Mac Security

I consider myself a savvy computer user: have been online since well into the 90ies and have programmed loads of apps on desktops, servers and mobile devices. With my approach to using passwords and navigating around the web I felt fairly save - till just recently.

To drive some iPhone development, I have recently switched to a nice 24" iMac (this doesn't add any value to the story - am just bragging here). Like probably a lot of other users I felt fairly save with my OS X setup and I didn't worry too much about the security setup: I did not install anti virus software nor did I install a personal firewall of any sort. The system is sitting behind a router, though, so direct connections to the system are not getting through.

Now here's the fun part: since a couple of months I have been playing - and now I admit to it publicly - some World of Warcraft. There were never any issues with my account as long as I was on my Win XP machine. Once I got the iMac I installed WoW on that system since it's way more powerful than the laptop I had been using before. Things worked smoothly (except for a really bumpy install process) for the first couple of days or so but this week I received notice from Blizzard that my account had been cancelled permanently due to involvement in online trading activities.

I surely was surprised by this since I have never done anything illegally within the game. I sent Blizzard a notice on re-activating my account since I hadn't done anything violating their ToS and, after a couple of days, received notice that they had reset my password and I could start using the account again. Immediately I went to their site and picked a new password *that I had never used before*. The password was of ok strength, I think, looking similar to "bla5623bRealm". I logged in to my account and noticed that, indeed, two characters had been created within my account that I didn't know of. I deleted those characters, verified that nothing majorly had happened to the other chars and logged off to get on with work.

About four hours later I receive another mail from Blizzard, cancelling my account again due to the very same reason! Through the WoW iPhone app I could see that another six or eight chars had been created within my account. I have, obviously, not shared my password with anybody, not posted it on any websites and - most importantly - I have never, ever used it before. Now I'm obviously quite concerned about the security of my system since the explanations which do not imply that my system has been pwned (brute-force attack, Blizzard people using my account, hackers breaking into Blizzard servers) are fairly unlikely.

Scanning my system using popular virus scanners and rootkit detection software did not detect any oddities and, eventually, I chose to re-install the Mac. Obviously, if something like the keyboard hack made it into the wild, a reinstall won't fix anything. Is there anything else I should've considered as a possible means of intrusion?

Which also leaves the question through which means I might have received the evil intruder. Have only used a couple of very popular WoW add-ons and software that was recommended on websites. No pr0n apps, no illegal software. Any comments are very much appreciated - I'll post follow-ups as the story develops.

BTW, is there any easy way to download the firmware from my keyboard for checksum comparisons? I must look pretty paranoid :-D