Blocking executables is a great step for protecting users, as long as it's enforced alongside the nightly virus scans as well as at the point of upload, to prevent infections such as this one, where a file server was compromised directly. (I have no reason to suspect that's not the plan)

Thanks WoWI ;)

Sweet deal!

Thank you!

Executables can be fine, if you can get your hands on the complete source code of the mod and installer, and can locally re-create the install environment - eg, tools such as MinGW and NSIS. Several open source projects build Win32 installers using this method on non-Win32 machines. The advantages of doing this are.. well, fairly obvious if you understand the procedure. However, I thoroughly do not recommend this approach for, at a guess, 99.9999% of WoW players.

NEVER trust an installer package that you can't get the source code for and can't build for yourself.*

Hugz 'n stuff,

Me.

*Well, 'cept for WoW's installer, 'coz Slouken wouldn't be that nasty to us! :)

Uploading .exe files is also disabled for Curse at the moment. We haven't had a problem with the trojans going around, but want to take extra precautions to make sure that it doesn't happen.

Indeed. As Guillotine said, we're going to be taking extra precautions at Curse as well due to this news. It's unfortunate to hear of this happening to yet another of the respected AddOn websites.

Always use protection, kids.

For the record, it wasn't our upload system that was compromised it was our secondary file server. Someone hacked in and edited the files directly. :(

---

Q u o t e:
Always use protection, kids.

---

This is one situation where virus scanners WON'T pick it up.

I know of exactly ONE anti-virus program which is currently detecting it. Norton, Mcafee, AVG, and pretty much every other AV product ou there - aren't picking it up as I'm writing this.

EDIT: Scratch that, we're up to two. AntiVir and ClamAV.

Curse my blasted net connection and the freenode Tor block. Always looking for more toys to dissect, if only I wasn't a half-hour behind the conversation...

I take it all of the major AV providers have been handed a zip?

---

Q u o t e:
Curse my blasted net connection and the freenode Tor block. Always looking for more toys to dissect, if only I wasn't a half-hour behind the conversation...

I take it all of the major AV providers have been handed a zip?

---

Get me e-mail addresses and links, and sure ;)

hacks@blizzard.com has been, though.

Just wanted to let everyone know also that wowui.incgamers no longer accepts executables as of last week. It is just too risky and really not that necessary to have them at all except in a few cases.

Bump, because this needs to be on the front page.

Slouken, this is important for people to read. Now and in the future.

Sticky this thread.

also please read my thread at WOWI it will help you and everyone else out of this problem and the problems to come.

http://www.wowinterface.com/forums/showthread.php?t=13296

*edit*
yes i know it is off site but the blizz boards don't like me, don't support vB code, and it is 6 posts long.

---

Q u o t e:


This is one situation where virus scanners WON'T pick it up.

I know of exactly ONE anti-virus program which is currently detecting it. Norton, Mcafee, AVG, and pretty much every other AV product ou there - aren't picking it up as I'm writing this.

EDIT: Scratch that, we're up to two. AntiVir and ClamAV.

---

Another one that detects it:
ESET Nod32 Online Scanner (Win 98/ME/NT 4.0/2000/XP/Vista) http://www.eset.com/onlinescan/index.php

The virus in question has three parts.

I can tell you that one of the parts is only being picked up by a total of five anti-virus products, while another is picked up by three, and the last part, two.

NOD32 is picking up none of them, according to virustotal.com.

Ty for putting this warning out. Perhaps Blizzard could set up their own site to host popular add-ons? This may help ensure safety?

OMG this is on page 4?!? this needs to be stickied

/bump