"Man in the middle" attacks

Shamelessly copied from Something Awful regarding Blizzard authenticators:

In order to steal the credentials of someone using an authenticator, you have to log in on his/her behalf in real time. Basically, the attack works like this: victim acquires malware somehow, victim logs into WoW, malware steals username/password/authenticator key (possibly based on some signal from an attacker-controlled server), malware disconnects victim and probably locks him/her out for 30 minutes or so, malware immediately sends information to attacker-controlled server, attacker logs in immediately as victim before the authenticator key expires, attacker strips gold from account before victim gets too suspicious. Alternate version: after malware disconnects victim, you hope the victim tries to log in again with the next key, you use those two keys to remove the authenticator, and you hope the victim doesn’t notice for awhile. Both of these are way harder to pull off than the garden-variety malware, because they imply that the attacker can log in as the victim immediately, that the malware can screw with traffic between the machine and Blizzard, and that the attacker can mule the gold somewhere quickly.

If you are connecting to the Internet through a firewalled router, are you more protected from this? Or am I reading this wrong?

I’m mostly curious and I want to test my knowledge, so thanks in advance.

No, the router won’t protect you at all, because your machine is sending the data out, which it permits.

So how does the attacker get into my system?

As stusser said, once malware is running on your local system the game is over and you have lost.

However, a firewalled router will offer you some protection against getting malware in the first place and is always a better idea than running a machine “naked” on the internet.

Who knows?

Flash exploit, Adobe Reader exploit, browser exploit, Windows networking exploit, you downloaded and ran a trojan-infected exe from some download site, trojan installed by a “friend” with physical access to your machine, etc.

OK, I misread it. I thought it was saying that the attacker logged into my system. Now I understand. Thanks guys.