Reports Emerged of Spoof WOW Advice Websites
In September 2006, reports emerged of spoof World of Warcraft game advice websites that contained malware. Vulnerable computers would be infected through their web browsers, downloading a program that would then relay back account information. Blizzard's account support teams experienced high demand during this episode, stating that many users had been affected. Claims were also made that telephone support was closed for isolated periods due to the volume of calls and resulting queues. In April 2007, attacks evolved to take advantage of further exploits involving animated cursors, with multiple websites being used. Security researcher group Symantec released a report stating that a compromised World of Warcraft account was worth US$10 on the black market, compared to US$6 to US$12 for a compromised computer (correct as of March 2007). In February 2008, phishing emails were distributed requesting that users validate their account information using a fake version of the World of Warcraft account management pages. n June 2008, Blizzard announced the Blizzard Authenticator, available as a hardware security token or mobile application that provides two factor security. The token generates a one-time password based code that the player supplies when logging on. The password, used in addition to the user's own password, is only valid for a couple of minutes, thus providing extra security against keylogging malware.
