Malicious ads in the curse client.

Anything, including off-topic posts

Moderators: Fridmarr, Worldie, Aergis, Sabindeus, PsiVen

Malicious ads in the curse client.

Postby Klaudandus » Sat Feb 26, 2011 10:10 am

Avast confirms Curse clients currently displays ads allowing buff overflows, and thus, allowing keylogging.
The Element of Forum Hyperbole
Image
---
Flüttershy - Draenei Protection Paladin, Aerie Peak
Klaudandus - BE Protection Paladin, Feathermoon (Semi-retired)
User avatar
Klaudandus
 
Posts: 11108
Joined: Thu Apr 02, 2009 7:08 am
Location: Texas' Armpit

Re: Malicious ads in the curse client.

Postby Shoju » Sat Feb 26, 2011 6:28 pm

AGAIN!?

Seriously, I'm really ready to give up on Curse again if this is the case. Which, would be a shame because that now includes MMO-C.


Say it ain't so.
User avatar
Shoju
 
Posts: 6355
Joined: Mon May 19, 2008 7:15 am

Re: Malicious ads in the curse client.

Postby rodos » Sat Feb 26, 2011 6:54 pm

I have suspicions about the Curse client/website too.

I recently got a "Suspicious activity on your WoW account" scam email at one of my email addresses. This address gets almost zero regular spam, and is not the email address of my WoW/Battle.net account. It is the email I use to sign up to websites, but the only WoW-related sites I've signed up for are Wowhead and Curse. It looks a lot to me like one of these sites has been compromised in some way. An information leak that allows address scraping at the very least.

Given that Curse was the most recent sign-up, I'm more inclined to suspect them than some new vulnerability in wowhead.
User avatar
rodos
 
Posts: 1120
Joined: Mon Sep 24, 2007 8:20 pm

Re: Malicious ads in the curse client.

Postby Klaudandus » Sat Feb 26, 2011 7:36 pm

rodos wrote:I have suspicions about the Curse client/website too.

I recently got a "Suspicious activity on your WoW account" scam email at one of my email addresses. This address gets almost zero regular spam, and is not the email address of my WoW/Battle.net account. It is the email I use to sign up to websites, but the only WoW-related sites I've signed up for are Wowhead and Curse. It looks a lot to me like one of these sites has been compromised in some way. An information leak that allows address scraping at the very least.

Given that Curse was the most recent sign-up, I'm more inclined to suspect them than some new vulnerability in wowhead.


Same happened to me. Luckily, because of the nature of my email address, I know the email is fake so I just forward it and then report it as phishing scam.

I wont be using the curse client for a while...

EDIT:

Apparently, a false positive.

http://clientsupport.curse.com/news.aspx?id=35
The Element of Forum Hyperbole
Image
---
Flüttershy - Draenei Protection Paladin, Aerie Peak
Klaudandus - BE Protection Paladin, Feathermoon (Semi-retired)
User avatar
Klaudandus
 
Posts: 11108
Joined: Thu Apr 02, 2009 7:08 am
Location: Texas' Armpit

Re: Malicious ads in the curse client.

Postby PsiVen » Sun Feb 27, 2011 10:25 am

Phishing e-mails about WoW are so common that if you sign up an e-mail address and come back to it a week later without giving it to anyone, you're liable to find one in the spam box. It's really not evidence of anything.
Gladiator Psiven, Retired Tankadin
WoW-sober since March 2014
Longtime addict of Space - Glory Through Conquest
User avatar
PsiVen
Moderator
 
Posts: 4364
Joined: Fri Jun 01, 2007 5:28 pm
Location: On a Boat

Re: Malicious ads in the curse client.

Postby rodos » Sun Feb 27, 2011 5:44 pm

PsiVen wrote:Phishing e-mails about WoW are so common that if you sign up an e-mail address and come back to it a week later without giving it to anyone, you're liable to find one in the spam box. It's really not evidence of anything.

It's evidence that someone I gave that email address to leaked it -- deliberately or through negligence. Probably, though not necessarily, someone involved with WoW. (Other likely candidates would be online computer stores, I guess.)

Either that or WoW phishers are cleverer and more persistent than all the other spammers and phishers in the world. The account in question gets zero spam (i.e. my junk folder is always completely empty).
User avatar
rodos
 
Posts: 1120
Joined: Mon Sep 24, 2007 8:20 pm

Re: Malicious ads in the curse client.

Postby Skye1013 » Sun Feb 27, 2011 9:56 pm

@Psiven
My current WoW e-mail doesn't receive WoW spam... for that matter it doesn't receive any spam, and I've changed over a lot of my online things to it, just nothing WoW/gaming related except WoW itself.
"me no gay, me friends gay, me no like you call me gay, you dumb dumb" -bldavis
"Here are the values that I stand for: I stand for honesty, equality, kindness, compassion, treating people the way you wanna be treated, and helping those in need. To me, those are traditional values. That’s what I stand for." -Ellen Degeneres
"I'm not going to censor myself to comfort your ignorance." -Jon Stewart
Horde: Clopin Dylon Sharkbait Xiaman Metria Metapriest
Alliance: Schatze Aleks Deegee Baileyi Sotanaht Danfer Shazta Rawrsalot Roobyroo
User avatar
Skye1013
Maintankadonor
 
Posts: 3941
Joined: Tue May 18, 2010 5:47 am
Location: JBPH-Hickam, Hawaii


Return to General

Who is online

Users browsing this forum: Bing [Bot], Daeva001 and 1 guest

Who is online

In total there are 3 users online :: 2 registered, 0 hidden and 1 guest (based on users active over the past 5 minutes)
Most users ever online was 380 on Tue Oct 14, 2008 6:28 pm

Users browsing this forum: Bing [Bot], Daeva001 and 1 guest