Forged Alliance

Last night I downloaded this mod mid-raid and it contained a keylogger.... Thats why my characters are deleted and the gbank is a little light on epic gems and patterns.  So, do not, under any circumstances download this mod.

Apparently downloaded from Curse, an entirely reputable site in my experience.  Unfortunate.

curious: was it an executable / installer or just one of the regular zip files with the lua scripts? i've heard of problems with curse in the past, and while it is one of the best sites for mods, it is also one of the sites that i trust the least.

What sites do you trust the most?  I use Curse to get all my mods, and haven't ever had a problem.  I have, however, seen the occasional and obvious keylogger files.  Usually executables.

What about all the posts that link to websites where people are calling "keylogger" .. is it possible from a webpage or a nested script or something?

I know that most run anitvirus programs, but does anyone actually run a program that looks for spyware and keyloggers?  I do, of course it doesn't run until the middle of the night so it wouldn't have caught this one before the bad bad happened, but I do intend to take that extra minute to scan incoming files when I am downloading mods and do a full scan before I log off for the night.  It sucks that there is enough interest out there to buy gold that there is people employed to do this kind of thing.  I wish that people could just play the game.

the mod developers generally have their own sites that i try to track down when possible, so i try to use curse as a last resort.  it's much more time consuming, but worth it imho.  that said, i don't use a pile of mods, just the more popular / useful ones. and yes, it is possible to embed a key logger into ads on the site without the host site knowing anything about it, so it's not even necessarily the mod itself, you may just get unlucky with some random ad.

mahonri wrote It sucks that there is enough interest out there to buy gold that there is people employed to do this kind of thing.  I wish that people could just play the game.

qft minus ezmode would be nice as well, but that would have too much impact on $$

It was just a standard zip like all mods, to be honest I did it rather quickly so as to not hold up the raid, so I didn't examine the contents of the zip as closely as I normally would have.  I have found a couple useful links for scanning for keylogger, so when I get home and look deeper into it I will post the findings.

Hanh wroteIt was just a standard zip like all mods, to be honest I did it rather quickly so as to not hold up the raid, so I didn't examine the contents of the zip as closely as I normally would have. I have found a couple useful links for scanning for keylogger, so when I get home and look deeper into it I will post the findings.

Yeah, i got the mod too last night, but using my spyware scanner i not getting anything yet. I'm curious why you think it was the addon and not maybe a script through a banner on teh site or something. Right now a little worried to log back on my char at home till i run scans with other things, but i do know that keyloggers have to be run so just a standard unziping of files shouldn't load it. The one i DL only has lua, xml, txt, and toc files.

I guess I am not sure how anything from a banner ad could keylog my pc when the browser (firefox) is not even the focus window.  I am only thinking it was the download since I downloaded that night and then it was hacked...

A few weeks back there was a keylog scare cause wowhead, alakazam, and some other site had a banner that self-installed a keylogger if you had activex enabled and moused over it or something like that. Didn't even need to be clicked on.

I'm heading home now so i'll scan my comp with a spybot and see if i get any results.

I recommend for anyone that uses Firefox to get NoScript which keeps scripts from automatically running.

Thanks, yeah I have done some reading and yeah NoScript is the way to go for Firefox....Crappy that browsing a page can end with your character deleted