According to Symantec, a new trojan called "Infostealer.Wowcraft" is making the rounds. Unlike many malicious programs, however, it makes no attempt to steal your credit card information. Instead, it goes after something much more personal—your World of Warcraft account.
The trojan, which is a modified version of a similar piece of nastyware that had already been detected in the wild, installs itself in the startup portion of the registry, disables any running anti-virus software it can find, and launches a keylogger process when it finds any windows labeled "wow.exe," "Launcher.exe," "signup.worldofwarcraft.com," or "www.wowchina.com," the latter being Blizzard's official Chinese web site.
Once the trojan has nabbed the unsuspecting user's World of Warcraft account information, it e-mails the name and password back to an address used by the author. Once the thief has this information, he can log on to the stolen account and use it with impunity, as the game does not check for a specific CD key or even geographic location when the user logs in.
What would be the purpose of such an action? Two words: gold farming. Blizzard has been fairly stringent about banning accounts that are suspected of being used simply for collecting in-game gold and selling it (for real money) to impatient gamers. This merely takes the idea to a new level, where "account farms" generate long lists of stolen accounts for the gold farmers, who don't need to worry if those accounts get banned because they can just pick up a new one.
The trojan is not the first one of its type. The W32.HLLW.Gotorm worm, first discovered in 2003, attempted to steal online game account information and CD keys for popular games, including Half Life, Warcraft III, Counterstrike, Starcraft, and Diablo 2, and then spread them over the Kazaa network.
The good news is that the Wowcraft trojan is currently exceedingly rare in the wild. According to Symantec, it exists as a payload on two or fewer web sites, and less than fifty total infections are known at this time. Because the trojan has no self-replicating properties, it will not spread even from "infected" machines, and this severely limits its chances for propagation. Nevertheless, it remains a good idea to make sure that you keep your operating system fully patched, and always make sure that you scan any suspicious downloaded files. After all, when you've spent that long getting your Mage to level 60, it would be a shame to lose the account to a gold farmer.