest starting to get into this habit.

I'm not sure if your aware of this, but blogger is a current favorite host for various hijacks and exploits. Usually in the adds, but they can be tricky. I'd suggest also making a large password, saving it to a text file and copy/pasting to avoid any further keylogging that may be present.

Reformat imo.

EvilCheeseWedge said...

We need to get you a Blizzard Authenticator when they come back in stock!

But, sorry to hear that :(

Huff said...

Less QQ more warlock posts k? =p

Horns said...

I think you're just trying to get some attention...

Jokes aside, reinstall OS or something, if it happened twice it will happen again. Wish I could be of any help but got no idea.

Jagoex said...

I'd sign in to respond, but if the keylogger is still on my system I don't want to take a chance with passwords...

@Zy: I play on a connected comp; no others that are connected via wifi have WoW installed. Passwords changed regularly.

The ads may be coming down after this--not because I think they were the source, but because some of them may benefit, being that they are gold selling sites, from situations such as my own, and I simply cannot support that.

@Horns: I'm thinking about doing a full format of the HD, but I'm hoping that will be a last case scenario. There's just so much stuff I'd need to backup, the thought of having to do so is a painful one (although, it probably should be done anyway).

Horns said...

Just copy all the data you need to another partition and check it with AV software after reinstalling the OS - it is quite common for certain viruses or trojans to block antivirus from finding it once it gets "settled in". Good luck :S

Zyphre said...

I disagree. I get machines in here all the time that have malware imbedded in places it can't be removed. Get some dvds or an external HD and wipe that bitch. Scan things before you transfer you data back too.

Horns said...

Isn't that what I said? I don't understand what's there to disagree? :O

HolyWarrior said...

Dude, thats sux man.

Something that hasn't been sugested or asked is how strong are you passwords.

They need to score all 5 points below to give you a very good chance of not being brute forced.

1. At least 12 characters long
2. Not be a real word or name or combinatiosn of.
3. Contain mixed case letters
4. Contain numbers
5. Contain symbols like _

Oh, and btw, holding your password in a text document and copy and pasting it when you need it is widely regarded as pointless as any keloggers will also be able to read files and the contents of your copy buffer as well as detecting mouse clicks and screen cordinates if your trying to be clever and paste in partial bits of passwords.

However, with a good strong password are you going to remember it? No. So that is the only point of keeping it in a text document!

Wipe hard disk now!!

Zyphre said...

There is some truth to what holy warrior said. Though 90% of keyloggers can be fooled by copy pasting. If your really worried about it being that advanced, check your computer for a hardware keylogger :P they are the only things that can easily track mouse coordinates and such without the system detecting it.

But even so, onscreen keyboard will work. Or better yet - add dummy characters to your text file password so you can remove it after a paste.

Anonymous said...

I read somewhere you can use the Parental Controls as a way to keep people out of your account when you're not around. In the article, they used it to cut off access to their account once they realized it had been hacked.

Zyphre said...


Sorry, I misread your post :)

Jagoex said...

The source of the infection was likely found--a Gorefiend construct simulator that I'm sure many of you have heard of or even played.

I'm still scratching my head about how this went down, however. I am running FF3, two levels of Firewalls (hardware, software), and actively scanning anti-virus and anti-malware programs. None of them so much as peeped before or after I had knowledge of the infection.

Meh... I should never have left the keyboard of my Mac...

stih said...

I played the Gorefiend construct simulator long ago, but there is no telling how many different copies have been made and edited to do who knows what.

Not long ago Blizzard had an announcement posted via the log in window that warned players of an exploit in the Adobe flash software. Players were told to uninstall, and reinstall the latest updated version ASAP. This was made several months ago, and just last week I've had 2 or 3 members of my guild have their accounts hacked, so it's hard to narrow down the problem.

Anonymous said...

In the last week it seems like there has been a new outbreak of keylogging. The forums are way more active than average about it. I wonder if this is a new problem with flash?

Anonymous said...

What is worrisome to me is that many of the keylog victims are Firefox 3 users that have updated their Flash program.

Anonymous said...

Somehow I find your whole situation hilarious, no offence

Anonymous said...

Run Hijack This and submit the log to a forum listed on their website. Or format.

Anonymous said...

ps, such is the price of your fame. I hope you get it fixed.

Anonymous said...

What fame? The last time I checked playing a video game didn't warrant any sort of accolades.

Hatz177an said...

It becomes obvious what your problem is Jago when you read this thread... you have just as many admirers as you do jealous haters.

