Guild Enigma

World Of Warcraft
 
HomeFAQSearchRegisterMemberlistUsergroupsLog in

Share | 
 

 KeyLogger Warning *BEWARE*

View previous topic View next topic Go down 
AuthorMessage
Deadly Desires
Admin
avatar

Posts : 239
Join date : 2008-01-17
Age : 39
Location : Newcastle, England

PostSubject: KeyLogger Warning *BEWARE*   Wed May 28, 2008 1:27 pm

be very carefull guys
taken from official WoW forums

Just in case the CMs aren't up with the latest hot infosec news, the Chinese exploit pack "MPack" just obtained a brand new, "0day" unfixed vulnerability in Adobe Flash.

This is, right now at this very moment, being seeded to various domains (which obviously I won't link here most of them are .cn domains, but not all of them) in preparation for attacks on various online games, including World of Warcraft.

That's right people we're about to see another storm of keyloggers posted to the forums and possibly included in advertisements on third-party sites by goldsellers to steal your account so they can grab the loot, use your account to spam the heck out of us all, and then sell your gold back to hapless players.

Because this is really a "0day" vulnerability, no patch is available, and since virtually everyone on every platform runs the Flash plugin, you are (very, very likely) vulnerable.

Please be careful where you click, as merely visiting an infected site may at least try to infect your machine, and the password stealers are brand new, so many of the more mainstream antivirus utilities will not detect them yet. They may even try to sneak the exploits into ads served by legitimate sites; they've done it before, so webmasters, pay attention.

* The exploit was bought (probably for a lot of money) by MPack; no patch is available, but Adobe are urgently investigating.

* The people behind these attacks are the same people as last time; they have licensed this new MPack exploit pack to craft malicious websites to drop their account-stealing payload.

* These may not be the only people to license the exploit kit MPack has been used by many other fraudsters in the past to steal things like credit card numbers and PayPal credentials.

* The payload that the exploit tries to run is much more mediocre (at the moment) than the exploit itself; this could, of course, change at any moment.

* They haven't started posting it to forums or embedding it anywhere yet.

* Mac OS X is vulnerable to the exploit, but the current payload that the exploit tries to execute doesn't work on the Mac platform.

* Linux is vulnerable (if the Adobe Flash player is installed). I have no information on if the payload will execute under WINE, just like WoW; it might, but I don't think it will be functional.

* Targeted games appear to include World of Warcraft, Final Fantasy XI, and Age of Conan.

* NoScript mitigates the vulnerability if run on an untrusted site, but would not help if the exploit were embedded in an advertisement planted on a site you already trust (and in the past, these people have successfully targeted high-profile sites such as Curse, Allakhazam and Thottbot).

* FlashBlock mitigates the vulnerability (unless, obviously, you then click on the infected frame, which is remarkably hard to do).

http://blogs.zdnet.com/security/?p=1189
http://www.securityfocus.com/bid/29386
http://ddanchev.blogspot.com/2008/05...lash-zero.html

_________________


Back to top Go down
View user profile http://enigma.darkbb.com
Deadly Desires
Admin
avatar

Posts : 239
Join date : 2008-01-17
Age : 39
Location : Newcastle, England

PostSubject: Re: KeyLogger Warning *BEWARE*   Thu May 29, 2008 3:09 am

The latest version now fixes this exploit, Upgrade yoour flash player here guys

http://www.adobe.com/shockwave/downl...ShockwaveFlash cheers

_________________


Back to top Go down
View user profile http://enigma.darkbb.com
 
KeyLogger Warning *BEWARE*
View previous topic View next topic Back to top 
Page 1 of 1
 Similar topics
-
» Adam Fenix (SPOILER WARNING)
» Beware!!! Stay out of My Forest
» Stuck in Ventrue Tower error spams WARNING:msg overflow with Sethic
» Beware of "Bukowski"
» The Monthly Vow - January - beware the avenging angels

Permissions in this forum:You cannot reply to topics in this forum
Guild Enigma :: Public-
Jump to: