If you play Farmville, Café World, Treasure Isle, Mafia Wars, Frontierville, PetVille, Zynga Poker, Yoville, Fishville, or any other Zynga game either on the Zynga website or on Facebook, AND you have installed the Zynga Toolbar, you need to pay close attention to your browser this morning.
Zynga Toolbar Possibly Hacked:
At approximately 7:20 EST, 6:20 CST, on Sunday, 17 October 2010, the Zynga Toolbar appears to have been hacked by what either is or is fronting as a Russian Radio streaming website. The entire toolbar is changed to a different toolbar with Russian characters, a streaming radio/music player in the toolbar with strange file names, and the website address rockholmi.ru in bright orange lettering.
Included on this possibly hacked Zynga toolbar that now displays rockholmi.ru characters and information are also quick access buttons for Facebook, Myspace, YouTube and PayPal. It is believed by several people that the alleged hacked Zynga Toolbar, that was hacked by the Russian rockholmi.ru website, is seeking to phish user passwords or information from computers that had the Zynga Toolbar downloaded.
How to Protect Your Computer if You Use the Zynga Toolbar:
If you use the Zynga Toolbar, DEACTIVE the Zynga Toolbar immediately through your browser’s add-ins control and then go into your control panel and add/remove the Zynga Toolbar.
DO NOT uninstall through your browser add-ins, because this redirects you to the Russion rockholmi.ru website, which may or may not contain malicious code or scripts, or could have tracking cookies or other malicious intent.
Zynga has not responded to this as of 8:45 CST this morning about the cause of the hack or even if it was a hack, so until there is an official response to what this hijacked Zynga Toolbar from the Russian rockholmi.ru website does to your computer, it’s best to first disable it in your add-ins on your browser and then remove and uninstall the toolbar through your control panel. Repeat: DO NOT uninstall through your browser’s add-ins, because it will redirect you to the rockholmi.ru website.
Watch the Zynga forums for more official information from Zynga on when it is safe to reinstall the Zynga Toolbar and what the real threat rockholmi.ru has to your computer. You can find the Zynga Website here: http://www.zynga.com/ and their forums here: http://forums.zynga.com/
Rockholmi.ru Toolbar Buttons Warning:
For now, if you have used PayPal, Myspace, Facebook, YouTube or any other of these websites anytime between about six this morning, EST and now, it’s best to uninstall the toolbar through the add/remove programs, run a virus and malware/adaware/spyware scans (Spybot Search & Destroy is free, as is Lavasoft’s Adaware-AVG and Avast are free virus programs), and then reboot your computer and change all your passwords to any website you’ve used this morning.
Again, watch the Zynga forums and website for more up-to-date information about what this Zynga Toolbar hack from rockholmi.ru is all about, and what potential damage it might have done to your computer. An update will be added to this article when new information is officially released by Zynga, so check back throughout the day to know when your Zynga Toolbar is safe to download and use again.
UPDATE: 11:30 CST 17 October 2010: There has not yet been an official word from Zynga about the alleged Zynga Toolbar hack. Conduit, a company said to be responsible for the creation and management of the Zynga Toolbar, has stated in their forums that the Zynga Toolbar issue has been corrected, and that users need only ‘refresh’ their toolbar by clicking on the pulldown menu on the Russian rockholmi.ru and choosing the double arrow ‘refresh’ symbol, even though it is in Russian. The symbol should be easy to recognize as the ‘refresh’ double arrows in a circle symbol. Some users have reported that this has fixed the Zynga Toolbar problem.
Others are afraid to do this, because there has been no official word from Zynga that the Zynga Toolbar has not been hacked and that by simply refreshing the toolbar, their computers are still at risk, especially since many users are reporting that both Norton and McAfee have reported malicious activity upon the change in the Zynga Toolbar. AVG and Avast users were not given such a warning from their antivirus software. Will update with more, IF/WHEN Zynga gives an official ‘all clear’ to the Zynga Toolbar.
FINAL UPDATE: (MAYBE)
As of 3:00PM CST, Zynga has officially stated on their website that the Zynga Toolbar ‘hack’ has been fixed. They did not state what the cause of this problem was, whether it was a hack or whether it was an error on their part, but they do provide a way to correct it on your computer. They suggest that you, “…please try refreshing the Rockholmi Toolbar if you have not already done so. To do this, click on the downward pointing arrow next to the Rockholmi.mu logo and select Refresh Toolbar.” If that does not work, they then suggest, “If you are still experiencing issues, try uninstalling the Rockholmi Toolbar and reinstalling the Zynga Game Bar.” (Source: Zynga.com)
Many on the Zynga forums and other gaming forums and social networking websites are speculating that it was indeed a hack, but that Zynga will not admit that, lest they become responsible for damages to users’ computers. Others have speculated that Zynga and rockhomi.ru are both ‘customers’ of Conduit, a company recently acquired by Zynga, who help make applications and toolbars such as the one used by Zynga and the mistakenly changed rockholmi.ru toolbar. Whether this is true or not is difficult to ascertain, but Zynga’s official response makes no mention of the cause of the problem.
Whether a hack or not doesn’t matter: running a spyware, adaware and antivirus scan on your computer is highly recommend and should be something you schedule on your computer to be performed on a regular basis. As always, never share password, login or financial information with anyone you do not know online, and if you think you might be at risk, always err on the side of caution.