I got hit with an MTM attack earlier this year.
Basically, it works like this; a rootkit or trojan hijacks a DLL in your WoW install folder. A goldseller monitors the trojan (and probably dozens of others) and waits for you to log on; if he catches you log on, he presses a button that does something to the DLL - removes it, corrupts it, etc. It causes WoW to suddenly crash. The goldseller expects that you will try to log back in, so he waits for you to get to the login screen, and when you put in your username/password and auth code, the game seizes at trying to log in, and the hacker uses your information that he snagged with a keylogger to log in before your auth code expires. If he misses the opportunity, he lets you log in again, crashes you again, and then logs in again.
This method has extreme problems, of course. He can only use the code once, so it's impossible for hackers to change your pw or remove an authenticator from your account without having to resort to social engineering. They rely on the fact that most households only have a single computer (with wow installed on it, anyway) or that people aren't bright enough to figure out they're being hacked until it's too late to do anything about it. I was able to stop the hacker within 20 minutes of being hacked by logging in from another computer - he'd pulled 60,000 gold from my father in law's guildbank, 20 stacks of epic gems and about 200 fel lotus and was on his way to a go-between in stormwind whom I presume was going to take the money and items. Thankfully, I caught it in time.