World Of Warcraft Girl

Security concerns
When players create World of Warcraft accounts, they are asked to choose a username and password. Afterward, whenever they play World of Warcraft, they are asked to supply the same username and password in full. This is also the case when using account management facilities online. This type of authentication is vulnerable to keystroke logging. While this is not unique to World of Warcraft and is common to many MMORPGs, the game has been directly targeted with trojans being specifically crafted to capture account login details. Attacks have been reported as early as May 2006, although they may extend as far back as July 30, 2005. The game does, however, allow players to save their account name to the program to allow the player to only have to type their password.
In September 2006, reports emerged of spoof World of Warcraft game advice websites that contained malware. Vulnerable computers would be infected through their web browsers, downloading a program that would then relay back account information. Blizzard's account support teams experienced high demand during this episode, stating that many users had been affected. Claims were also made that telephone support was closed for isolated periods due to the volume of calls and resulting queues. In April 2007, attacks evolved to take advantage of further exploits involving animated cursors, with multiple websites being used. Security researcher group Symantec released a report stating that a compromised World of Warcraft account was worth US$10 on the black market, compared to US$6 to US$12 for a compromised computer (correct as of March 2007). In February 2008, phishing emails were distributed requesting that users validate their account information using a fake version of the World of Warcraft account management pages. In June 2008, Blizzard announced the Blizzard Authenticator, available as a hardware security token or mobile application that provides two factor security. The token generates a one-time password based code that the player supplies when logging on. The password, used in addition to the user's own password, is only valid for a few seconds, thus providing extra security against keylogging malware.