Posted by Kaelten Dec 02, 2008 at 01:10 UTC
Another jerk or group of jerks took advantage of the holiday weekend to spam a few thousand comments on the website.
These comments, due to a small security hole in one of the parsers, was able to embed an iframe on the page. It would then in turn try to target out of date versions of Flash.
We've cleaned up any of the comments that we can find, prevented any further ones from rendering, and plugged the leak in the parsers.
I'm not sure exactly what he was trying to install on machines, but I know it looks like it specifically targeted IE with Flash lower than 9 r124.
We're doing what we can to ensure that this type of attack on our users is impossible in the future. Please check your flash version, if you have a vulnerable version please run a virus scanner and try to make sure all is good.
If anyone discovers more information about what exactly they where trying to do, the effectiveness, and detection/cleanup techniques please post them in the comments.
Posted by Kaelten Dec 26, 2008 at 04:12 UTC
I hope everyone has had a great Christmas, or observation of choice. Sorry I didn't post it earlier, my internet is spotty atm.
Anyway, blessed holidays to all!
Posted by Ackis Dec 18, 2009 at 22:37 UTC
Well, it's that time of the year again. The holidays are upon us.
A lot of people will be taking time off so please have a bit of patience when submitting new files/projects for approval. We'll get to them as soon as possible.
We'll see you next year!
Posted by Ackis Mar 01, 2010 at 04:49 UTC
Anyone who has an authenticator attached to their account should run a search (and probably an antivirus scan in case it's on the threat list already) immediately and ensure the file emcor.dll does not exist on your computer. This file is one reported to be allowing hackers to access World of Warcraft accounts that have authenticators attached to them. It's also possible there are other variations of these suspicious files, so if anyone has additional information please respond in the comments.
Based on this thread, the file may be found in /users/username/appdata/Temp. Since the file is fairly new (first mentions of it are only a few days ago), and the common source is unknown, I urge everyone to not log in to World of Warcraft or the account management site until you've run a scan. Confirm your computer is secure before using your authenticator, because this DLL file is allowing hackers to crack through it and access your account.
A warning sign that you're currently infected with this keylogger is that WoW will say your authentication code is incorrect, even if you know for sure you typed in the correct code. Thanks to Cameron for posting about this in our forums, too.
Posted by ckknight Sep 02, 2010 at 03:34 UTC
Hey beautiful people, ckknight here.
I know this is a shameless plug, but I'm gonna go for it anyway.
I'll be on two panels this year at Dragon*Con in Atlanta, GA, which is happening Sept 3-6, talking about WoW addons, so if you're around there or going to it anyway, feel free to come by.
There's gonna be a lot of fun WoW-related and general MMO-related stuff going on this year outside of the panels I'm gonna be on.
Here's the ones I'm doing:
Title: World of Warcraft - Q&A
Title: World of Warcraft - Addon Kung-Fu
Well, that's all done and I'm glad to be back. Was able to meet a few people and I hope I made a good impression ;-).