Jagoex said...

@Hatz: I want as many of the latter as possible -- they only validate everything I do, afterall. ;)

How's your little one and the Mrs.?

Hatz177an said...

Good and good. I left a message on your phone last week. Call sometime.

Anonymous said...

I'm glad these posts make Jago feel better about himself and how much time he wastes in here when he SHOULD be spending it with his wife and his new child. Argue that Jago, because saying ANYTHING about how you should be here and not dedicating yourself to that child just proves even more that your a shit person and now you're also a shit parent.

Jagoex said...

It's not about feeling a certain way about myself; to me, they simply say "hey, someone is reading your material, and that's a good thing."

But lets take a deeper look at your commet: by it's logic, taking any time for anything other than spending it with my child would make me a bad parent. GG sleep, bio, and work then, am I right? Besides, how long does it take to make a post on the web? Two minutes? Five minutes? Not too long, is my point, and definitely not long enough to interrupt more important events of the day.

Sure, I could be spending EVERY moment with my girl, but that's not a healthy behavior (especially when she's napping). Babies, especially crying ones, are stressors, and no one should be expected to willingly expose themselves to a stressor 24/7. I'm not a single parent, and thankfully, my wife shares parental duties with me. So really, all of this talk about not spending time with my daughter is nonsense on two levels, and poses no real problem.

Now, if I wandered the web and made anonymous, instigating posts, maybe it'd be a different story. ;)

Thank you for reading my blog.

Anonymous said...

Not worth it Jag. I have one level 70 and I log in very occasionally at this point. Just long enough to scan the AH for some raw meat, which I cook and vendor. I will play Wrath, b/c it sounds as though it may actually have some different game play opportunities. Button mashing and database massage don't hold my attention. All the same, sorry for the loss of your stuff.

-cenarionlabs dot

Anonymous said...


no really, sorry to hear you got your stuff stolenz. it's never fun :(

personally, i just opened a ticket with blizz when it happened to me... etc etc. did you at least report it to them via a ticket? even if they cant restore stuff, they may find the source of it all. not that they share that source with you if they do.. but meh.

it's just a game, in the end. dont let it get ya down.


Jagoex said...

Thanks Jade. I got it taken care of. Be on vent sometime and I'll tell you the deets. =P

@cen: Thanks for the kind words, bud. Much appreciated.

Anonymous said...

ugh, i try to sit on vent when im home but i work wayyyyy wayyyy too much sometimes... i barely log onto WoW right now. just been way too busy. on the weekend i can be at sometimes from 11am until about 1am the next morning... funfun >.>

good you got it taken care of. we'll chat soon :p


Anonymous said...

@Jago - Perhaps this event is telling you something that you should heed. Bad things happen so that you both learn from mistakes, as well as be punished for poor choices. Look deeper into that.

@other anonymous people - Instead of attacking like ravage beasts try attacking with valid points and proper grammar, as well as with a level head. You may find your words do more justice that way.

@zyphre - You're an intelligent person, but you cling on to others far too often. Be your own person and don't feel as if you know everything. Not everyone is 100% correct on everything. Also, you tend to overthink/overcalculate issues. Sometimes it's a simpler solution than you might imagine.

@WoW Players - You may be wasting much more of your time than you really should be. It's not a matter of playing that's bad, it's the wasted time that accomplishes nothing when you lack a specific goal as your own result. Try figuring out what you ultimately want from this game, and every time you play, or throw it away now. Time that's lost to sloth only makes your soul weaker. Not to mention, you only have so much time in this life. Don't waste it doing nothing.

Anonymous said...

"Thank you for reading my blog."

lol, best way to handle haters right there.

Upas said...

Unfortunately, my account got hacked and I was not able to recover the password (long story) on July 7th. I just made a new account and rerolled Shaman.

Michael said...

I know a lot of people hate vista and UAC, however it does provide a lot of things to prevent machines from being hijacked. I run wow as a regular user (not elevated or as administrator) same with my browser - nothing - even if its a browser exploit - gets installed without my or the os's knowledge. Feel free anyone to point out a rootkit/spyware/virus hack that has bypassed UAC.

One of the core problems with spyware scanners and virus scanners is they are totally signature based. They also have an extremely hard time detecting root-kits. Signature based issue simply means if the virus scanner doesn't understand it - it won't detect it. My father had a rootkit on his machine and the virus scanner didn't even see it (nav something or another) - I discovered it with the rootkit revealer and removed a .sys driver by hand to clean up the machine.

Jonathan said...

