The matter is currently under investigation and will hopefully be resolved soon, however i suggest you take the obvious precautions to protect yourself.
Firefox or a modified hosts file is your best bet at protecting yourself for now.


Firefox : http://www.getfirefox.com/
Noscript : http://noscript.net/getit

Source:
* http://rrvs.blogspot.com/2008/...ular-sites.html
* http://rrvs.blogspot.com/2008/02/trojans-again.html
* http://rrvs.blogspot.com/2008/03/trojans-oh-boy.html

Quote

Malgayne said...

This is Malgayne from Wowhead. I know this is totally inexcusable. If I had my way we'd have shut down all ads on the site already, but unfortunately I don't handle the advertising directly.

I can tell you with assurance that this has nothing to do with Affinity Media. Our Director of Ad Ops has been staying up until all hours of the night desperately trying to find which of our ad networks is causing the problem, and has been for days. But i've seen this exact same redirect on hotmail.com lately.

These ads come in through banners that appear to be totally innocuous, unfortunately. Even the ad network that's showing the banner doesn't know it. And Right Media doesn't narrow it down as much as we'd like, since Right Media is an exchange platform that all of our ad networks use at one point or another--nearly every ad network in the business does. =/

The banner spoken of, originates from "ad.yieldmanager.com", and will produce a redirect to "xpantivirus.com".
The exact source and origin is a little more complicated than that however.

Quote

Wowhead said...

I've been tearing my hair out trying to find this ad and get it pulled. The trouble is that the redirect code is hidden in a banner ad that, unless loaded in an actual webpage, looks completely innocuous. Not even our ad serving providers know which banner it's located in--if they did, it would be blocked by them on their end, they don't allow this kind of thing either. I promise we're trying. If we can't track this ad down soon we may have to pull all advertisement from the site entirely.

Hopefully the matter will be resolved soon.
Until then, consider yourself warned.

Random Ravings : Why pay for something you can get for free?
Guides, rants, news and info. Just check it out when you're bored sometime.

Thank you for this warning, Glad I use firefox

(No Script addon blocks adds it's awesome)

For those that don't know, like bloody said. Use noscript with firefox, and you won't get your keys logged.
http://noscript.net/getit

this troyan is there for more then week (it is up @ wowhead from 25 feb), tbh i even sent a priv msg to Teza, however it looks he ignored it completely

anyway: just avoid wowhead and you will have no problems

It has been around far longer than that actually.

I recall posting about it on thottbot as much as 3 months ago.
Of course it could be a different one, but the effect is the same.


This needs some attention however, widespread attention is the best way to stop it dead in it's tracks.

Random Ravings : Why pay for something you can get for free?
Guides, rants, news and info. Just check it out when you're bored sometime.

Quote (Keronik, 10 March 2008, 14:24)

this troyan is there for more then week (it is up @ wowhead from 25 feb), tbh i even sent a priv msg to Teza, however it looks he ignored it completely

anyway: just avoid wowhead and you will have no problems

I didnt ignore it, but wowhead is already aware of this problem and they are trying to fix it.

Quote (Teza, 10 March 2008, 14:34)

I didnt ignore it, but wowhead is already aware of this problem and they are trying to fix it.

well, you could make a "global" news @ WoR, so most interested would be warned

anyway: good that are warned and that wowhead and others are trying to fix this "problem"

//edit
some spelling

For those that have been effected by this virus, did your normal run of the mill virus protection programs work to get rid of it? Or even identify it?

I recently killed a trojan that's been on my system for over a year.
I had norton running and updated for longer than that, and it couldn't find it.
However, that was a different trojan, and probably what highjacked my icq account back in the days. I still changed my passwords just in case.

I wasn't in an experimenting mood when it comes to a warcraft trojan though, so not sure if your every day scanner will pick up on this one.
Best not to risk it.

Random Ravings : Why pay for something you can get for free?
Guides, rants, news and info. Just check it out when you're bored sometime.

I like NOD32 + progressguard, no virus got me yet

Or im not aware of it

I run Teatimer, a part of spybot S&D
(to check if anything wants to change my registry)

and Norton.
Also the regular software firewall.

Random Ravings : Why pay for something you can get for free?
Guides, rants, news and info. Just check it out when you're bored sometime.

the easy answer to this is, run Friefox, with the AdBlock Plus addon.. and youll never see another add.

Quote (Zumwalah, 10 March 2008, 15:41)

the easy answer to this is, run Friefox, with the AdBlock Plus addon.. and youll never see another add.

A proper hosts file should block off most advertisers.
Adblock plus requires you to actually right click an ad to block it correct?
You won't be able to do that with this one, which is why wowhead is having as much trouble blocking it themselves.

Random Ravings : Why pay for something you can get for free?
Guides, rants, news and info. Just check it out when you're bored sometime.

AdBlock Plus uses a blacklist to block ads from being downloaded as far as I remember. I never saw any ad since i installed it months ago.

Anyone knows if it gives extra security to install also noscript when you have already AdBlock Plus?

how do you uninstall NoScript?