Microsoft's malware blog is warning of two new worms that attempt to steal account information for online games from Windows XP or Vista users. These worms are breaking previous keylogging success rate records and are worth educating yourself about.

The first one is called Taterf which has infected over 1.2 milion machines worldwide during its first week. The other worm is called Frethog and has so far a 650,000+ machine first-week infection rate. These rates are stunning to malware specialists who are used to seeing these kinds of numbers only after a month of the worm's existance. These worms take advantage of Windows' autoplay and autorun functions that run for CDs, DVDs, and some USB sticks. They can be sneaky about it too. They try to disquise autorun with other pop-up dialog boxes, like "Show me these awesome pictures." You do need to confirm this action manually, but this obstacle hasn't much limited the spread of the worms to date.

Make sure you read the instructions on Microsoft's support site for how to protect yourself from these worms. The short answer is to disable autorun from CDs under XP (a registry change) or to change the same option from the Vista control panel. You should also disable autoplay as an even greater precaution. Also, of course, make sure you check the box on the WoW login screen to save your account name. That way if you do get infected with a keylogger, they won't be able to see your keystrokes for both your account name and your password.

Every other week, computer security expert Jon Eldridge is your Azeroth Security Advisor. He will delve into the darkest reaches of computer security rumor and bring the facts back home even if they're wriggling at the end of a pike. His goal is to provide useful information to gamers who don't think about security much and flame fodder for those self appointed experts who need to rationalize the cost of their expensive certifications. Like any good security force he's a mercenary at heart and is happy to take subject requests from the user community that he serves. So feel free to leave a comment below or just sit back and enjoy the show.

It's Friday night at 6:45 pm server time. Your raid begins in 15 min and you think you're ready to go. Narrowly escaped another speeding ticket trying to get home from work in time? Check. Belly full of pizza? Check. Mind totally polluted on bad tasting energy drink? Ch3cK! Dog fed and walked? Check. TiVo recording the latest over hyped drivel? Check. Kids unconscious. Check. Parents or domestic partner unconscious or otherwise leaving you alone for one damn second? Check. When will they understand that you ARE being social by locking yourself in the computer room all night... jeez!

Time to rock and roll! Or not. What's this? A patch? On Friday night? Agony, shame and defeat. Azeroth will not know the terror of your blade this night. Gornak the mighty has been caged by some dweeb code monkey and their total POS patch system. Your raid leader is going to KILL you. Wait, what about downloading the patch from the Internet? Just Google up the patch number and let your cable modem download it at lightning speed right?

Don't do it.

In an era where clicking on the wrong link while browsing the web could mean your account will get hacked, and one of your guild members clicking on the wrong link means your guild bank could get emptied as well, it's always good to protect yourself and keep abreast of web security issues.

In that vein, it's worth checking out a new report released by McAfee called Mapping the Mal Web Report Revisited. It tested 9.9 Million websites in 265 domains to find out which ones had a higher risk of exposing visitors to malware, spam, and malicious attacks via a red, yellow, and green system.

While the Incgamers malware problem is fixed, it looks like there's another malware flare up in the world of addons. The WoW Ace Updater, according to many users, may be passing off a trojan from an ad in the guise of an antivirus program. The program, called Winfixer, pops up in a window and (in some cases automatically) installs malware while claiming your computer is compromised and that you need to buy the full retail version to fix it. It can be detected and removed by Spybot Search and Destroy and Vundofix, and Symantec includes instructions on how to manually remove it here.

Wowace.com site owner Kaelten has disabled the ads on WoW Ace Updater completely for now, and is talking to his Ad provider to find out what went wrong and which ads might be causing problems.

This isn't the first time a popular WoW site has had trouble with trojans in ads, and unfortunately, it is unlikely to be the last. Kaelten seems to be on top of it, though, so hopefully he'll get to the bottom of these claims. Since the ads are currently disabled, the program itself should already be safe to use. If you're feeling a bit skittish, though, you can check out some of Sean's recommendations for other upgrade programs here.

I should note that, being a religious user of WoW Ace Updater myself (I run it at least a good 5 times a week), I just made sure to scan my computer with the aforementioned Spybot Search and Destroy as well as AVG Free Edition. According to those programs, It has a clean bill of health.

Maintenance day is underway until 2pET/11aPT and many WoW fans are searching for something to do, while players with day jobs log on to point out that they can never play during these hours. Fortunately, we have lots going on today, as well as some highlights from the past week that you won't want to miss.

Wrath of the Lich King:

• Compilation of everything we know of to date about Death Knights, the new hero class we'll be seeing with the expansion.
• The new expansion is now in alpha testing! Read on to find out what this means, as well as what it doesn't mean.

Arena Season 4:

• A great analysis of when arena season 4 might begin.

The fine folks at World of Raids, as pointed out by tipster Akyl, have linked to this article, which informs us that 20% of all trojan viruses are aimed directly at you, the World of Warcraft player. (Don't feel too bad, as Lineage 2 gets a whopping 40% of all trojans.) That's really rather astonishing, if you think about it... just a quick search of our own site reveals several trojans made mention of on our site alone. Of course, it's not news that crooks will steal things from you, but what's news is that this is a percentage of all trojans, period. In other words, between Lineage 2 and World of Warcraft, we're seeing more than half of all cyber crime committed via trojan viruses.

Forget banks, people. The future of online theft is your character's gear. Gaming accounts are targeted by the second most common malware on the web right now according to a previous article on the PCRetail site. That seems to suggest that this kind of activity, with its uncertain legality (who do you call when someone steals you WoW password and sells all your gear, after all, the cops or Blizzard? After all, technically all your character's stuff still belongs to Blizz, and not you) and as yet uncharted waters of enforcement, is only going to get more and more common. Gaming is described several times as a 'soft target' for this kind of theft.

There's more money to be made stealing people's accounts and selling all their gold to gold buyers than in trying to steal bank account information.

Have you ever downloaded a trojan, or otherwise had your account hacked? How long did it take to get your stuff back? Did you actually get it all back?

This isn't the first time we've heard this, but recently PC World has reported that your virtual assets may worth more than your real assets. From the article:

According to Craig Schmugar, a researcher with the McAfee research labs, McAfee now sees more password-stealing malware designed to nab accounts of games like Lineage and World of Warcraft than Trojans that go after financial accounts.

Why? Your in-game assets can easily be converted to cash and there's much less legal risk involved in trafficking virtual goods than trafficking, say, stolen credit card numbers. So treat this as a reminder: be careful of keyloggers! (And if you're not sure how, read up on our advice on how to keep your system keylogger-free.)