According to the post, a virus Trojan is currently active on the servers; stealing both account information and password as players enter them. Even if players are using a second layer of security with Battle.net, their accounts are still out on a limb.
Whether you’re using the mobile device or Battle.net authenticators, the account isn’t safe in any way; except for not logging in. The original post reads:
“We’ve been receiving reports regarding a dangerous Trojan that is being used to compromise player’s accounts even if they are using an authenticator for protection. The Trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them.”
Those unfortunate ones whose accounts have been compromised, Blizzard suggests creating an MSInfo File and then searching the Startup Program section of that file for Disker or Disker64. These files will look like this:
Disker rundll32.exe c:\users\name\appdata\local\temp\w_win.dll,dw Name-PC\Name Startup
Disker64 rundll32.exe c:\users\name\appdata\local\temp\w_64.dll,dw Name-PC\Name Startup
As of now, Blizzard is unaware of any anti-virus program that is able to remove this malware and they’re currently looking into it. Needless to say that the Trojan is currently targeting the Windows OS only so Mac version of the WoW is still on the safe side.
The ‘Disker’ Trojan would not run on a Macintosh. We haven’t received an reports of a Trojan like this for Macintosh systems.
Head over to Blizzard Forums to be a part of the discussion and help the community!