Feeds

Trojans besiege online gamers

It's warcraft out there

The Power of One eBook: Top reasons to choose HP BladeSystem

Online games have become a major target for fraud in recent years. A study from Kaspersky Labs, published today, dissects the techniques and targets used by hackers to make "easy money" by selling stolen login credentials of users or in-game items on the black market.

Online games and fraud: using games as bait by Sergey Golovanov, a virus analyst at Kaspersky, outlines the vulnerabilities within online games; methods used to steal confidential player data; ways of protecting this data.

According to Golovanov, three main methods are used by cybercrooks to swipe online game passwords: social engineering (phishing or bogus offers of bonus or tips in exchange for registering onto rogue systems), exploiting game server vulnerabilities, and using malicious programs to obtain passwords. The study includes statistics on the volume and provenance of Trojan programs for online games, and figures which show which online games are the most popular targets.

Virus writers at first used classic key loggers to steal passwords for online games, a tactic that can be traced back to 1997. Over time, malware attacks became more sophisticated. The first Trojan specifically designed to target online games, Lmir-a, harvested passwords to "Legend of Mir". This was the forerunner of a generation of Trojans targeting a wide range of online games.

The most recent Trojans typically incorporate a dynamic library written in Delphi. When they detect the launch of an online game, they intercept the password entered via the keyboard, send this data to the malicious user's email address, and then self-delete.

More than 90 per cent of all Trojans targeting online games are written in China, and 90 per cent of the passwords stolen by these malware agents belong to players on South Korean sites.

More than 40 per cent of all Trojans for online games target Lineage 2, with World of Warcraft (20 per cent) the second most popular target. Other online games coveted by hackers include Gamania, Tibia and Legend of Mir. Each accounts for about six per cent of password-stealing Trojans.

According to Golovanov, those making a living from other people's virtual property are "almost immune" from legal sanction. Game developers should work together with antivirus companies in tacking the problem. Users also need to apply common sense in protecting their online credentials, Golovanov adds. ®

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.