Thats why the steps show scanning your system BEFORE you go to recover the account. Most just skip over that and get hacked again.

Come to think of it, why exactly can't operating system designers simply write their code to not allow any third-party script that records keystrokes?....

Because keyloggers are legal. Many companies use them to make sure employees aren't misusing company time, or just a way to keep tabs on them.

How would you regulate the difference between a keylogger or a Word Processor then?

-----
Grovinofdarkhour Sep 22nd 2010 3:17PM

Come to think of it, why exactly can't operating system designers simply write their code to not allow any third-party script that records keystrokes?....
-----

No kidding. We should just get rid of the damn keyboards. That'll teach them keyloggers!

I reviewed a security document at a Federal institution once that recommended system administrators ensure that the keyboard to any server was not visible from the room's doorway. This apparently was meant as a way to avoid attracting hackers. Hackers are, after all, a combination of ninja and fly.

On a more serious note, I hope you're not under the impression that keyloggers are implemented in WoW addons (LUA script) or Websites' JavaScript.

OK fine, *records AND transmits* keystrokes. I just can't shake the feeling that operating system designers could easily solve this problem. Not saying they deserve the blame for it, they clearly didn't create the problem, but they're in the optimal position to do something about it, if only they had some motivation to do so.

-----
Grovinofdarkhour Sep 22nd 2010 5:11PM

OK fine, *records AND transmits* keystrokes.
-----
You mean like WoW does?

If this were a trivial issue to deal with, it'd be handled in the OS by now. Even if it wasn't, various anti-malware / anti-spyware suites would have the issue all sewn up. They've got keylogger detection in their products now but you're going to get false positives.

"Hackers are, after all, a combination of ninja and fly."

lol... but seriously, the advice isn't that bad. "Hackers" can be coworkers that can have widely varying levels of gruntledness. The person you fully expect to be walking by and even stopping in the doorway to chat with you needs no ninja skills...

This week I got an email from Blizzard (legitimate) saying the password on my old account had been changed. This account has been non-paid for at least 3 months (without me even trying to log into it). I go to the account and yes - password is changed.

The account has an authenticator on it, my computer has no malware or viruses. Even my wife doesn't know the password. I did the automated recovery which worked fine. When I got back into the account only the password had been changed. The authenticator was still on the account.

My question is this - how was this account compromised?

Rimar -

A lot of accounts are 'brute forced' these days. Even if your system is clean (check with more than one spybot/virus program to be sure!) hackers with a lot of time on their hands can pick random emails and run programs that brute force the password, IE, they took a lot of wild guesses. AFAIK, WoW does not have a 'you cannot log in for X amount of time due to failed passwords' feature that a lot of banks and the like have, so they just keep guessing. Programs can do this super fast, without any human input. This is commonly how free web emails get hacked into for spammers, too.

Kudos to Blizzard for coming up with this system. Hopefully, it will lead to quicker and less painful recoveries for thos affected, and it should help lessen the phone queues for Billing & Accounts Services. The only possible problem I can see is if the user still has some compromise on their machine and they proceed in filling out the details requested from this form - you may be potentially passing along secure information to the keyloggers. I would recommend that people complete these forms from another machine, one that is not compromised, just to help eliminate that possibility.