Frackin script kiddies!!

Thu Aug 5 15:15:06 EDT 2010

On Aug 5, 2010, at 1:47 PM, Bill Bogstad wrote:
> 
> This statement rather surprised me.   From what I can tell from some
> quick web searching, the "MitM" WoW attacks which are happening are
> key loggers/trojans running on the end user system.

Blizzard recently stepped up the Authenticator removal mechanism by requiring two consecutive Authenticator codes.  In response, the account thieves are stepping up their game, too.  The newest form that I'm aware of shims itself as a proxy between the Warcraft client and servers.  It captures credentials and first authenticator code then returns a failed login code prompting the unwitting victim to enter credentials and code again.  Bang, account compromised and stolen.

Note: I haven't seen this in the wild, yet.

--Rich P.