This is hardly new though
Keyloggers and password-stealers in World of Warcraft is definitely not
new. The technique changes, but the effect is still the same. We've
talked about it here in Feb 2008:
http://www.sophos.com/blogs/sophoslabs/v/post/1052
here in May 2009:
http://www.sophos.com/blogs/sophoslabs/v/post/4412
and way back when in May of 2007:
http://www.sophos.com/blogs/sophoslabs/v/post/150
It's not just World of Warcraft that's targeted. I wrote this back in
December 2007 and we still see all these games targeted:
http://www.sophos.com/blogs/sophoslabs/v/post/899
At the end of the day, all the security advice and warnings still hold.
Companies like Blizzard will never ask for your credentials. If something sounds too
good to be true (free gold, free weapons, free expansions), it is. Blizzard doesn't just give away this stuff. And seriously, always check out shortened URLs with either a URL expander plugin in
Firefox, or use a service like longurl.org to expand it before you click.