Trojans besiege online gamers
It's warcraft out there
Online games have become a major target for fraud in recent years. A study from Kaspersky Labs, published today, dissects the techniques and targets used by hackers to make "easy money" by selling stolen login credentials of users or in-game items on the black market.
Online games and fraud: using games as bait by Sergey Golovanov, a virus analyst at Kaspersky, outlines the vulnerabilities within online games; methods used to steal confidential player data; ways of protecting this data.
According to Golovanov, three main methods are used by cybercrooks to swipe online game passwords: social engineering (phishing or bogus offers of bonus or tips in exchange for registering onto rogue systems), exploiting game server vulnerabilities, and using malicious programs to obtain passwords. The study includes statistics on the volume and provenance of Trojan programs for online games, and figures which show which online games are the most popular targets.
Virus writers at first used classic key loggers to steal passwords for online games, a tactic that can be traced back to 1997. Over time, malware attacks became more sophisticated. The first Trojan specifically designed to target online games, Lmir-a, harvested passwords to "Legend of Mir". This was the forerunner of a generation of Trojans targeting a wide range of online games.
The most recent Trojans typically incorporate a dynamic library written in Delphi. When they detect the launch of an online game, they intercept the password entered via the keyboard, send this data to the malicious user's email address, and then self-delete.
More than 90 per cent of all Trojans targeting online games are written in China, and 90 per cent of the passwords stolen by these malware agents belong to players on South Korean sites.
More than 40 per cent of all Trojans for online games target Lineage 2, with World of Warcraft (20 per cent) the second most popular target. Other online games coveted by hackers include Gamania, Tibia and Legend of Mir. Each accounts for about six per cent of password-stealing Trojans.
According to Golovanov, those making a living from other people's virtual property are "almost immune" from legal sanction. Game developers should work together with antivirus companies in tacking the problem. Users also need to apply common sense in protecting their online credentials, Golovanov adds. ®
"And besides all that, what's the difference between someone playing with a slot machine and waiting for a big win and someone playing with wow and waiting for a rare drop? The level of 'fun' is sure the same..."
First off I think you just may have hit upon the exact reason WoW is so addictive. Gambling. Yes, the instances (dungeons to the uneducated) and raids (after they've been completed a few times) certainly do resemble a complex form of gambling. Sort of like slot machines with intricate game elements to win the top money prizes. I have no argument with that point of view, it's probably very true.
Secondly I said the best part, not the only good part. The questing and leveling in WoW certainly is fun the first time around - but if you are trying to rebuild a character stolen from you, the fun is gone because you've already done it, probably several times.
Look we started playing WoW because it enabled us to enjoy online gaming together as a group of friends. We don't spend more than a few ours a week playing this game, and we have maintained a slow, deliberate pace so that we get to enjoy each element as a team.
There are many other ways of playing this game and I'm sure other players enjoy the other aspects as much as we enjoy raiding. I'm also sure there are other games just as good, if not better, than WoW, and eventually we will probably find those and play them too.
But what Blizzard have done (and through sloppy programing, Microsoft, because it was their vulnerability that allowed this keylogger onto his system) is to ruin the experience somewhat for one of my friends. They've done by having no way of validating a user's ownership of a particular character. I find that an astonishing oversight in an age of trojans, keyloggers and internet insecurity. Yes, we gave serious thought to abandoning the game altogether and starting something new.
However we are only about 1/4 of the way through the end game, and we're enjoying it enough to give it a few more months. We (rather sadly I admit) enjoy micro managing our toons, and in order to stay at the same point we have to stop raiding and wait for someone who has already completed the questing many times, to go through the whole process again. He chose this character after trying various types with each faction. He has every right to want to play the game with the type of character he enjoys most, and as his friends, he has every right to expect us to wait until he completes (what we now consider) the tedious bits again. So we will, and in the mean time grind our teeth in frustration that corporate developers can't seem to produce secure systems (we're not rich enough to own Macs, or clever enough to run Linux).
I just don't agree with the stupidity anlge
There are idiots, no mistake, and plenty of them - but for some reason they are either insanely lucky and are never affected - or it just doesn't matter, because they have attained the legendary item [Real Life]. Sometimes even [Friends] drop if you clever enough, or the rarest of all (and I believe only obtainable after completing the Black Temple raid) - a [Wife].
But the reason why 3/4 of users that lose their accounts do so has nothing to do with sensible surfing or recognising obvious email scams. It comes down to OS vulnerabilities and vulnerabilities in the gaming software itself.
Look, we get paid good money as IT professionals because we have knowledge the average pleb doesn't.
We understand that flashy graphics stolen from OSX doesn't really equal security, no matter how often Microsoft claim it does.
We are fully aware of the consequences of running cheap systems (Wintel) as opposed to Macs. We are aware that choosing to have software over having a decent OS (Linux) brings a number of risks.
But then we also understand how to setup hardware firewalls, backed up by the software needed for safe surfing and trouble-free online gaming.
Unfortunately even the best of us can still be undone by Microsoft and Blizzard's sloppiness.
Yes I'm afraid I do admit to knowing far too much about WoW. However I balance that but installing hax that have enabled me to obtain those rare drops [Real Life], [Friends] and a [Wife] - without completing any of the normally required attunement.
The other reason behind much of this really falls down to people like us - only the lazy version. They are the ones responsible for selling computers and operating systems to the people that pay our salaries (and thus our online gaming fees). They are the ones that make asinine claims their hardware and software is foolproof, and can be installed with no more complexity than your average VCR or microwave.
Unfortunately no one will sue Microsoft because Congress have made it impossible to do so. They belong to the only industry that has been officially sanctioned by the necessary laws to produce shite. There is an actual law that says we can't sue software and hardware manufacturers if their products are crap, no matter what damage they cause in real terms - financial or otherwise.
Ours is the only industry allowed to shovel shite into people's homes, often knowingly without protections in place that people need to keep themselves safe.
Sort of like the software equivalent of boilers with open flames and discharge pipes deliberately built at face height.
Our industry is filled with greedy pricks who should know better, and they have absolutely no incentive to act otherwise.
"for the rest, if you don't know how to write, you're mail is immediately deleted."
That'd be 'your mail' then?