In a post on its support forum, Blizzard Entertainment warned players that a trojan is being used to compromise player account information. The Disker trojan apparently takes your account name, password, and authenticator password as you log-in.
"We've been receiving reports regarding a dangerous Trojan that is being used to compromise player's accounts even if they are using an authenticator for protection," said Blizzard support forum agent Jurannok. "The Trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them."
The trojan can collect information from mobile and key fob authenticators, as both require you to type in your authenticator password. Blizzard says there is currently no anti-virus software that can see or remove the trojan, outside of reformatting your system. Mac users can breathe a sigh of relief as the trojan doesn't affect those systems.
You can find out if your system is compromised by creating and MSInfo file and looking for "Disker" or "Disker64" entries. Here's how you create an MSInfo file:
- Press Windows Key + R.
- Type "MSInfo32" and press Enter.
- In the MSInfo diagnostic window, click File, then Export.
- Save the file to your chosen place.
You can then open the MSInfo file in the text editor of your choice and search for "disker". Blizzard is asking that compromised players sent the company their MSInfo, a list of recently installed addons and programs, and the results of any security programs those players have run.
It's the not the best start to 2014 for online-based game companies. Blizzard is affected by this trojan, but Steam, Origin, Battle.net, and League of Legends are also suffering service outages due to possible DDoS attacks. Hackers have claimed responsibility for those attacks.