WARNING: Trojan on Wowhead.com, thottbot and others

The important thing to remember with these situations is that it's NOT wowhead, thott, or any other site actually infected, it's a banner in their ad-rotation that was maliciously designed.

If you have your browser appropriately locked down, you are not in danger. Just don't click on any ad-links, close pop-ups using the X in the top-right corner (never click links that say "close this window", etc)

Lastly, keep your anti-virus up-to-date. I don't care what you use, just use something. You can find good ones by reading articles from PCWorld.com (they have lists on good ones you can purchase, ones you can try free, and some you can use indefinitely for free)
 
If you run Firefox, get the Adblock Plus plug-in. I've been using it for a few years now, and I just never see the ads in the first place.
 
Turns out the Trojan is activated when you click on the advertisement pop-up. If you close the advertisement using the Windows X at the upper right you should be fine. I work as a network administrator for many small business in my town and this is probably about 25% of my job for server clients and 85% of my business with my peer to peer clients. Luckily for my server clients they have a decent line of defense against outside intrusions, but it's never full proof when people are clicking on emails or advertisements that have suspect sources.

For those of you in IT, there was an article about an email phishing technique called Drive-by Pharming that literally modified your DNS so that you are directed to fraudulent sites instead of the site you intended to go to. That's scary. It's one thing to be able to compromise a computer's stability or privacy, it's a whole other thing to be able to compromise a router on the network, compromising all the computers on the network.

Symantec Article about Drive-by Pharming
 
There is another FireFox addon called NoScript that is very effective in preventing attacks. It takes more thinking and involvement on the part of the user than AdBlock does.
Winner of the "2006 PC World World Class Award", this tool provides extra protection to your Firefox.
It allows JavaScript, Java and other executable content to run only from trusted domains of your choice....
Click to expand...


PS - I don't recognize that logo 3-dEMON ... is that for some sort of team imported from Canada? ;P
 
The only site out of those three I use is Thotbot. Has anyone seen the Trojan-infected ad as far as the specific advertisement? This way we can all be extra careful if we know what the ad is. Especially since I don't use firefox because my University doesn't support it. We only use IE. (Trust me, I'm not crazy about IE but I have to use IE to access certain University-related pages and documents since they don't support the use of firefox.)

I do click the X for every ad I see that pops up, but sometimes I click too quickly and click the ad instead. I do close the window afterwards, but by then it's too late. I have never (knocks on wood) gotten a trojan/virus on my more recent computers because of my antivirus and spyware software, however I work at my University's computing center and I've witnessed way too many horror stories about students who get trojan viruses, and then yell at us when we can't save their crashed hardrive or files that they absoultly need in the next few hours for their class. Which isn't our problem 95% of the time. One time a student decided to send a spam message out to students saying something like "if you click this link, you'll win $10,000!" And then my boss couldn't figure out until later why so many students were coming into the computer center saying they thought their computer had a virus or two... Our school should have been nicknamed "Home of the Gulibles" after that...

So I know they can cause serious problems even at the first click.
 
Unfortunately, I haven't heard that anyone found the exact ad responsible yet, so I don't know if it's been pulled. From what 3-demon said, it's a popup advertisement used on the wow sites, so just be careful when dealing with those sites about clicking the X.
 
You must log in or register to reply here.
Back
Top