14 DAY TRIAL // A recent post on the Blizzard support forums warns World of Warcraft users that a dangerous trojan could potentially compromise their accounts, even if they're using a Battle.net authenticator for protection.
The trojan steals both the account information and the authenticator password in real time, and players that have recently experienced compromised accounts should try looking for the trojan themselves. At the time, there are no known anti-virus programs that can locate and remove it, but the procedure is listed in the blue post.
Players can check for the virus by creating a MSInfo file (an explanation can be found on the Obtaining System Files Battle.net support page) and then looking in the Startup Program section of that file for either Disker or Disker 64:
Disker rundll32.exe c:\users\name\appdata\local\temp\w_win.dll,dw Name-PC\Name Startup
Disker64 rundll32.exe c:\users\name\appdata\local\temp\w_64.dll,dw Name-PC\Name Startup
These are the lines players should be on the lookout for, as posted in Blizzard's potential trojan warning post on the support forums.
The trojan seems to be Windows specific for now, as no reports of the malware affecting the Mac version of World of Warcraft have been made yet.