ACCOUNT HACKING
by Acolyte Voodoo Cat

bear.gif (6143 bytes)

ACCOUNT HACKING

What is hacking?

According to www.dictionary.com, to hack is to use one's skill in computer programming to gain illegal or unauthorized access to a file or network.

For our purposes, it is to gain illegal or unauthorized access to a WorldsAway account.

If someone gains unauthorized access to your WorldsAway account, you have been hacked.

Please note the word unauthorized.
By giving someone your WA user name and password, you are authorizing them to use your account.

You should never give your account name and password to anyone. At times you maybe asked to provide your account name to a staff member of Avaterra.com to help you with a technical or billing issue. But they should never need to ask for you password, nor should you provide it.

scroll.gif (3641 bytes)

AUTHORIZED BUT UNWANTED USE OF YOUR ACCOUNT

Hacking occurs extremely rarely.
Authorized but unwanted use of a WA account happens much more frequently.

How would you know if someone else has used your account?

You log into Dreamscape and find that things aren't the way you left them. Your avatar, turf, and/or belongings have changed. You are missing belongings and tokens. Maybe your avatar's name has even changed. It is obvious that someone else has used your account.

What should you do?

  1. Change your password! Go the the Avaterra Account Manager page and change your password immediately.
  2. Try to remember whether or not you gave your password to anyone. If you have, it is very likely that they are the one who used your account.
  3. Page an Acolyte and report the problem. An Acolyte will be happy to help you deal with the situation. But remember, no one can force the person who used your account to do anything. By giving them your user name and password, you gave them access to your account. All you can do now is talk to them, and ask them to return your missing items or tokens.

scroll.gif (3641 bytes)

REAL ACCOUNT HACKING

Unfortunately, it is possible for hackers to get your user name and password without your consent. They do this by hacking into your computer and logging your keystrokes.

How do they do this? Well, there are several ways, and new ways are being created all the time.

The most common way is with the use of a trojan program. One of the best known, is one called Back Orifice (BO).

According to Symantec Corporation's Anti-Virus Research Center, Back Orifice is

"a tool consisting of two main pieces, a client application and a server application. The client application, running on one machine, can be used to monitor and control a second machine running the server application. The operations that the client application can perform on the target machine (e.g., the machine running the server application) include the following:

  • Execute any application on the target machine.
  • Log keystrokes from the target machine.
  • Restart the target machine.
  • Lockup the target machine.
  • View the contents of any file on the target machine.
  • Transfer files to and from the target machine.
  • Display the screen saver password of the current user of the target machine.
  • The creators of Back Orifice also claim to be able to display "cached passwords" for the current user, but no other passwords were displayed during our analysis."

How would I get Back Orifice?

In order for this to happen to you, the BO server application must be installed on the your computer.

Almost anyone could unknowingly install the BO server application. We all install programs that we have downloaded or received in e-mail. The BO server application will always be disguised as another program.
Any file with a file extension of .exe is a program.

Never install a program that you are not sure is safe. If you are unsure, you can scan the program with your anti-virus software.

An IP address is a unique string of numbers that identifies a computer on the Internet. All computers connected to the internet have one.

It is extremely easy to learn the IP address of any computer that is hooked up to the internet.

For example, the ICQ program makes your IP address public by default. You can change this setting by clicking on the Main Menu, and choosing Preferences & Security, then Security and Privacy. Make sure that the "Do not publish IP address" box is checked.

Once the hacker knows your IP address, they "ping" your computer to see if BO is installed.

If it is, they can now control your computer.

They can find out your WA user name and password by logging your keystrokes.

Other trojan programs may just gather this type of information and send this information back to its creator the next time you log onto the Internet or visit their web site.

How can I tell if you have a trojan program such as BO on my computer?

Back Orifice usually appears as a trojan horse. Many virus scanners can detect BO now if their virus information file has been upgraded within the last half a year. There are programs that are made specifically for detecting trojan programs, such as "The Cleaner" from MooSoft. You can also download and install Back Orifice Eliminator.

scroll.gif (3641 bytes)

WHAT TO DO IF YOU ARE HACKED

What do I do if my account has been used, and I have not given my user name or password to anyone?

  1. Make sure you have an up-to-date virus-scan program and/or trojan cleaner.
  2. Change your password! Go the the Avaterra Account Manager page and change your password immediately. You should also change all your passwords. Not only are the Avaterra passwords important, but also the user name/password you use to log in to your own computer (on networked machines).
  3. Install a firewall (or a security system like BlackIce Defender) and monitor if someone wants to get access to your system again. Refuse any connection to addresses you don't know (most security tools show the user-friendly URLs and the IP address).
  4. Now be sure, that you have a clean system (you can always evaluate 30 days copies of the latest virus and trojan horse scanners) and that you can keep it clean. Don't trust any programs sent by e-mail sent by persons you don't know. And even with persons you know, it's always good to have an active virus scanner in the background!
  5. You can fill out and submit a Problem Report form to let them know you have been hacked. Please keep in mind, there is nothing that Avaterra.com can do about replacing and lost items. It is clearly spelled out in their Terms of Membership: "You are responsible for maintaining the confidentiality of your password and are solely liable for any harm resulting from disclosing or allowing disclosure of an password or from its resulting use by any person...." Avaterra.com has no way of knowing if the person accessing an account is the owner, someone you gave authorization to, or someone hacking into your account.

scroll.gif (3641 bytes)

HACK PREVENTION

How can I prevent the BO server application from being installed on my computer?

  • Never give anyone your WA user name and password.
  • Practice safe computing practices like never downloading or running applications from unknown sources, and never publishing your IP address.
  • Install a Firewall or other Security System on your computer. BlackIce Defender and AtGuard are popular ones. A firewall can detect any incoming and outgoing connections and can refuse it, based on the rules you apply.
  • Also many Internet sharing programs offer a firewall feature. This is also useful if you are on a cable modem to prevent users on your cable system from accessing or computer, since you are on a shared network when using a cable modem.
  • Test your computer's security at Sheild's Up! Several Internet sharing programs that offer some kind of firewall protection, may also offer a service to test to see if they can access your computer to confirm that you have their product installed and setup correctly.

Hackers CAN NOT invade your system unless YOU LET THEM.

Please use your back button to return to the security page.