Friday, April 25, 2008

Starting Over

(If you get this in a reader, sorry about the early / aborted post)

Wednesday night I went ahead and wiped the hard drive on my computer, and reinstalled Windows and WoW along with my security software. I never successfully identified the Malware that gave my account information. That worries me greatly because I don't have any corrective action steps to identify and take that would prevent this from happening again.

There are other possibilities, like my friend AoesRus' machine being the one with Malware. They could have logged into his account, found him relatively low on funds and materials and decided to move along to a more lucrative prize like Honorshammer.

Other possibilities that have been suggested to me are too disturbing to think about very long like the idea that someone at my ISP is "listening in" on my connection. Even more troubling was the idea that perhaps the gold sellers have someone "on the inside" at Blizzard with access to account information. The pockets of the gold sellers are deep, and people have been known to betray even their country for the right price.

Of course, there is absolutely zero anyone could do about it. I generally take the attitude that I can't worry about those things that are clearly beyond my control. My Mom taught me a saying as she was battling addiction in her life

God grant me the serenity to accept the things I cannot change,
courage to change the things I can,
and the wisdom to know the difference.

The other thing that has me nervous is WoW Web Stats. It run a small program on my machien to parse and upload the WWS. Could it be the culprit?

Then I read a comment from Jonathan on the "Hacked" blog entry.

"I'd be interested to know if you also have the Curse client, and what addons you use? That's the only thing I can think of."

That sent a cold chill down my spine. A week or two before I got hacked, I installed the Curse client. This is purely coincidental and circumstantial, but I'd be very wary of Curse right now. I wonder what is in that Client software of theirs. All the virus scans and Malware detectors work on some sort of signiture database to identify Malware. If the Curse Client has something in it, the user base might not be big enough for it to find it's way into the signiture databases. Most WoW gamers will probably not have the patience to wait through a HiJackThis log (could take up to 10 days). They will do what I did, reformat and move on.

I used my work computer to download only the most essential mods I needed.

  • Fubar (DurabilityFu, LocationFu)
  • ItemRack
  • OneBag (OneBank)
  • Omen
  • Grid
  • Xperl
  • Healbot
  • Deadly Boss Mods
  • Tankpoints
  • Tankadin
  • MobInfo
  • Natur Enemy CastBar
  • Pally Power

I got everything installed and downloaded all the patches for WoW. It was time to put this incident behind me and get back to some semblance of normalcy. The Mods that I really missed were Elkano BuffMods, Prat, and Scrolling Combat Text. I tried using Blizzard's SCT but everything was too jumbled up. I don't like the amount of screen real estat Elkano's needs, but I really like the way it makes it easy to see Debuffs.

With my mods up and Ventrillo running I was back in action.

2 comments:

Cal said...

Prat, SCT and EBB are all ace mods and several of the ones you named are as well.

You can get them directly from the source at files.wowace.com if you are worried.

Gwaendar said...

I concur. Ace mods in general, but the more popular ones in particular, get scrutinized daily. There's a clear audit trail for people accessing the version control system to upload modifications as well. The admins have taken swift and drastic actions in the past where shenanigans were happening with any addons using their servers (no, not keylogging, but there was an instance where a disgruntled coder changed an addon to lock up WOW if the user was also running another one which supressed the button calling for donations which I remember).

I deem these among the safer options.