Mac Compromised?

Discussion in 'MacBook Pro' started by MXChick23, Jan 1, 2013.

  1. MXChick23 macrumors newbie

    Joined:
    Mar 3, 2010
    #1
    I play WOW on my RMBP. Yesterday my WOW account got hacked. Only mod I run is Joana's world leveling guide... Everything is right out of the standard UI. Any way, I go to sign in and my main toon was transferred to another server and all items were removed. I went through the process and everything was restored by blizzard. Since the hacker had access to my account on battle.net, the GM said I must have a key logger or virus of some sort on my system. I checked my activity log and didn't see anything out if the norm... (not that I am an expert of finding those things). I was under the impression key loggers would not run on macs.

    What should I look for? Anything i can run to see if my system has a key logger or virus? Any help would be greatly appreciated.
     
  2. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #2
    There are keyloggers that run on Macs, but you don't have one installed, unless you installed it yourself, or gave someone access to your Mac. You don't have a virus, as there are no Mac OS X viruses in the wild, and there never has been.

    Mac Virus/Malware FAQ

    Any online account can be hacked without involving your computer in any way. Make sure all your passwords, including email passwords, are long and complex, involving special characters, numbers and upper and lower case letters.
     
  3. MXChick23 thread starter macrumors newbie

    Joined:
    Mar 3, 2010
    #3
    After reading the reply, I installed the ClamXav. It found 2 possible issue; 607.EMLX and 608.EMLX.

    Should these be deleted?
     
  4. leman macrumors 604

    Joined:
    Oct 14, 2008
    #4
    Let me guess: you are not using an authenticator and your battle.net password is the same one you use for some other forums/services etc? These are the most common causes of hacked accounts.
     
  5. alphaod macrumors Core

    alphaod

    Joined:
    Feb 9, 2008
    Location:
    NYC
    #5
    Use the authenticator and you'll pretty much never get hacked.
     
  6. MXChick23 thread starter macrumors newbie

    Joined:
    Mar 3, 2010
    #6
    Guilty... Did use the same password on a couple of accounts... Also was not using an authenticator... Installed after that happened. My main concern is I am worried that my banking info or other important sites might be compromised... Changed all passwords, so hopefully its good to go. Even if I used the same password, my WOW acct was on its own email account that I use for nothing... How did they even get the email address for the log in?
     
  7. leman macrumors 604

    Joined:
    Oct 14, 2008
    #7
    Its difficult to speculate without knowing the details... it is also possible that you fell victim to one of those fishing mails, some of them are rather convincing...
     
  8. justperry macrumors 604

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #8
    Seems like you have two emails infected with something, they most probably are windows malware/virus, better delete them.

    You could open them in a Hex Editor program like HexEdit, I did many times and never had my system compromised.
     
  9. el-John-o macrumors 65816

    Joined:
    Nov 29, 2010
    Location:
    Missouri
    #9
    'Hacking' should really be called 'tricking'. The vast, vast majority of 'hackers' have no special computer skills and are doing 0 hacking. They either have access to the passwords for another website that you've used with the same password, or they have managed to get you to fall victim to a phishing scam. I wouldn't be too worried about a compromised system, as it's much much more likely that they got the information in some way that didn't involve your mac at all.
     
  10. Krevnik macrumors 68040

    Krevnik

    Joined:
    Sep 8, 2003
    #10
    Yeup, although there was a successful dump of parts of the Battle.net user database a while back by attackers. The passwords were still hashed, but logins are usually stored as plaintext in these databases (maybe they shouldn't be stored that way anymore?).

    That means once an interested group has the usernames and hashed passwords, they can grind on them to their heart's content until they start scoring hits. It's been ~4 months since the attack, so I wouldn't be surprised if some of the moderate-strength passwords are getting cracked open by now.

    The attack on Battle.net actually kicked my butt into gear and I use a password manager now. While I still need to remember a couple different passwords, it means that I now use unique passwords everywhere, and everything important uses a very complex password. Changing a password is also much easier, which should be done every so often anyways.

    I had a friend who used the same password for their e-mail and their Battle.net account. The Battle.net account got hacked, and the e-mail used was on one of the major free hosts. So they tried to log onto that e-mail account using the same password. It worked. This friend then kept restoring the account just to have it hacked within 24 hours because they'd just use his e-mail account to reset the password and login. Any other account that used that e-mail address to reset passwords was also at risk. It was a mess and it took him a week before he realized they also had his e-mail account.

    So a couple tips:
    1) Use a password manager if you can swing it. It reduces the number of passwords you have to remember, which means those few passwords can be stronger. It makes using truly random passwords easier, and allows you to use stronger/unique passwords everywhere, as well as switching passwords when a service is compromised.

    2) Keep an eye on the news for services you use and keep an eye out for security breach e-mails. If you play WoW, that can mean following WoW Insider, as they will post news articles on attacks. Blizzard also sent out a message when they were attacked, which should be taken as "time to change the password".
     

Share This Page