Those vicious and despicable malware authors are targeting gamers, according to BBC.

I know, big whoop, right?

The news article reports on something many World of Warcraft players have known for years -- that viruses, phishing sites, trojans, and all those dirty tech terms have us gamers smack in the middle of their digital crosshairs. The findings are a result from a study by Microsoft, which tracked the exceptional growth of a family of worms called Taterf.

The programs have been around for some time now, snooping around players' computers for login details to various games with in-game currency. World of Warcraft players are juicy targets because of the remarkably large player base and existence of the gold-buying industry which Blizzard has actively warned and fought against. While the findings are nothing new, they only serve to confirm our fears about the growing threats to our accounts.

WoW.com has been big about account security for awhile, and it's nice to see the mainstream media begin to show some attention to the matter.

Bonc asked...

"When we get cross server LFG, what will happen to VoA, for example if I dont have it on my server, can I go to another and get in there, does it go by raid leaders server?"

If it wasn't already obvious, Blizzard put together a page on their official website making clear their stance towards buying in-game gold, and have just recently given it another big push. To put it simply: don't. The page outlines what we at WoW.com have known for quite some time (hence our collective stance against buying gold) -- that gold buying harms other players. The site doesn't go into specifics other than to say that gold selling companies often acquire their gold through unscrupulous means.

They sum up their statement by saying that "players who buy gold are supporting spamming, botting, and keylogging." Basically, if you're a gold buyer, you're part of the problem. No, seriously. Gold sellers acquire gold by hacking into other players' accounts, taking their gold, selling all their items, and sometimes maliciously deleting their characters. That gold you think some Asian spent hours farming in Nagrand or something is more likely to be some other player's hard-earned gold and the seller is just as likely to be some dude from Jersey.

As tempting as buying gold may seem -- and I've read many arguments towards why people buy them -- the bottom line is that it is harmful to the game and you're not doing yourself any favors in the long run. Blizzard says that it "diminish(es) the gameplay experience," but that's putting it nicely. Gold selling and power leveling are against the EULA, anyway, so anybody who patronizes these services are in danger of getting banned. And if you don't believe in buying gold (go you!), protect yourself by getting an authenticator or reading up on account security.

As of November 11, players will no longer be able to log in with non-Battle.net accounts.

If you haven't merged your World of Warcraft account with a Battle.net account yet, you better do it soon! As a bonus incentive, players who do merge their accounts will receive Oswald the penguin! Those who already have merged their accounts need not worry as they will also get Oswald. Players that were involved with the Wrath beta may remember receiving one of these in the mail except he was known as Mr. Chilly then. I'm sure Oswald will make an excellent companion to Pengu (another penguin pet). Receiving Oswald is going to be a limited time offer. Blizzard hasn't officially announced a date yet, but they do plan on removing the ability to get him at some point.

Of course, not being allowed access into the game might be incentive enough to begin the account merging process!

For additional information, check out the Battle.net account FAQ, Instructions on creating a Battle.net account, a video tutorial on how to convert your account, or just make your account a Battle.net account now (US) (EU).

Note: There is a blue post saying November 12th, and the in-game announcement saying November 11th. If appears that EU players need to convert by the 12th, and NA/US players need to convert by the 11th. But be on the safe side and just convert your account now.

After getting yanked off of Apple's App Store a little while back, Blizzard's Mobile Authenticator app is now back in business, and ready for a free download. Version 1.0.2 is out now [iTunes link] and the description says it contains UI improvements with a streamlined and enhanced interface.

Unfortunately, the issue that originally got the app pulled off the store hasn't actually been fixed: the official blurb is now saying that you should definitely remove the authenticator from your account before you upgrade, and then re-apply it again to your account after you've upgraded (and presumably gotten a new key installed). If you install this new version of the app and then try to access your account, it won't work (and you'll have to call Blizzard support at 1-949-955-1382 to help them remove the old authenticator).

Small hassle to go through, however, to have an account protected against hacking. If you have an iPhone or an iPod touch and haven't picked up this application yet, now's the time to do so for sure.

[Thanks to everyone who sent this in, especially Eric!]

Blizzard's mobile authenticator updated recently, and as soon as it did, we started getting tips on the tipline saying there was a major issue. Apparently the update reset the code associated with your authenticator, which meant that if you applied the authenticator update (and had the authenticator connected to your account), there was no way to actually get a code to login to your account. In short, if you apply the mobile authenticator update, you won't be able to log in to your account until you take the authenticator off completely (I'd assume you can then reinstall and reuse the authenticator, though people will probably be a little more trigger-shy about that one). There are instructions for how to do all of this over on the forums.

Of course it's a major issue, and in response, Blizzard has acknowledged the problem and apparently pulled the Authenticator from the App Store. So if (like me) you haven't updated yet, you won't need to worry about it, and hopefully the next version will fix the issue. But yes, if you have updated, you'll need to go through the steps above to remove the app from your iPhone and account, or just call Blizzard customer service at 1-949-955-1382 and they should be able to help you with the issue.

