Make sure you are using firefox on the WoW forums, ladies

[Cad]

Found this little gem on the warrior forums, apparently silently installs a keylogger via activex if you are using IE. They're looking for WoW passwords then D/E'ing all your stuff and deleting your characters, and sending shards/gold to farmers.

So use firefox.. or... be really really careful what you click on. There's lots of these links on the WoW forums right now.

[Soygen]

Fucking ActiveX.

[Hardcore Cracka]

edit: nm, who uses IE lol

[WarderX]

I think you still have to be a retard who clicks "yes" on random install boxes for this to affect you.
I could be wrong, but I'm pretty sure all activex apps have digital signatures.

[Cad]

Quote:

Originally Posted by WarderX

I think you still have to be a retard who clicks "yes" on random install boxes for this to affect you.
I could be wrong, but I'm pretty sure all activex apps have digital signatures.

I don't think this actually "runs" anything, from the looks of it, I think it just saves the .exe on your box and adds it to your startup folder, so next time you reboot it'll run. That might be how they're getting around the install warnings?

No idea, my activex-fu is non-existant, never touched the stuff. The word I'm getting from people who did inadvertently install it though was that they didn't get any warnings.

[MinionOfCthulhu]

Hey look, another reason to not go to the WoW forums.

[Cad]

Quote:

Originally Posted by MinionOfCthulhu

Hey look, another reason to not go to the WoW forums.

Indeed, but ironically most of the people I know who actually did download this got it from a mod website (not Curse) downloading some C'Thun warner mod.

It's certainly not limited to the WoW forums, this keylogger is making the rounds right now.

[Soygen]

svchos.exe is the file?

[Cad]

Quote:

Originally Posted by Soygen

svchos.exe is the file?

Looks that way, although it could be named anything once it's actually running with admin powers.

[Lefazz]

The average user is so stupid that they probably will click "YES" on everything. Especially if they've installed a firewall which essentially harrasses you constantly. People are being trained to click "YES" and "OK". I've seen on plenty of occasions valid processes being blocked out and fucking up the system because you click "NO".

Anyway, just use Firefox. That shit can't happen period with that (as long as you don't install the ActiveX plugin.)

[Xurlitil]

Lynx is the only browser for the internet these days. In fact, I just made this post using it. c-line text only browsers for life

[Gauss]

Quote:

Originally Posted by WarderX

I think you still have to be a retard who clicks "yes" on random install boxes for this to affect you.
I could be wrong, but I'm pretty sure all activex apps have digital signatures.

You are wrong. Activex controls will automatically execute unless you change the default settings on my computer. I've had to wipe my hard drive on previous computers due to this kind of bullshit, so I take no chances on this computer and simply opt out of viewing sites outside of ones I trust.

Edit: And for the love of god can a mod reset my signature.

[Goanad]

Why dont blizzard and the f-ing anti-gold farming zealots let them bastards go farm gold instead of banning them and then reaping shit like this when they(the farmers who got banned) get their buddies to write crap like this and put it out on the net.

Or lower repair costs....whatever you know.

[Nehrak]

I'm not sure if I should be surprised what WHOIS returned for the domain address in question in that popup. (nihailai)

[Talzar]

"Make sure to use Firefox"... Or you know, just run IE on a higher security setting that prompts you before running ActiveX code.