Exploitation (Warp, Botting, etc.)

[KisaiTenshi]

The process to exploit the game, the memory and data being sent back to the server is not that difficult as it requires a creative method. Malwares and zero-day exploits are notorious for hijacking clients and the OS. The cheaters do the same. They use Windows zero-day exploits (think of Stuxnet) by injecting their own computer with these malwares that they engineered (or others have) and then "remote in" with another process on the same machine and manipulate the code/data. It's a lot easier than reverse-engineering the actual client as this gets around most client-side security and attacks the OS architecture itself. Part of the problem (or most) of game hacks, especially on the PC side, has to do with Windows shipping full of holes and legacy exploits from god knows when. This makes it so challenging for software developers to secure their products when the OS that it is being installed to is as insecure as leaving a door open in the middle of a crime infested neighborhood.

Quick fix: Only make a x64bit build that runs on Windows Vista or 7. Though in all seriousness, I think you're off the mark, nothing fancy is going on. The hackers are using off-the-shelf hooking software that I won't name, that creates it's own exe's and most of these EXE's are detected as malware by antivirus software:
Bkav HW32.Stranact.rqso
Comodo Worm.Win32.P2P-Worm.Palevo.fghk
TrendMicro-HouseCall TROJ_GEN.F47V0919
etc

I also wouldn't doubt the people running the bots get their accounts hacked as well.

[Discordia]

I also wouldn't doubt the people running the bots get their accounts hacked as well.

Zero-day exploits are a dime a dozen, I just used Stuxnet as a very famous example, but you can get easy to do on your own (Adobe Flash zero day exploits are probably a better example and everyone and their grandmothers have been able to lift credentials from "drive by" visitors to their sites and inject tons of stuff through Flash Ads, etc)

I agree with your point about bots and hacked accounts, but I'm also convinced that many are victims of malware being planted through hacked websites. There has been several notable gaming sites which had compromised data and had their ad-model hijacked so that they'd deliver trojans unto unsuspecting users. It's becoming increasingly difficult to mitigate these threats and it just boils down to browsing habits and being aware of phishing attempts. What surprised me the most is that SE has yet to say, "Our support team will NEVER ask for your account information as we already have that." I don't know how many people were duped into clicking "support" emails in desperate attempts to fix whatever issues they may be having.