New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
OS X - Apps and Games Discussion of applications and games available for Mac OS X.

Hacked WoW account: Keylogger


Post Reply New Thread Subscribe

 
Thread Tools
Dillinger-63

 
Dillinger-63's Avatar
 
Member Since: Feb 25, 2006
Location: Streator, Illinois
Posts: 643
Dillinger-63 has a spectacular aura about
Mac Specs: MacBook Pro 13 Inch, 2 Mac Mini's 1.66 & 1.83, 2- iMac Intel i3 iPhone 4 & iPad 2 32 gig.

Dillinger-63 is offline
My son's World of Warcraft account was hacked by a keylogger on our iMac Intel. I'm thinking it came through via an add-on. Anyway I have tried 3 different programs to try and find and eradicate this little booger, but to no avail. So far I have used MacScan 2, iAntivirus and ClamXav, but none of them have found anything. The reason we know there is a keylogger installed is he changed his password and that very night he was hacked again. In fact one of his fellow guildies asked him what he was doing on so late knowing he had school the next day, and the hacker told him to "expletive deleted". Nich hacker huh? I'm open to suggestions but I realize I may have to format the HD and do a fresh OS install.

My Avatar is in memory of my beloved K-9,
Dillinger who was killed in the line of duty.
QUOTE Thanks
todd51
Guest
 
Posts: n/a

Hmm, that's too bad. I'm assuming there is nothing suspicious showing up in the Activity Monitor?

I know some people who have used LogKext Keylogger to catch their roommates using their computer for inappropriate material. This keylogger runs in the Terminal so it's hard to find. Here is some information on it. You could try some of the Terminal commands to see if it's installed.

logKext keylogger
QUOTE Thanks
dtravis7

 
dtravis7's Avatar
 
Member Since: Jan 04, 2005
Location: Modesto, Ca.
Posts: 27,911
dtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond repute
Mac Specs: iMac 2.4 C2D 10.10.1, iMac 2.16 C2d 10.6.8, Macbook2007 10.8.4, Mac Mini 10.8.4, iPhone 3GS Note 8!!

dtravis7 is offline
I am not a large fan of WOW or Everquest type games so am just guessing here, but I am wondering if there might be a way to get the password off the server that hosts WOW? Just a guess in case you can not find anything on your sons Mac.

I have never heard of OSX being hacked and a key logger being installed remotely. I doubt that would be possible without user interaction.
QUOTE Thanks
Dillinger-63

 
Dillinger-63's Avatar
 
Member Since: Feb 25, 2006
Location: Streator, Illinois
Posts: 643
Dillinger-63 has a spectacular aura about
Mac Specs: MacBook Pro 13 Inch, 2 Mac Mini's 1.66 & 1.83, 2- iMac Intel i3 iPhone 4 & iPad 2 32 gig.

Dillinger-63 is offline
Quote:
Originally Posted by dtravis7 View Post
I am not a large fan of WOW or Everquest type games so am just guessing here, but I am wondering if there might be a way to get the password off the server that hosts WOW? Just a guess in case you can not find anything on your sons Mac.
He has contacted Blizzard Entertainment and they will work with him to restore his toon and account, but if I can't get the keylogger off my system he will just get hacked again. Apparently a keylogger tracks everything you type on your computer, which is scary because we also use Quicken. Then the hacker has a way to follow what you input on your keyboard and steal your password and login information.

My Avatar is in memory of my beloved K-9,
Dillinger who was killed in the line of duty.
QUOTE Thanks
dtravis7

 
dtravis7's Avatar
 
Member Since: Jan 04, 2005
Location: Modesto, Ca.
Posts: 27,911
dtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond repute
Mac Specs: iMac 2.4 C2D 10.10.1, iMac 2.16 C2d 10.6.8, Macbook2007 10.8.4, Mac Mini 10.8.4, iPhone 3GS Note 8!!

dtravis7 is offline
What I was asking is there a way the hacker could be hacking the Blizzard servers and getting the info that way?
QUOTE Thanks
Dillinger-63

 
Dillinger-63's Avatar
 
Member Since: Feb 25, 2006
Location: Streator, Illinois
Posts: 643
Dillinger-63 has a spectacular aura about
Mac Specs: MacBook Pro 13 Inch, 2 Mac Mini's 1.66 & 1.83, 2- iMac Intel i3 iPhone 4 & iPad 2 32 gig.

