Malicious ads in the curse client.

[Klaudandus]

Avast confirms Curse clients currently displays ads allowing buff overflows, and thus, allowing keylogging.

[Shoju]

AGAIN!?

Seriously, I'm really ready to give up on Curse again if this is the case. Which, would be a shame because that now includes MMO-C.


Say it ain't so.

[rodos]

I have suspicions about the Curse client/website too.

I recently got a "Suspicious activity on your WoW account" scam email at one of my email addresses. This address gets almost zero regular spam, and is not the email address of my WoW/Battle.net account. It is the email I use to sign up to websites, but the only WoW-related sites I've signed up for are Wowhead and Curse. It looks a lot to me like one of these sites has been compromised in some way. An information leak that allows address scraping at the very least.

Given that Curse was the most recent sign-up, I'm more inclined to suspect them than some new vulnerability in wowhead.

[Klaudandus]

I have suspicions about the Curse client/website too.

I recently got a "Suspicious activity on your WoW account" scam email at one of my email addresses. This address gets almost zero regular spam, and is not the email address of my WoW/Battle.net account. It is the email I use to sign up to websites, but the only WoW-related sites I've signed up for are Wowhead and Curse. It looks a lot to me like one of these sites has been compromised in some way. An information leak that allows address scraping at the very least.

Given that Curse was the most recent sign-up, I'm more inclined to suspect them than some new vulnerability in wowhead.

Same happened to me. Luckily, because of the nature of my email address, I know the email is fake so I just forward it and then report it as phishing scam.

I wont be using the curse client for a while...

EDIT:

Apparently, a false positive.

http://clientsupport.curse.com/news.aspx?id=35

[PsiVen]

Phishing e-mails about WoW are so common that if you sign up an e-mail address and come back to it a week later without giving it to anyone, you're liable to find one in the spam box. It's really not evidence of anything.

[rodos]

Phishing e-mails about WoW are so common that if you sign up an e-mail address and come back to it a week later without giving it to anyone, you're liable to find one in the spam box. It's really not evidence of anything.

It's evidence that someone I gave that email address to leaked it -- deliberately or through negligence. Probably, though not necessarily, someone involved with WoW. (Other likely candidates would be online computer stores, I guess.)

Either that or WoW phishers are cleverer and more persistent than all the other spammers and phishers in the world. The account in question gets zero spam (i.e. my junk folder is always completely empty).

[Skye1013]

@Psiven
My current WoW e-mail doesn't receive WoW spam... for that matter it doesn't receive any spam, and I've changed over a lot of my online things to it, just nothing WoW/gaming related except WoW itself.