Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Mac Compromised?

M

MXChick23

macrumors newbie
Original poster
Mar 3, 2010
15
0
I play WOW on my RMBP. Yesterday my WOW account got hacked. Only mod I run is Joana's world leveling guide... Everything is right out of the standard UI. Any way, I go to sign in and my main toon was transferred to another server and all items were removed. I went through the process and everything was restored by blizzard. Since the hacker had access to my account on battle.net, the GM said I must have a key logger or virus of some sort on my system. I checked my activity log and didn't see anything out if the norm... (not that I am an expert of finding those things). I was under the impression key loggers would not run on macs.

What should I look for? Anything i can run to see if my system has a key logger or virus? Any help would be greatly appreciated.
 
MXChick23 said:
What should I look for? Anything i can run to see if my system has a key logger or virus? Any help would be greatly appreciated.
Click to expand...
There are keyloggers that run on Macs, but you don't have one installed, unless you installed it yourself, or gave someone access to your Mac. You don't have a virus, as there are no Mac OS X viruses in the wild, and there never has been.

Mac Virus/Malware FAQ

Any online account can be hacked without involving your computer in any way. Make sure all your passwords, including email passwords, are long and complex, involving special characters, numbers and upper and lower case letters.
 
After reading the reply, I installed the ClamXav. It found 2 possible issue; 607.EMLX and 608.EMLX.

Should these be deleted?
 
Let me guess: you are not using an authenticator and your battle.net password is the same one you use for some other forums/services etc? These are the most common causes of hacked accounts.
 
Guilty... Did use the same password on a couple of accounts... Also was not using an authenticator... Installed after that happened. My main concern is I am worried that my banking info or other important sites might be compromised... Changed all passwords, so hopefully its good to go. Even if I used the same password, my WOW acct was on its own email account that I use for nothing... How did they even get the email address for the log in?
 
MXChick23 said:
Even if I used the same password, my WOW acct was on its own email account that I use for nothing... How did they even get the email address for the log in?
Click to expand...

Its difficult to speculate without knowing the details... it is also possible that you fell victim to one of those fishing mails, some of them are rather convincing...
 
MXChick23 said:
After reading the reply, I installed the ClamXav. It found 2 possible issue; 607.EMLX and 608.EMLX.

Should these be deleted?
Click to expand...

Seems like you have two emails infected with something, they most probably are windows malware/virus, better delete them.

You could open them in a Hex Editor program like HexEdit, I did many times and never had my system compromised.
 
'Hacking' should really be called 'tricking'. The vast, vast majority of 'hackers' have no special computer skills and are doing 0 hacking. They either have access to the passwords for another website that you've used with the same password, or they have managed to get you to fall victim to a phishing scam. I wouldn't be too worried about a compromised system, as it's much much more likely that they got the information in some way that didn't involve your mac at all.
 
leman said:
Its difficult to speculate without knowing the details... it is also possible that you fell victim to one of those fishing mails, some of them are rather convincing...
Click to expand...

Yeup, although there was a successful dump of parts of the Battle.net user database a while back by attackers. The passwords were still hashed, but logins are usually stored as plaintext in these databases (maybe they shouldn't be stored that way anymore?).

That means once an interested group has the usernames and hashed passwords, they can grind on them to their heart's content until they start scoring hits. It's been ~4 months since the attack, so I wouldn't be surprised if some of the moderate-strength passwords are getting cracked open by now.

The attack on Battle.net actually kicked my butt into gear and I use a password manager now. While I still need to remember a couple different passwords, it means that I now use unique passwords everywhere, and everything important uses a very complex password. Changing a password is also much easier, which should be done every so often anyways.

I had a friend who used the same password for their e-mail and their Battle.net account. The Battle.net account got hacked, and the e-mail used was on one of the major free hosts. So they tried to log onto that e-mail account using the same password. It worked. This friend then kept restoring the account just to have it hacked within 24 hours because they'd just use his e-mail account to reset the password and login. Any other account that used that e-mail address to reset passwords was also at risk. It was a mess and it took him a week before he realized they also had his e-mail account.

So a couple tips:
1) Use a password manager if you can swing it. It reduces the number of passwords you have to remember, which means those few passwords can be stronger. It makes using truly random passwords easier, and allows you to use stronger/unique passwords everywhere, as well as switching passwords when a service is compromised.

2) Keep an eye on the news for services you use and keep an eye out for security breach e-mails. If you play WoW, that can mean following WoW Insider, as they will post news articles on attacks. Blizzard also sent out a message when they were attacked, which should be taken as "time to change the password".
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back