You'll want to be a bit more cautious when looking up information on the game today. World of Raids reports that an unknown ad banner appearing on Wowhead, Thottbot, and Allakhazam has an embedded keylogger trojan. You don't even need to click on the banner, apparently, simply mousing over it will be enough. Wowhead says that all they know for sure is that it originates from "ad.yieldmanager.com", and will produce a redirect to "xpantivirus.com." They're working at isolating it.
The issue is known, and all parties involved are tracking it down, so it should hopefully be resolved soon. In the meantime, if you're looking for a quick way to protect yourself, I would follow the recommendation of World of Raids, and try out the Firefox web browser and the No Script extension. As long as you keep the scripts blocked, it should prevent the banner in question from forcing itself on you. This should also provide you with some protection if you accidentally click on the wrong link elsewhere, such as on the WoW general forums.
Edit: Apparently, the virus in question is not an actual keylogger, but it still does a number on your system, which is reason enough to try to avoid it.
Subscribe
Reader Comments (Page 1 of 3)
3-10-2008 @ 4:04PM
stonehead said...
Or do like the leets do and use www.wowdb.com.
Reply
3-10-2008 @ 4:26PM
Matthew said...
Yeah, because Curse is obviously the safest wow-related site on the net.
3-10-2008 @ 4:39PM
stevebob said...
haha! elite what, douche bags?
keyloggers! one thing that curse can claim they had before wowhead legitimately
http://news.curse.com/details/3723/
3-10-2008 @ 4:41PM
DiasFlac said...
I'm just posting here so it's up where people can see it. There are removal instructions for this thing here: http://www.2-spyware.com/remove-xpantivirus.html
It's an easy fix, and your accounts are in no danger. Look it up. It's irresponsible to post a warning like this without explaining what the malware is, what it does, and how to remove it--especially when the information is so easily attainable.
3-10-2008 @ 4:06PM
Introit said...
Figures, I've been all over Thottbot today. Any word on what the banner looked like, or how to remove/detect the keyloggeed?
Reply
3-10-2008 @ 4:14PM
Milktub said...
There are people who don't use Firefox with NoScript?
Reply
3-10-2008 @ 4:19PM
Votum said...
This.
Also, AdBlock Plus.
3-10-2008 @ 4:38PM
Sakerin said...
The real shame is that these site's don't work unless you unblock them from NoScript. However if you have NoScript and Adblock then you should be able to still run scripts on the site but block ad banners and prevent these drive-by-downloads from infecting your system.
3-10-2008 @ 6:53PM
Erika said...
But if you block the ad.yeild site you should be fine.
3-10-2008 @ 7:53PM
Calaana said...
I have mine set to block everything(I think it's the default setting). I manually unblock wowhead.com, but leave the five other settings in the listing alone. This lets the scripts you want to run(Search, tooltips, etc) do so, but blocks the ads.
3-10-2008 @ 4:15PM
Jack said...
Seems every other day I find another reason to be glad I'm using Opera. Ad blocking for the win!
Reply
3-10-2008 @ 4:27PM
keltian said...
Opera has ad blocking? where? I use it all the time and i never knew about this. also yea ill just stick with www.wowdb.com for now and I never mouse over ads.
3-10-2008 @ 5:33PM
idomagic said...
opera ad-blocking: right click anywhere on a site, choose "block content"
3-10-2008 @ 4:19PM
Evolve said...
If you're using Firefox, I might also suggest the add-on "FlashBlock".
It requires you to clock on any flash object in order to view it. I originally got it cause some flash ads can really hog memory, glad I have it now.
You can download it from: https://addons.mozilla.org/en-US/firefox/addon/433.
Reply
3-10-2008 @ 4:25PM
brimans said...
Some questions:
1) Does Firefox stop the keylogger by itself, or do you need the NoScript extension as well?
2) How can you tell if you've gotten hit by it?
3) Is Firefox on Linux affected?
4) Do anti-keylogger programs, like SnoopFree Privacy
Shield, which warn when a keylogger initiates, block this?
Reply
3-10-2008 @ 4:53PM
Tridus said...
In regards to #1, until someone actually tracks down the ad in question and figures out how its actually infecting people, there's no way to answer that.
I don't know of any active Firefox exploits though, so you're probbaly as safe as you can be as long as you have the most recent version.
3-10-2008 @ 4:29PM
DiasFlac said...
For the record, a quick Google search shows that this isn't a keylogger. XPantivirus has been popping up all over the net, I get it on hotmail.com a little while ago too.
It gives you a dialog box, warning you your computer is infected with spyware (false), and then redirects you to a new page which tells you it's scanning your system (false). It then attempts to download a Trojan into your computer which sits in the background and tells you that your system is infected with spyware (true) and that the only way to remove it is to send them money for their product (false).
You'll know instantly if it comes up. There are detailed removal instructions here: http://www.2-spyware.com/remove-xpantivirus.html
Don't get me wrong--this is a nasty little piece of work. But your WoW accounts are in no danger, and calling it a "keylogger" is just sensationalism.
Reply
3-10-2008 @ 4:41PM
Zan said...
Exactly. Do you have any idea the utter chaos there would be on the web if a banner ad could install a keylogger onto your box without you doing anything more than mousing over it? And if it were possible, why the hell would WoW accounts be the target? lol. I would worry about online banking if that were the case.
Sadly there are plenty of tech-noobs that get suckered into this sort of thing.
3-10-2008 @ 4:52PM
Aichon said...
@ Zan
Stolen WoW accounts are now considered more valuable than stolen credit cards on the black market (I'd link to it, but the old link is dead...WoW Insider covered it a little over a year ago). So yeah, I'd be worried about your WoW account being stolen. Sure, a bank account might be bad as well, but a WoW account is getting up there in value.
3-10-2008 @ 5:37PM
Zan said...
@Aichon
Interesting. Well eitherway, auto-installed keyloggers off of internet banners is not a reality.
Maybe those relatives in Nigiria that died and have a fortune for you will now be re-thinking their phishing campaigns to get you to send them your WoW account info instead lol.