incgamers virus issue

[Daffyd]

Scum sucking bottom feeders (chinese gold sellers) have been at it again, if you recently download any addons from wowui.incgamers.com (ui.worldofwar.net redirects here) then a full virus scan, replacement of all your addons, and an accoutn password change are in order.  System restore or reinstall would be even better.

Ok an update on this as we have spent the last 3  hours sifting through server logs and finally found the problem. The  attackers did not circumvent the virus scanner, we know that. They are  Chinese gold sellers once again and we have found the exploit they have  used to bypass the scanner. This hole has been plugged. All files that  were infected are removed and replaced with clean files. Business as  usual.  
 
They have obviously spent a lot of time poking around the site to  see how it functions and found something that did not come up in  testing internally. As with everything these days, when it comes to  gold sellers they are persistent and annoying for everyone here causing  a lot of work for us and annoyance for users. We take these attacks  very seriously and will be following up on this as far as we can with  the perpetrators.  
 
Thanks to Juergen for sending over great detailed information on  this when his scanner picked it up. It really helps us spot things  quickly and act if need be to prevent any further issues with users.

[Splishy]

Joygasm. This leaves me with just about all the addon sites blacklisted...

[Altrurian]

Crappit, downloaded updates for mobinfo and recipie radar from there in the last couple of days, oh well, gives me something to do when I get home I suppose!

[Daffyd]

I updated a load of stuff the other day, mostly from Curse but some from other places.  Going to be a full scan for me too.  AVG is known to not find the infection, Kaspersky is confirmed to find it (fortunately for me I use the latter).

[Splishy]

Sadly Curse is already on my shitlist for exactly the same reason.

[Mordwin]

Seems like a healthy bit of paranoia would have prevented you being infected here, downloading an exe rather than a zip or a zip containing an exe should have set off more than a few alarm bells.

I doubt any site can be completely secure, so just be careful out there

[Splishy]

The infected file was an .exe? In that case I'm fine. I suppose I'd better go and read more on this...

[Daffyd]

The infected file was an .exe? In that case I'm fine. I suppose I'd better go and read more on this...

Not sure, I know all the files I downloaded were .zips though.

[Choleric]

Scum sucking bottom feeders (chinese gold sellers)

Speaking of which, I noticed last night they have started using emotes to broadcast along with /say as well now, so double the spammage.  Does ignoring them also ignore their emotes? I didn't have an opportunity to test it.

Haven't downloaded an addon in at least a fortnight, and they were .zips, so I should be safe.

[Mordwin]

The infected file was an .exe? In that case I'm fine. I suppose I'd better go and read more on this...

From what I can make out it was either an exe pretending to be a self-extracter, or a zip of same. I'm not aware of any way you could get an infection just from opening/extracting a normal zip (not saying it wouldn't be possible mind you), so you should be fine. Be aware that Curse may have been affected too.

[Splishy]

*hugs Vista UAC*

[Daffyd]

From what I can make out it was either an exe pretending to be a self-extracter, or a zip of same. I'm not aware of any way you could get an infection just from opening/extracting a normal zip (not saying it wouldn't be possible mind you), so you should be fine. Be aware that Curse may have been affected too.
 

I wasn't aware of any way either, but I also don't have 100% faith in the LUA restrictions of Blizzard.

*hugs Vista UAC*

It's possible I may have got pissed off with it and disabled it...

*whistle*

[Splishy]

It's possible I may have got pissed off with it and disabled it...

*whistle*

*feels all smug*

Seriously - this just goes to prove that the "I know what I'm doing, so I don't need UAC" argument holds precisely no water.

[Altrurian]

Haven't downloaded anything individually, all add-ons have been updated recently with the wowace updater or the uicentral updater, will have to read further to see how or if the uicentral updater was affected.

[Mordwin]

it was stated that the uicentral updater will not run exe's, so you should be safe on that front at least.

[Phred]

Hmm with various addons i have never had any issues.
May i suggest to use AceAddons and the AceUpdater? it seems to be a pretty topace site and very secure. And the Updater is a real boni, no bloddy surfing, just activate it and search for addons in that little tool

[Splishy]

In all honesty I'm dubious of anything that requires an .exe for ingame addins that DOESN'T offer a non-executable alternative

[Elendor]

In all honesty I'm dubious of anything that requires an .exe for ingame addins that DOESN'T offer a non-executable alternative

i agree. it isn't like we don't know where to extract the files to, also with EXE formats you don't know exactly what you're getting and where you're getting it unless your AV software alerts you of a virus or whatever.

[Daffyd]

Seriously - this just goes to prove that the "I know what I'm doing, so I don't need UAC" argument holds precisely no water.

The "I ALREADY TOLD YOU TWICE JUST FUCKING DO IT!" argument, however, is more persuasive.

[Choleric]

In all honesty I'm dubious of anything that requires an .exe for ingame addins that DOESN'T offer a non-executable alternative

Indeed, I don't download anything at all that is a .exe unless it is from a highly trusted source e.g. definately not a wow-addon website.