Update: So far we've only heard about problems with the iPhone version, and of course the issue is when you go from the old to the new version. If you use another phone, or have only used the new version, you shouldn't have any issues.

With the impending switch to necessary Battle.net accounts, Blizzard has an opportunity to create and extremely secure and hardened gaming community. They can do this by waving a magic wand, angering a certain amount of their customer base, and eliminating in one swoop nearly all, if not all, account hacks.

Blizzard can make authenticators a mandatory feature on all Battle.net accounts.

There are many pros and cons such a move would bring about. Let's examine the cons first since everyone likes to complain about stuff. The largest con would be that people would be required to have a physical piece of equipment specific to WoW and other Blizzard games. Some people would obviously not be okay with this and cancel their subscription, and others would not understand how to push a button and punch in numbers (I'm not kidding). There would be a large cry from people around the net, particularly people who enjoy scamming others out of gold and their accounts, but those are easily enough ignored.

Remember that "non-personal system information" that Blizzard said they are searching for? Part of it is a search for keyloggers, trojans and viruses that affect WoW. If the system check finds one of those on any of the computers you are using, Blizzard will ban your account for 24 hours so that you can get it fixed.

When this happened to a guildie, I must admit I was skeptical. Blizzard scans for viruses? And then sends an email that sounds suspiciously similar to the various phishing emails out there? But my friend sent me a copy of the email and described the whole process to me and I am a believer. Blizzard has some issues it needs to resolve with how it is handling this, however.

m0rtis has an interesting question over on WoW LJ: should guilds require authenticators on the accounts of everyone in the guild with bank access? Authenticators are relatively cheap, if not free (and still in stock most of the time nowadays), so if you're running a guild and in a position where your bank is important enough to protect, should you be able to require authenticators to keep guildies from getting hacked?

There are a few caveats here that m0rtis doesn't mention, but we will: first of all, there's no way to guarantee whether someone is using an authenticator or not, so while you can make guildies promise, there's no real way to check up on them. Second, not all guild banks get emptied out due to hackers -- many guild banks get ninja'd by someone within the guild, and there's no authenticator that can protect against that. So having authenticators on bank members (or at least having them promise they've got them) isn't 100% protection. But it is something.

Oh boy. Most of us are the walking dead after BlizzCon, but let's get back to something resembling normalcy with a Queue. We're going to start off today with an important matter concerning authenticators and account security, then move on to a bit of WoW.com business and Onyxia. I'd also like to direct attention to two really good comments from the last column re: technical issues, Shadow's and Logarth's.

Zerounit asks...

I recently got an Authenticator in the mail and I noticed something while I was inspecting it: there appears to be no way to open it short of cracking it open with large objects. Is there a battery life on these? If it stops giving me my magic codes, will I have to get a new one?

I got an authenticator for my own use recently and have to admit I hadn't thought to look into the battery life, which is a very good question indeed. A dead authenticator means you have no way of getting into the game (or even into your online account) without official help from Blizzard.

Turns out the little security doodads are manufactured by a company named Vasco, and after poking around their website, I'm reasonably certain that Blizzard authenticators are a variant of Vasco's DIGIPASS GO 6 model. What makes me so sure? The GO 6 model page is the only one accompanied by an article on fraud and hacking in online gaming. They don't come right out and say that Blizzard is a customer, but unless Hello Kitty Online is a bigger hive of scum and villainy than even we gave it credit for, you don't have to be a genius to figure out that World of Warcraft figures prominently in MMORPG account theft.

---

BlizzCon 2009 is here! WoW.com has continuing coverage, bringing you the latest in Cataclysm news, live blogs, galleries, and reports right from the convention floor. Check out WoW.com's Guide to BlizzCon for the latest!

---

Activision-Blizzard held their second quarter conference call yesterday, and in addition to addressing the Starcraft II delay, both Mike Morhaime and Activision CEO Bobby Kotick shared some insight into what the revamped Battle.net will be like. The brand new system (which is currently up and working, albeit in a very skeleton form so far) will have "social networking features, cross-game communication, [and] unified account management," in addition to features that will let players "share experiences" with each other online (we'd presume that means things like screenshot galleries and leaderboards, but who knows?). Kotick also spoke up, and compared the service to that other popular online community, Xbox Live.

Blizzard is still saying the new Battle.net will come in conjunction with the new Starcraft, so we'll have to keep an eye out for them both in the first half of 2010. It'll be interesting to see what other features Blizzard adds in, and exactly what form features like "cross-game communication" take -- do they mean actual in-game messaging across games, or just status updates and messages on a social network? Kotick's comparison to Xbox Live raises some questions, too, as that's a much wider service than you'd think Battle.net would be. But then again, the guy's a CEO, and all CEOs have a tendency to overestimate exactly what their company is doing. Like most of Blizzard's upcoming releases, we'll have to wait and see on Battle.net.