Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blizzard.com staff recommending use of Combofix by users


  • Please log in to reply
14 replies to this topic

#1 DonCorneo

DonCorneo

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:08:55 PM

Posted 12 April 2010 - 03:57 AM

After reading the information here, it seems that Combofix is not meant for just scanning and removal of malware.
It may be a good idea to setup a "sticky" for WorldofWarcraft users with instructions geared toward scanning for malware and the use of Combofix.
Also the Combofix web site should indicate that Combofix is still in Beta for Windows 7 32 bit and not usable for 64 bit.

The reason Blizzard is recommending the use of Combofix is because a high amount of users have had their gaming accounts compromised or hacked. A lot of users have had 0 detections of any kind of malware (aside from tracking cookies and other minor "threats") with programs like Malwarebytes, Spybot S&D, Spysweeper, SUPERAntiSpyware, AdAware, and any of the major Anti-Virus/Spyware programs. Some of us have also used HiJackThis and found nothing unusual.

From the threads in the forums on Blizzard.com, it is made to sound like Combofix can be used to scan for and removal any malware that may be on the computer by the user. After reading some of the information here, it seems to me that Combofix is more similar to HiJackThis than a program like Malwarebytes. It may be a good idea to let Blizzard know that it is not a good idea to tell users to download and use Combofix unless instructed to do so here.

After using all the other scanners, would Combofix find something they didn't?

BC AdBot (Login to Remove)

 


#2 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:55 PM

Posted 12 April 2010 - 04:35 AM

ComboFix is a very specialized program that should not be used by anyone without EXPERT supervision.

Using ComboFix on your own could have disastrous consequences and lead to a computer that will not boot.


I do not see anywhere on the Blizzard site that they are recommending the use of ComboFIx. I went through the site and even read a lot of posts in their forum but did not find the ones where they recommend using that. If it is on their site, would you please provide a link to the actual page that they make that recommendation?

I tried to find it to find out where they are recommending it be downloaded from and to see what kind of instructions they give for its use.

If it is not on the website, or if you cannot post a link to the exact page, can you please tell where they are recommending it be downloaded from and what instructions and cautions they are giving for its use?

Edited by Stang777, 12 April 2010 - 04:40 AM.


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,820 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:55 AM

Posted 12 April 2010 - 05:52 AM

The reason Blizzard is recommending the use of Combofix is because a high amount of users have had their gaming accounts compromised or hacked. A lot of users have had 0 detections of any kind of malware (aside from tracking cookies and other minor "threats") with programs like Malwarebytes, Spybot S&D, Spysweeper, SUPERAntiSpyware, AdAware, and any of the major Anti-Virus/Spyware programs. Some of us have also used HiJackThis and found nothing unusual.

To make a long story short, I've had a ton of users complaining their WoW account was hacked, and zero of them had password stealing/keylogging stuff installed.
In other words, the passwords get hacked because they are vulnerable. Instead of recommending Combofix, it would be better to recommend users to use a strong password and to be careful what sites they visits (phishing) and where they leave their email addresses.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:55 PM

Posted 12 April 2010 - 08:27 AM

It may be a good idea to setup a "sticky" for WorldofWarcraft users with instructions geared toward scanning for malware and the use of Combofix.
Also the Combofix web site should indicate that Combofix is still in Beta for Windows 7 32 bit and not usable for 64 bit.

We have a pinned topic. Please see ComboFix usage, Questions, Help? - Look here.

Gaming sites are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. They can lead to other sites containing malware which you can inadvertently download without knowledge. Users visiting such sites may encounter innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. For these reasons gaming sites can put you at risk to fraud, phishing and theft of personal data. Even if the gaming site is a clean site, there is always the potential of some type of malware making its way there and then onto your system. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS.

...Microsoft Security has issued a research report where it notifies that virus creators are continuously assaulting online video game players...a malicious family of software programs are seeking out popular online computer games such as World of Warcraft, Maple Story, Lineage and several others. According to Microsoft’s seventh Security Intelligence Report, cybercrooks use computer worm parasites for stealing confidential personal information from local computer users through online games, unsecured file sharing and removable disk drives...The most dangerous and prevalent malware involve Taterf and Conficker worms which have infected millions of computer systems worldwide...

Malware Makers Target Online Games to Spread Worms

Microsoft warned video game developers...that their PC games are now a target for criminals...Popular massively multiplayer online games, such as World of Warcraft, have created a market for valuable game identities...Using malware or software designed to infiltrate a computer system, hackers steal account information...

Microsoft warns game developers of cyber thieves

...Gaming sites are becoming a growth area for malware and other security threats. The newer threats are sophisticated and are designed to draw in unsuspecting users...

Game Sites Next Big Malware Target?

