Saturday, April 26, 2008

Suspect: Healbot

So I was reading a post over at Big Red Kitty called "You Know We Are At War". Buried in the comments was this little jewel:

"When you download your addon (and these are almost entirely from addons) take a moment before installing them to examine them.

What, you use an autoinstaller? No, or at least not any more unless you’re willing and able to do the checks in the addons folders before running. (yes, I love Aces autoinstaller. I do manual checking.)

Anyway, examine them before you load WoW if not before you install. Safe files are those that end in nothing, toc, lua, and txt. Unfortunately all the addons have to have an xml as well so regretfully we have to allow that too. Now anything else is to be treated with caution - but not automatic rejection. For example Auctioneer has an mp3 file, and cycircled (along with most other addons that do visual changes) uses tga files.

If it’s an exe, com, bat, jpg, scr, html, or any other ‘executable’ file extension, stop. Delete."

So I ran a check on my system and sure enough the Healbot addon has both a jpg and an html. FreeMoney.html and myshop_WoW. jpg.

I opened the html and looked at the code. I didn't see anything suspious. There is not javascript in the file at all. I don't have the skills to check the jpg for exploits. I've run Healbot since my reformat, so the thought that this Addon could be the culprit scares and sickens me at the same time.

I'm searching for a tool or something/someone who can give a thumbs up or thumbs down to myshop_WoW.jpg.

If you use Healbot, I recommend you check your Addon folder for the html and jpg and delete just to be safe.
Post a Comment