Dillinger-63 is offline
Quote:
Originally Posted by todd51 View Post
Hmm, that's too bad. I'm assuming there is nothing suspicious showing up in the Activity Monitor?

I know some people who have used LogKext Keylogger to catch their roommates using their computer for inappropriate material. This keylogger runs in the Terminal so it's hard to find. Here is some information on it. You could try some of the Terminal commands to see if it's installed.

logKext keylogger
I'll give that a shot, but I would still like to know for sure how it got on this machine, especially hearing how "safe" Mac's are to this kind of stuff.

My Avatar is in memory of my beloved K-9,
Dillinger who was killed in the line of duty.
QUOTE Thanks
mdfuller

 
mdfuller's Avatar
 
Member Since: Nov 01, 2007
Location: Sconie
Posts: 1,217
mdfuller is a jewel in the roughmdfuller is a jewel in the roughmdfuller is a jewel in the rough
Mac Specs: 15-inch MacBook Pro

mdfuller is offline
Quote:
Originally Posted by Dillinger-63 View Post
I'll give that a shot, but I would still like to know for sure how it got on this machine, especially hearing how "safe" Mac's are to this kind of stuff.
I am confused. Are you positive there is a keylogger on your Mac? I agree with dtravis7. I am guessing the problem is somewhere else. This happens all the time. I don't think a Mac being "safe" has anything to do with it. Just my two cents.
QUOTE Thanks
Dillinger-63

 
Dillinger-63's Avatar
 
Member Since: Feb 25, 2006
Location: Streator, Illinois
Posts: 643
Dillinger-63 has a spectacular aura about
Mac Specs: MacBook Pro 13 Inch, 2 Mac Mini's 1.66 & 1.83, 2- iMac Intel i3 iPhone 4 & iPad 2 32 gig.

Dillinger-63 is offline
Quote:
Originally Posted by dtravis7 View Post
What I was asking is there a way the hacker could be hacking the Blizzard servers and getting the info that way?
Although possible, according to an email I received from their tech support this has been an ongoing issue with Windows and you can install AdAware or SpyBot Search & Destroy to clean the kyelogger out, but this just recently became very active on Mac's.

Quote:
Originally Posted by mdfuller View Post
I am confused. Are you positive there is a keylogger on your Mac? I agree with dtravis7. I am guessing the problem is somewhere else. This happens all the time. I don't think a Mac being "safe" has anything to do with it. Just my two cents.
After doing a bit of Googling, apparently this is becoming quite a problem on Mac's whereas a trojan keylogger is sneaking in by way of an attachment on a "Greeting Card". According to some of the reading I have been doing, this is NOT a virus, but more of a tracking cookie, and one that records what ever you type.

My Avatar is in memory of my beloved K-9,
Dillinger who was killed in the line of duty.
QUOTE Thanks
iWhat

 
iWhat's Avatar
 
Member Since: Nov 11, 2004
Location: Toledo, Ohio
Posts: 5,736
iWhat has a reputation beyond reputeiWhat has a reputation beyond reputeiWhat has a reputation beyond reputeiWhat has a reputation beyond reputeiWhat has a reputation beyond reputeiWhat has a reputation beyond reputeiWhat has a reputation beyond reputeiWhat has a reputation beyond reputeiWhat has a reputation beyond reputeiWhat has a reputation beyond reputeiWhat has a reputation beyond repute
Mac Specs: Macbook, iMac G5, iPad, iPhone 4, iPod (MANY)!

iWhat is offline
At this point, the best end all be all is investing in an Authenticator. Either through an iPhone/iPod touch app (free) or the keychain ($6.50).

He should also stick to downloading his addons from reputable sites such as:
Curse.com - WoW Addons WAR Addons Gamer Blogs Forums
WoWInterface - Find World of Warcraft AddOns!

They actually go through all the addons to check for keyloggers before approval upon letting users download the addons. Any other site, he should check their policies, if they do the same. Some stand alone addon sites are safe, but they also upload their addons to these sites, such as Auntioneer and Deadly Boss Mods.