The design of online game architecture creates an open door for hackers...hackers and malware hoodlums go where the pickings are easy -- where the crowds gather. Thus, Internet security experts warn game players that they face a greater risk of attack playing games online because few protections exist....traditional firewall and antimalware software applications can't see any intrusions. Game players have no defenses...Online gaming sites are a major distribution vehicle for malware....

MMO Security: Are Players Getting Played?

...Moral of the story?
1. Do not allow online games
2. Block ports used by online games
3. Block sites related to these online games
4. Educate your users...

online game + online trade = Trojan Spy

Security researchers...poked around in World of Warcraft and other online games, finding vulnerabilities and exploiting the system using online bots and rootkit-like techniques to evade detection...Some Trojan Web sites have done what they can do to collect gamers' authentication information so they can loot their characters (and) accounts.

Real Flaws in Virtual Worlds: Exploiting Online Games

...a very significant release for Gamers everywhere with the addition of a variety of password stealers directly targeting Online games. The main targets are mostly based in Eastern Asia (Lineage Online, Legend Of Mir, ZT Online just to name a few), but World of Warcraft and Valve’s Steam client are high on the hit-list too...

Taterf – all your drives are belong to me!

Using gaming sites is almost a guaranteed way to get yourself infected!!

Edited by quietman7, 12 April 2010 - 08:29 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 DonCorneo

DonCorneo
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:08:55 PM

Posted 12 April 2010 - 02:43 PM

If you search for "hack" or "combofix" in the World of Warcraft forums, you will see posts from staff that suggests using Combofix without explicit instructions.

I will post some direct links today. Look for the Blue posts.
one is: http://forums.worldofwarcraft.com/thread.h...764&sid=1#0

Another one: http://forums.worldofwarcraft.com/thread.h...62&sid=1#28

Edited by DonCorneo, 12 April 2010 - 07:55 PM.


#6 DonCorneo

DonCorneo
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:08:55 PM

Posted 12 April 2010 - 03:30 PM

Elise025,
Could you get together with the other "Helpers" and make a pinned post for MMO users on this?

Any time a WoW user posts that their account was stolen, the automatic response by other users is that the computer has been compromised by some kind of malware. It's not helped with Blizzard staff furthering this misconception and then recommending the use of a program like Combofix for something that may not exist.
If you could include a list of recommended scanning programs for them to use to check for malware and a note that unless one of those reports a detection it can't remove, it is unlikely the MMO user will need to download and use Combofix. And in a case where help is needed to remove malware, that the user should consult a site like bleepingcomputer.com before doing anything on their own.

The mass majority of MMO users do not have the experience, let alone expertise, to use powerful programs like Combofix. With "Blue" staff members from the Blizzard forums telling them to download and use Combofix, there will be some problems.

Also quantifying your results about the hacking (number of infected computers verses suspected hacks), and your recommendations about passwords will help reduce the problem and assuage some fears.

Edited by DonCorneo, 12 April 2010 - 06:33 PM.


#7 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:55 PM

Posted 12 April 2010 - 08:35 PM

Thank you for providing the info I asked for.

I had used the search box on their site for the word Combofix but it came back with zero results.

I see that they are recommending that Combofix be downloaded from Combofix.org and that site is not an official download site for Combofix. I would caution everyone against getting the program from it, as well as against using Combofix without expert supervision.

Here are a couple of quotes from one of BleepingComputers most esteemed staff members (sigh, atleast Marks words will live forever) about Combofix.org....

www.combofix. whatever are sham sites
Subs does not host a stand-alone website for Combofix. Let alone an unsupervised one without the proper disclaimers and instructions


Combofix.org is a sham site. The author of Combofix has nothing to do with that site


I sure hope that just visiting the Blizzard.com site and reading the forums doesn't lead to infections like playing the games can. I did check it with WOT before going and they gave it a green rating. I hope the same about the forums of World of Warcraft. I thought the links posted above were just to Blizzard.com but I see now that they are not and even though the WOT rating on forums.worldofwarcraft.com is green, people have posted that the forums are filled with links that are keyloggers. I only clicked on one link on the Blizzard.com forum site, and that was in a post by one of the staff members, which is why I trusted it, so I am guessing that one was fine.

However, to all who might go there, let those bolded words be a warning not to click on links in the forums as that is possibly why they are getting hacked.

Edited by Stang777, 12 April 2010 - 09:03 PM.


#8 DonCorneo

DonCorneo
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:08:55 PM

Posted 13 April 2010 - 12:32 AM

I understand the confusion. WorldofWarcraft.com is owned and administered by Blizzard.com as the official site for the World of Warcraft Game from Blizzard. Blizzard also owns Battle.net which is it's official player account site for its games.

Blizzard does have a warning when you click any web site link posted in the forums.

