General Discussion
Prev 1 11 12 13
05/22/2012 09:47 AMPosted by cRush

"Common sense" won't necessarily protect you. You could run the best anti-malware software, and keep your system completely 100% up to date, and only go to a specific set of websites and never venture beyond them, and still get owned by a zero-day exploit embedded in the adstream on a reputable site that you visit every day.

Only if you have numerous other insecurities in place, and aren't computer savvy. For example, that would require A) you to click something you shouldn't B) your computer to have full administrator priveleges or C) You enter the administrator credentials for a malicious program.

In fact, simply going to an untrusted website like that isn't something "common sense" warrants.

Learn to Ctrl + Alt + Delete. Check the processes. Identify unknown processes. Kill unknown processes.

None of those things are necessary. I got hit at least twice in the span of a week on different sites (One of which was cnn.com ffs), just because of a vulnerability in acrobat that adobe took over two weeks to finally patch in a fix for.

It didn't require anything to be clicked. You just had to visit a website that was utilizing an adstream that someone had put a banner into that had malicious code. That code would use that vulnerability in acrobat to install itself into your system and then you were hosed.

I'm savvy enough that I was able to remove the thing by hand before it was even in any of the antivirus programs' definitions, but it was tricky and not something your average user could accomplish by any means. Had to go completely scorched earth and completely wipe all of acrobat's files after the second infection. Didn't reinstall that app for quite some time, even after they'd fixed the vulnerability.

But the point is that that crap can happen to anyone, no matter how safe your habits are.
Thank you all for your reports, and for your investment in account security. We're treating this situation very seriously and have been from the start. While we've investigated numerous reports of Battle.net and Diablo III accounts being compromised, we have yet to find any situation wherein a player's account was accessed outside of traditional compromise methods (that is, someone logging in with an account's login email and password). Additionally, while the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand.

If you believe your account may have been compromised, please notify our support department as soon as possible. Contact information and instructions for account recovery can be found at http://us.battle.net/en/security/help on our Blizzard Support page. We will do all that we can to assist.

Additional security steps (which we highly recommend reviewing) are also available online. For more information visit: http://us.battle.net/en/security/checklist

Join the Conversation

Return to Forum