Mac Compromised?

Discussion in 'MacBook Pro' started by MXChick23, Jan 1, 2013.

  1. MXChick23 macrumors newbie

    Mar 3, 2010
    I play WOW on my RMBP. Yesterday my WOW account got hacked. Only mod I run is Joana's world leveling guide... Everything is right out of the standard UI. Any way, I go to sign in and my main toon was transferred to another server and all items were removed. I went through the process and everything was restored by blizzard. Since the hacker had access to my account on, the GM said I must have a key logger or virus of some sort on my system. I checked my activity log and didn't see anything out if the norm... (not that I am an expert of finding those things). I was under the impression key loggers would not run on macs.

    What should I look for? Anything i can run to see if my system has a key logger or virus? Any help would be greatly appreciated.
  2. GGJstudios macrumors Westmere


    May 16, 2008
    There are keyloggers that run on Macs, but you don't have one installed, unless you installed it yourself, or gave someone access to your Mac. You don't have a virus, as there are no Mac OS X viruses in the wild, and there never has been.

    Mac Virus/Malware FAQ

    Any online account can be hacked without involving your computer in any way. Make sure all your passwords, including email passwords, are long and complex, involving special characters, numbers and upper and lower case letters.
  3. MXChick23 thread starter macrumors newbie

    Mar 3, 2010
    After reading the reply, I installed the ClamXav. It found 2 possible issue; 607.EMLX and 608.EMLX.

    Should these be deleted?
  4. leman macrumors G3

    Oct 14, 2008
    Let me guess: you are not using an authenticator and your password is the same one you use for some other forums/services etc? These are the most common causes of hacked accounts.
  5. alphaod macrumors Core


    Feb 9, 2008
    Use the authenticator and you'll pretty much never get hacked.
  6. MXChick23 thread starter macrumors newbie

    Mar 3, 2010
    Guilty... Did use the same password on a couple of accounts... Also was not using an authenticator... Installed after that happened. My main concern is I am worried that my banking info or other important sites might be compromised... Changed all passwords, so hopefully its good to go. Even if I used the same password, my WOW acct was on its own email account that I use for nothing... How did they even get the email address for the log in?
  7. leman macrumors G3

    Oct 14, 2008
    Its difficult to speculate without knowing the details... it is also possible that you fell victim to one of those fishing mails, some of them are rather convincing...
  8. justperry macrumors G3


    Aug 10, 2007
    In the core of a black hole.
    Seems like you have two emails infected with something, they most probably are windows malware/virus, better delete them.

    You could open them in a Hex Editor program like HexEdit, I did many times and never had my system compromised.
  9. el-John-o macrumors 65816

    Nov 29, 2010
    'Hacking' should really be called 'tricking'. The vast, vast majority of 'hackers' have no special computer skills and are doing 0 hacking. They either have access to the passwords for another website that you've used with the same password, or they have managed to get you to fall victim to a phishing scam. I wouldn't be too worried about a compromised system, as it's much much more likely that they got the information in some way that didn't involve your mac at all.
  10. Krevnik macrumors 68040


    Sep 8, 2003
    Yeup, although there was a successful dump of parts of the user database a while back by attackers. The passwords were still hashed, but logins are usually stored as plaintext in these databases (maybe they shouldn't be stored that way anymore?).

    That means once an interested group has the usernames and hashed passwords, they can grind on them to their heart's content until they start scoring hits. It's been ~4 months since the attack, so I wouldn't be surprised if some of the moderate-strength passwords are getting cracked open by now.

    The attack on actually kicked my butt into gear and I use a password manager now. While I still need to remember a couple different passwords, it means that I now use unique passwords everywhere, and everything important uses a very complex password. Changing a password is also much easier, which should be done every so often anyways.

    I had a friend who used the same password for their e-mail and their account. The account got hacked, and the e-mail used was on one of the major free hosts. So they tried to log onto that e-mail account using the same password. It worked. This friend then kept restoring the account just to have it hacked within 24 hours because they'd just use his e-mail account to reset the password and login. Any other account that used that e-mail address to reset passwords was also at risk. It was a mess and it took him a week before he realized they also had his e-mail account.

    So a couple tips:
    1) Use a password manager if you can swing it. It reduces the number of passwords you have to remember, which means those few passwords can be stronger. It makes using truly random passwords easier, and allows you to use stronger/unique passwords everywhere, as well as switching passwords when a service is compromised.

    2) Keep an eye on the news for services you use and keep an eye out for security breach e-mails. If you play WoW, that can mean following WoW Insider, as they will post news articles on attacks. Blizzard also sent out a message when they were attacked, which should be taken as "time to change the password".

Share This Page