One other thing, I'm sure your son may know about this. If he receives any email or whispers in-game asking to give up his account info for a chance at in-game items, those are for sure account hackers. Those scams usually offer in-game mounts most of the time.
QUOTE Thanks
Eric559

 
Eric559's Avatar
 
Member Since: Jul 18, 2007
Location: Central California
Posts: 3,185
Eric559 is a glorious beacon of lightEric559 is a glorious beacon of lightEric559 is a glorious beacon of lightEric559 is a glorious beacon of lightEric559 is a glorious beacon of lightEric559 is a glorious beacon of light
Mac Specs: 2.16GHz C2D MacBook w/ 2GB RAM & 120GB HD. HTC Droid Incredible.

Eric559 is offline
Don't think just because you have a Mac you are safe. Keyloggers are on both Macs and Windows PCs. There are also hardware keyloggers that can be attached to a system.

Even if a keylogger was installed it most likely needed an Admin password to install. You son would of had to input the password for the install to even begin. Try a program like Little Snitch and monitor the outgoing connections and see if you can notice anything abnormal.

Member Of The Month for December '08.
It's only the internet!
QUOTE Thanks
Dillinger-63

 
Dillinger-63's Avatar
 
Member Since: Feb 25, 2006
Location: Streator, Illinois
Posts: 643
Dillinger-63 has a spectacular aura about
Mac Specs: MacBook Pro 13 Inch, 2 Mac Mini's 1.66 & 1.83, 2- iMac Intel i3 iPhone 4 & iPad 2 32 gig.

Dillinger-63 is offline
Quote:
Originally Posted by iWhat View Post
At this point, the best end all be all is investing in an Authenticator. Either through an iPhone/iPod touch app (free) or the keychain ($6.50).

He should also stick to downloading his addons from reputable sites such as:
Curse.com - WoW Addons WAR Addons Gamer Blogs Forums
WoWInterface - Find World of Warcraft AddOns!

They actually go through all the addons to check for keyloggers before approval upon letting users download the addons. Any other site, he should check their policies, if they do the same. Some stand alone addon sites are safe, but they also upload their addons to these sites, such as Auntioneer and Deadly Boss Mods.

One other thing, I'm sure your son may know about this. If he receives any email or whispers in-game asking to give up his account info for a chance at in-game items, those are for sure account hackers. Those scams usually offer in-game mounts most of the time.
As far as I know he uses WoW Matrix, but I will check closer on that. I never thought about him giving his password info out for a chance to win something, but even if he did how could the hacker log back into his account after he changed both his password and contact email? Again, I will be talking to him about this. I am also being very weary of what I do with my own WoW account as this is a game he and I play every Friday night together. Thanks for the info.

Quote:
Originally Posted by Eric559 View Post
Don't think just because you have a Mac you are safe. Keyloggers are on both Macs and Windows PCs. There are also hardware keyloggers that can be attached to a system.

Even if a keylogger was installed it most likely needed an Admin password to install. You son would of had to input the password for the install to even begin. Try a program like Little Snitch and monitor the outgoing connections and see if you can notice anything abnormal.

Good info on getting Little Snitch. As far as the Admin, password he doesn't know it because when he comes home from school, and after all homework and chores are done he asks the wife or me to "unlock the computer" as it is password protected.

My Avatar is in memory of my beloved K-9,
Dillinger who was killed in the line of duty.
QUOTE Thanks
Dillinger-63

 
Dillinger-63's Avatar
 
Member Since: Feb 25, 2006
Location: Streator, Illinois
Posts: 643
Dillinger-63 has a spectacular aura about
Mac Specs: MacBook Pro 13 Inch, 2 Mac Mini's 1.66 & 1.83, 2- iMac Intel i3 iPhone 4 & iPad 2 32 gig.

Dillinger-63 is offline
Update: MacScan found the Trojan and removed it. I also downloaded the free iPhone app from Blizzard called - Authenticator, that generates a random code that you must enter with a certain amount of time. This should help in securing the WoW account. Thanks to all for their suggestions.

My Avatar is in memory of my beloved K-9,
Dillinger who was killed in the line of duty.
QUOTE Thanks

Post Reply New Thread Subscribe


« Safari Shift+Enter | Game lag? »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
Migrate a user account with the name as an existing account btowns OS X - Operating System 0 07-23-2009 12:03 PM
my admin account was deleted??? ddddisaster OS X - Operating System 5 11-02-2007 02:42 AM
HELP! Lost Admin Account kitjv OS X - Operating System 11 10-31-2007 08:17 PM

All times are GMT -4. The time now is 03:23 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?