Sucks man, but sadly the only way to stay safe on the internet is to disconnect from it. My suggestion would be to format and get a Blizzard keychain thing when and if they come out again. It seems like the only way to stay safe, for now. =/

Anonymous said...

I wrote this huge response and then noticed the comment before mine summed it up. Getting all of that protective stuff is good, but nothing keeps you safer from network attacks than unplugging from it.

Nikki said...

Hope you get things fixed!

jeremiah said...

if you have a keylogger on your system, the only way to get rid of it, and KNOW you got rid of it, is to reinstall the OS from the manufacturer's disk. Not a pirated disc from thepiratebay.

If your computer is shared with someone else, kick them to the curb. If you install junk like MySpaceIM, don't reinstall it. Don't run keygens on this pc.

If you do anything at all shady, do it inside a virtual machine, and set up the disks so changes aren't persisted, so nothing can get a foothold.

If you have other machines on the network, firewall them completely; don't allow file or printer sharing between them. Don't even stream music between them. Segregate. Maintain a pristine environment.

You're getting keyloggers because something is making it onto your machine. Don't trust scanners to find it; new keyloggers come out almost daily.

once you've got one, the only way to get rid of it is to reformat. even if you could detect the actual malware, you can't know if that malware allowed an attacker to install something else that you can't detect.

you can back up your data and restore it when you're done, but not any .exe files, not even wow.exe. nothing that can be executed. use opendns to reduce the chance that you'll fall victim to dns vulnerabilities.

If getting your account hacked really bothers you so much, then you really can't be too paranoid. Cut no corners, leave no precaution untaken, and be militant about it. once the authenticator tokens come back you can relax a little bit, but you still must maintain vigilence if you do things like online banking or things of that nature.

Jagoex said...

@Jer: I've run massive scans and have basically picked my connection apart, and have found nothing. The only way I will feel better, unfortunately, is to format and start all over again.

Thankfully, most of my files are already backed up, and I have my Macbook Pro to fall back on. I should have never stopped using it as my main, actually. =/

Thanks for your very helpful response!

Star said...

Oh noes Jag! I'm so sorry! Is everything okay now????

Anonymous said...

karmas a bitch?

Latus said...

Ironic... a day after reading this post (roughly 2 weeks ago), I found my own account having suffered the same fate. Thankfully the hacker was not smart enough to have changed my passwords, and I guess I caught him in the middle of his transactions as I managed to cancel a whole bunch of auctions he had put up.

Much like you, I had not installed any new software, nor any new addons, in the past week prior to getting hacked. Two questionable addons had been installed roughly a month prior.

The one thing I -had- done was install a new network printer and allow printer sharing between my home network. I live in a condominium that has 54 floors. I'm almost certain my lack of experience with networks opened me up to unscrupulous internet users... I just don't know how unlucky I had to be to be within wi-fi range of someone who played WoW and hacked peoples' accounts for a living! :(

I got all my stuff back thanks to an overly nice GM, including some freebies which he summed up to "It's like Monopoly.. bank error in your favour!" but the very first thing I did was change my password from an unrelated direct internet connection on a neighbor's computer, format my pc and reinstall a copy of WoW I had on my laptop from about a year ago.

Formatting sucks, hackers suck, losing your stuff sucks... sums it all up :(

jdryner said...

How is your password strength? Does it use all letters, spell a word (mywowpassword)? All numbers? Don't use birthdays (01011991), phone numbers (5558765309), or your ssn (1112345678)...ever.
The stronger password combinations are alphanumeric (1o5e6s0x), and the best are alphanumeric with the dingbats on your keyboard (0m@u6$o51l#). The only other thing that might help is an authenticator.

-Rathwyn (Alliance, Drenden)

jdryner said...

Also, a good antivirus program, if you don't have one already, will likely find any gaps in your security, including viruses, unsecured networks, and will enable you to locate the ip addresses of potential hackers.

-Rathwyn (Alliance, Drenden)

jdryner said...

Judging by one of your "Anonymous" posters, you may want to start looking at the people around you. That poster seemed to think he knows a lot about your life. Maybe he/she is someone close to you...but that would be paranoid.

-Rathwyn (Alliance, Drenden)

Rokaputo said...

I was victim of an account theft too.
The sadly part of this is that normaly, when some "pig" steal your account is to announce "GOLD SELLING" at illegal webs that sell gold that is stolen to us.
This make me sick. !!
Support Jagoex and every who suffered it!!!
Good luck and Long Life to Wow.