#0 - Oct. 22, 2007, 10:27 a.m.
Caution
There are numerous things you can do to check the intergrity of a post and links within it and these include:
1) Before clicking links, make sure that a reputable hosting site has been used. For example, Image Shack.
2) Ignore the content of the post. Previously, it was possible to identify potential keyloggers via bad grammar and written language and the general content of the post. Now however, keyloggers have started posting on issues that genuinly do effect the player base and as such, people have been fooled into clicking links.
3) If it is a server forum, check the character that is posting the links. If the character is posting from another server it is best to exercise caution when clicking links.
4) Check the posting character's post history if you don't trust the links that they provide. In a large proportion of cases, a vast quantity of posts containing the same content and a link will mean that the poster is a keylogger.
5) Check the spelling of what look like legitimate links. For example, the "o" in World of Warcraft may be replaced with a "0" (zero) in order to trick you into click the link.
6) Check replies in the thread. In most cases, another member of the community will highlight a suspisous post and if this is the case, a report should be made.
Preventative Measures
There are numerous ways you can go about preventing keylogging scripts from activating, via modifications to the web browser you are using. One thing people must remember is that Firefox does not render you 100% safe from Keyloggers and anyone under this illusion is mistaken.
Firefox
Firefox users can use an addon called, "NoScript." This addon will prevent web-based scripts from running unless you give them express permission. This is not a 100% promise that keyloggers will not succeed in their role but it is a viable preventative measure that all user should use if they are freuently clicking links to outside websites.
Internet Explorer
You can configure anti-virus solutions to block scripts running in Internet Explorer but not all AVs feature this tool. Internet Explorer will natively block certain scripts but thsi does not 100% secure your safety when clicking on external links. The best thing to do is find an AV solution that comes with a script blocker and invest in it as it is a step to ensuring your safety when browsing. You can also install NoScript for Internet Explorer as well.
System OS Solutions - Myth
It is a common myth that Linux and Mac solutions are immune to keyloggers and viral infections. This is not entirely the case. Whilst keyloggers and viral infections designed for Windows solutions will (99.9% of the time) not work on Mac or Linux, these OS solutions are not immune.
As more and more people begin to use these distribution, the worth of writing keylogges for them becomes larger. This is also evident in programs such as Forefox. It is better to assume that you are as vulnerable as a Windows user and secure your system appropriatly.
Macintosh and Linux do not natively have greater immunity to viruses than Windows. The worth of writing viral solutions for these OS's is lower than that of Windows due to the amount of people using them (approx. 20% of the market). Do not become complacent because you feel your system is 100% safe. SECURE ALL SYSTEMS, REGARDLESS OF THE OS, PROPERLY.
Posting
Another prevantitive measure that the community can take to avoid the problem of keyloggers is to use reputable sites only to host images and not private servers or unknown image hosting providers. This will allow the community to identify a select range of links that are genuine and will also allow them to identify potential keyloggers.
The following link to reputable image hosting websites:
ImageShack - http://imageshack.us/
PhotoBucket - http://photobucket.com/
Free Image Hosting - http://www.freeimagehosting.net/
All You Can Upload - http://allyoucanupload.webshots.com/
Filefrog - http://www.filefrog.net/
All Videos should be hosted with equally reputable video hosting services such as:
YouTube - http://www.youtube.com/
Google Video - http://video.google.co.uk/
Stage6 - http://stage6.divx.com/
Keyloggers will work under the disguise of genuine addon distribution sites. It is highly unlikely that the majority of these sites are genuine and if you want to be sure that the site you are gaining your addons from is secure, use the following sites that are genuine addon distribution sites:
Curse - http://www.curse.com/
WoWUI - http://wowui.incgamer.com/
WoW Interface - http://www.wowinterface.com/
WowAce - http://files.wowace.com/
Official Blizzard Email Hoaxes
There are numerous emails that are distributed amongst players that appear to be from official Blizzard employees. If the emails ask for any personal details or account information (password, username etc) they are not from Blizzard. Blizzard will never ask you for your password.
There have recently been a host of emails claiming to be offering access to a Wrath of the Lich King beta competition. There emails are fake - there is no WotLK beta currently announced.
For more information on the risks of unofficial emails, please check http://forums.wow-europe.com/thread.html?topicId=301360209&sid=1
Detailed Guide on Securing Your PC
This post is intended for you to spot potential keyloggers and not to provide you with detailed instructions on how to secure your PC. If you wish to know more about securing your PC, visit http://forums.wow-europe.com/thread.html?topicId=273198555&sid=1
Examples of Recent Keylogging Posts
Here are some examples of recent posts that keyloggers have posted to give you an impression of what sort of outline they follow. Please note that keyloggers have begun discussing and using genuine World of Warcraft addons (Cartographer, FuBar, KLH etc), classes, issues and other gaming titles as a way to trick you into clicking the links. In most cases, these are not legitimate and should be avoided at all costs.
If you feel a post is a keylogger, the best thing to do is report it as soon as you are suspicious. It is better to remove genuine posts that are not keyloggers than to risk the potential damage that keyloggers can do to your community.
Example #1
Q u o t e:
Cartographer is a modular, lightweight, and efficient framework for manipulation of the world map. It is based on Ace2 and other libraries of the Ace community.
* Battlegrounds : allows viewing of battlegrounds outside of the zone.
* Coordinates : adds coordinates to the bottom of the world map of the player and the cursor.
* Foglight : Shows unexplored areas on the map. replacement for MozzFullWorldMap or Unexplorer. Much more efficient, though.
* Group Colors : turns all your party's and your raid's POIs into circles colored based on class, and shows a number on them based on their raid group.
* Instance Maps : shows maps of instances.
* Instance Notes : adds boss notes and such to instance maps.
* Look 'n' Feel : allows you to change the transparency, position, and scale of the world map.
* Notes : lets you put notes on the map, similar to MapNotes.
* Professions : automatically tracks herbs and minerals.
* Zone Info : on hovering over a zone, it will show the levels of the zone, the instances in the zone, their levels, and the number of men the instance is made for (e.g. 5-man, 40-man).
TO INSTALL: Put the Cartographer folder, Cartographer_Herbalism, and Cartographer_Mining into \World of Warcraft\Interface\AddOns\
WOWGAME: <Link Removed>
Example #2
Q u o t e:
Season 3 Mage Set Skin... LOL
<Link Removed>
open the picture with IE please!or you can't see the picture.
Out of all the new sets, this is by far the worst. The warlock one isn't up, they are probably working on some immense graphic effects for it.
Damn Blizz, who does these damn set designs...
Other posts may contain references to ,"sex women," or another derivative of pornographic content. In most cases, these posts will contain grammatical errors and are easy to identify.
I will update this post as Keyloggers change their approach. If you feel this guide has helped you in identifying potential keyloggers, please feel free to report it for sticky.
