Trojan on WoWHead, Thottbot and Allakhazam!

[Gramdtante]

According to a post on MMO Champion Forums, a few ads on WoWHead, Thottbot and Allakhazam is containing a trojan.

Source: http://www.************.com/index.ph...#msg52963'

Therefore, please be careful with those sites

And for a quote from their forums, please read Viter Er Svedig's post below.

[Viter]

[IMG]http://www.************.com/Themes/mmo2/images/icons/profile_sm.gif[/IMG] [IMG]http://www.************.com/Themes/mmo2/images/www_sm.gif[/IMG]
[IMG]http://www.************.com/Themes/mmo2/images/post/xx.gif[/IMG] Warning : Trojan on alak, thott and wowhead
« on: March 10, 2008, 01:51:54 PM »

The matter is currently under investigation and will hopefully be resolved soon, however i suggest you take the obvious precautions to protect yourself.
Firefox or a modified hosts file is your best bet at protecting yourself for now.


Firefox : Firefox web browser | Faster, more secure, & customizable
Noscript : NoScript - JavaScript/Java/Flash blocker for a safer Firefox experience! - get it! - InformAction

Source:
* Random Ravings of Warcraft: Trojans on popular sites
* Random Ravings of Warcraft: Trojans again
* Random Ravings of Warcraft: Trojans, oh boy

Quote
Malgayne said...

This is Malgayne from Wowhead. I know this is totally inexcusable. If I had my way we'd have shut down all ads on the site already, but unfortunately I don't handle the advertising directly.

I can tell you with assurance that this has nothing to do with Affinity Media. Our Director of Ad Ops has been staying up until all hours of the night desperately trying to find which of our ad networks is causing the problem, and has been for days. But i've seen this exact same redirect on hotmail.com lately.

These ads come in through banners that appear to be totally innocuous, unfortunately. Even the ad network that's showing the banner doesn't know it. And Right Media doesn't narrow it down as much as we'd like, since Right Media is an exchange platform that all of our ad networks use at one point or another--nearly every ad network in the business does. =/


The banner spoken of, originates from "ad.yieldmanager.com", and will produce a redirect to "xpantivirus.com".
The exact source and origin is a little more complicated than that however.

Quote
Wowhead said...

I've been tearing my hair out trying to find this ad and get it pulled. The trouble is that the redirect code is hidden in a banner ad that, unless loaded in an actual webpage, looks completely innocuous. Not even our ad serving providers know which banner it's located in--if they did, it would be blocked by them on their end, they don't allow this kind of thing either. I promise we're trying. If we can't track this ad down soon we may have to pull all advertisement from the site entirely.


Hopefully the matter will be resolved soon.
Until then, consider yourself warned.

thats what it says on the website.

[[Shon3m]]

lol that's a lie ************....is saying 2 get people 2 get 2 there site more.....its wowhead.com is the best for wow stuff.....so think again blizzard wouldn't let these's site's set up lol hacking= keylogger on blizz side so ya there ok sites!

[Gramdtante]

If you read the information, you'd know that it was their Ad-Network.

And thank you for posting the information on the site, Viter Er Svedig. I didn't think of that myself.

[-Lex]

That's stupid. It's just ads like ErrorSafe etc, which says then gonna fix your PC, but then does the opposite, and tricks you into buying the full version, which doesn't do shit.

[Gramdtante]

Thanks... I guess.

[Kuiren]

Hotmail has the same trojan going around. This is the truth.

It comes from Gal-hosting. The file names were update.exe and poo.exe.

:/

[woffles]

to get it, did you have to click the popup and download it.

or was it pure scripted and loaded on popup or even just clicking it?

[Kuiren]

I didn't click anything.. it was sending me these trojans..

[woffles]

sending you? as in emails?

[Kuiren]

No, it was sending it to my ip..

It first download update.exe without me knowing.. then it started trying to download the trojans.

[woffles]

anyway to tell if you have the trojan or not?

[Kuiren]

Uhm, an antivirus? Come on now, use common sense..

[woffles]

well i just installed and updated kaspersky, didnt find anything. but usealy ant these trojans designed to get around AV's?

[Kuiren]

Well, nod32 stopped the trojans. I luuuuv nod32.