The links to the threads I posted above have posts by staff linking combofix.org as an official site for the program. It in turns links you to bleepingcomputers.com and another site to download Combofix.

So the site Combofix.org is NOT part of an official site for Combofix?
Can some one email Blizzard about this, ask them to remove those links and provide ones that Combofix prefer to be used?

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,820 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:55 AM

Posted 13 April 2010 - 02:19 AM

DonCorneo, the most simple solution for that forum would be to make a sticky like "what to do when your WoW password is hacked."

It can be made like:

:inlove: Change passwords, together with an explanation about strong passwords
:flowers: Include some of the information Quietman7 posted (I don't suppose the WoW staff will like that, but nonetheless its the truth).
:thumbsup: Recommend MBAM and Avast for example (those two I saw in a post you linked to, which is fine).
:trumpet: Recommend, if that doesn't solve the problem, a few malware removal sites, such as BC or others (links to preparation guides at such forums).

Once a users posts a topic "help my account is hacked", you can just link them to the sticky.

Keeping in mind what Quietman7 said, it would also be a good idea to make this information available, for example, link new users to this information. If WoW is seriously interested in their users safety, they would do good to investigate this further!

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 DonCorneo

DonCorneo
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:08:55 PM

Posted 15 April 2010 - 09:52 PM

I'll post it for Blizzards consideration, hopefully they'll use it.

And if it is ok, I'm gonna copy and paste what you posted.

I hope they have already started using some of that information since some of the links are already 2-3 years old.
I know they tend to get stuck on the "compromised user's computer" since a large number of "hacks" were caused by having malware, using "gold buying services" or "power leveling services". The people like me that have a fairly secure computer make up a very small percentage of the hacked accounts that it is largely ignored when we report our systems were clean to begin with. Nobody believes that are accounts were actually hacked.
I know mine occuered shortly after using their Battle.net service which forces us to use an email address instead of a user created ID name





Added note: Now one Blizzard's staff members has a direct download link to Combofix from BC's site, totally bypassing any warnings (post #4 from Davdedl, blue text):
http://forums.worldofwarcraft.com/thread.h...074&sid=1#6

Edited by DonCorneo, 15 April 2010 - 10:03 PM.


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,820 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:55 AM

Posted 16 April 2010 - 01:50 AM

As long as they post the official link...

There is a big disclaimer saying not to run it unsupervised before the scan starts. To put it bluntly, everyone can read.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 DonCorneo

DonCorneo
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:08:55 PM

Posted 16 April 2010 - 03:24 AM

If I get what your saying, when you run Combofix it displays the warning.

I have W7 64 bit so Combofix will not work for me.

Edited by DonCorneo, 16 April 2010 - 03:28 AM.


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,820 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:55 AM

Posted 16 April 2010 - 03:32 AM

This is the warning a user will see typically.

Posted Image

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 DonCorneo

DonCorneo
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:08:55 PM

Posted 16 April 2010 - 05:51 PM

To be honest, that seems like a generic warning, which seems why the staff from Blizzard and some other posters are ignoring it. I thought there would be a warning akin to the download page. Personally, I'd ignore that was a simple disclaimer warning.

One poster even said that after using it themselves, and helping some others, they consider themselves an expert.
They claim Combofix use without getting real help is justified because the reason for using it is Malwarebytes did not work and that people go 4 days without help here or are told to use Malwarebytes anyway before being told to use Combofix.
I would have to say it was because they posted incorrectly for a slow response since I got responses pretty darn fast, and no matter what Tech Dept. I've ever had to work with I have been told to do things I have already done a hundred times, that is how it works.

After butting my head against the wall with them, I understand why you don't want to get involved.

Maybe you should see about inserting a line in the warning that the user must get help from whomever told them to use Combofix since BleepingComputer can only help those who requested help from BC before using it.

I have been working on computers for almost 20 years now and I don't consider myself an expert at all. I know such a small amount (mostly hardware related) and learn something new with every problem.

I guess this thread will fall-off since you have done what you can, and I'm giving up early. Some people will just keep sticking their hand into the flames until they get seriously burned, and from the responses I saw, they will keep doing it after that.

My the knuckleheads you have to deal with be very few.

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,820 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:55 AM

Posted 17 April 2010 - 01:46 AM

Maybe you should see about inserting a line in the warning that the user must get help from whomever told them to use Combofix since BleepingComputer can only help those who requested help from BC before using it.

We can make a warning with big red letters: THIS WILL FRY YOUR COMPUTER, DO YOU WANT TO CONTINUE and people will still click YES. Just sayin' :thumbsup:

Some people will just keep sticking their hand into the flames until they get seriously burned, and from the responses I saw, they will keep doing it after that.

Totally true, I see you got the point :flowers:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users