be very carefull guys
taken from official WoW forums
Just in case the CMs aren't up with the latest hot infosec news, the Chinese exploit pack "MPack" just obtained a brand new, "0day" — unfixed — vulnerability in Adobe Flash.
This is, right now at this very moment, being seeded to various domains (which obviously I won't link here — most of them are .cn domains, but not all of them) in preparation for attacks on various online games, including World of Warcraft.
That's right people — we're about to see another storm of keyloggers posted to the forums and possibly included in advertisements on third-party sites by goldsellers to steal your account so they can grab the loot, use your account to spam the heck out of us all, and then sell your gold back to hapless players.
Because this is really a "0day" vulnerability, no patch is available, and since virtually everyone on every platform runs the Flash plugin, you are (very, very likely) vulnerable.
Please be careful where you click, as merely visiting an infected site may at least try to infect your machine, and the password stealers are brand new, so many of the more mainstream antivirus utilities will not detect them yet. They may even try to sneak the exploits into ads served by legitimate sites; they've done it before, so webmasters, pay attention.
* The exploit was bought (probably for a lot of money) by MPack; no patch is available, but Adobe are urgently investigating.
* The people behind these attacks are the same people as last time; they have licensed this new MPack exploit pack to craft malicious websites to drop their account-stealing payload.
* These may not be the only people to license the exploit kit — MPack has been used by many other fraudsters in the past to steal things like credit card numbers and PayPal credentials.
* The payload that the exploit tries to run is much more mediocre (at the moment) than the exploit itself; this could, of course, change at any moment.
* They haven't started posting it to forums or embedding it anywhere — yet.
* Mac OS X is vulnerable to the exploit, but the current payload that the exploit tries to execute doesn't work on the Mac platform.
* Linux is vulnerable (if the Adobe Flash player is installed). I have no information on if the payload will execute under WINE, just like WoW; it might, but I don't think it will be functional.
* Targeted games appear to include World of Warcraft, Final Fantasy XI, and Age of Conan.
* NoScript mitigates the vulnerability if run on an untrusted site, but would not help if the exploit were embedded in an advertisement planted on a site you already trust (and in the past, these people have successfully targeted high-profile sites such as Curse, Allakhazam and Thottbot).
* FlashBlock mitigates the vulnerability (unless, obviously, you then click on the infected frame, which is remarkably hard to do).
http://blogs.zdnet.com/security/?p=1189
http://www.securityfocus.com/bid/29386
http://ddanchev.blogspot.com/2008/05...lash-zero.html
Subject: KeyLogger Warning *BEWARE* 
Wed May 28, 2008 1:27 pm
