Update Windows!

[Rollie]

So looks like the way hackers were gaining access to WoW Login information was actually a cursor security flaw. A patch was released by Microsoft on the 3rd so be sure you update your version of Windows!

--------------------------------------------------------------------------------


<h1>Cursor hackers target WoW players</h1>
<p>
World of Warcraft has become hugely popular around the globe
World of Warcraft players are being targeted by hackers exploiting flaws in how Windows handles animated cursors.

The flaw came to light in late March and lets attackers take over vulnerable PCs via booby-trapped websites.

Warcraft players seem to be one of the targets because accounts for the game are potentially worth significant sums of money.

Microsoft has issued a patch for the flaw early to combat the rising number of attacks.

<b>Player power</b>

Security firms tracking how criminal hackers are exploiting the cursor flaw suspect there are many websites hosting the code that can be used to take over vulnerable PCs.

Some of the sites have been specially created but others have been hacked to be unwitting hosts for the infection.

The potential for the flaw to do harm grew significantly with the discovery of a website that automatically generates all the attack files needed to turn a site into a booby-trap.

A large number of criminally-minded hacking gangs are cashing in on the flaw.

One Chinese group known to be using the animated cursor flaw scored some success in February when it managed to hack a Superbowl website and use it to host code for spyware.

There is a ready market for card data on the net
Analysis of that malicious software showed that it lay dormant on a victims machine until they ran World of Warcraft (WoW) at which point it captured login data and sent it to the hacking group.

The group's enthusiastic use of the cursor flaw suggests it is trying to do the same again.

The online fantasy game now has more than eight million active players around the world.

Research by security firm Symantec suggests that the raw value of a WoW account is now higher than a credit card and its associated verification data.

One card can be sold for up to $6 (?3) suggests Symantec, but a WoW account will be worth at least $10. An account that has several high level characters associated with it could be worth far more as the gold and rare items can be sold for real cash.

In a bid to head off the growing threat from the animated cursor flaw, Microsoft took the unusual step of releasing a patch for the bug on 3 April.

Usually Microsoft issues security patches on the second Tuesday of every month. The patch for the cursor flaw arrived a week early and Microsoft has been preparing it since December when the bug was first reported.

Windows users can get the patch via automatic updates or visit Microsoft to download it manually.

On its security blog, Microsoft said the patch was released early "to help better protect customers from this threat".

The software giant urged Windows users to download and install the patch.

It said there was a chance that attacks via the vulnerability would increase but had seen little evidence of widespread use yet.


Original article from <a href='http://news.bbc.co.uk/2/hi/technology/6 ... 851.stm</a>
</p>

[Babs]

so that's the new updates from yesterday =)

[oiseaux]

Research by security firm Symantec suggests that the raw value of a WoW account is now higher than a credit card and its associated verification data.

One card can be sold for up to $6 (?3) suggests Symantec, but a WoW account will be worth at least $10. An account that has several high level characters associated with it could be worth far more as the gold and rare items can be sold for real cash.

I read this and couldn't believe it!! lol

[DM.]

Its true.... with a Credit Card you don't get as much info as you can with a WoW password. Because with WoW you got your name, address, phone number, etc... Identity theft

[Tartara]

Macs FTW

[WyriHaximus]

Ffs when do they start adding affected browsers to articles. Now I still don't know it affects me since I use FF to borwse >_<!!!!!

[DM.]

But if they were to get a keylogger onto your system the method they use is the method that Microsoft just patched. So if after you patch a keylogger came onto your pc it can't read your data.

So you should still update your system, regardless of what browser you use...

[Rollie]

It's a valid question though. I'm curious as well as I am betting if it was any kind of ActiveScript problem, then it is only IE who would be at risk.

[Rollie]

According to this article, Firefox was vulnerable too:

http://www.computerworld.com/action/art ... onomyId=89

[Babs]

The solution is simple:
don't use internet anymore

[Alanthus]

Quite a few viruses out there targetting this bug, anyone running unpatched older versions of email viewers like outlook are just as vulnerable as someone browsing compromised sites. Had to clean one from a computer at work today and the infection vector was email, I was a little surprised at the virus spamming game sites but reading about the wow account theft angle explains it I guess.

[WyriHaximus]

But if they were to get a keylogger onto your system the method they use is the method that Microsoft just patched. So if after you patch a keylogger came onto your pc it can't read your data.

So you should still update your system, regardless of what browser you use...

True and thank Torwalds for linux ! (Yes I have IE on linux aswell, just for developing reasons .)

The solution is simple:
don't use internet anymore

That was/is also the best way not to get hacked .

According to this article, Firefox was vulnerable too:

http://www.computerworld.com/action/art ... onomyId=89

The article says both 0_o!