The Register® — Biting the hand that feeds IT

Feeds

Symantec finds fat cache of swiped gaming logins

Crooks deploy cloud-based password verification factory

What you need to know about cloud backup

Security researchers Symantec have unearthed a monster cache of 44 million stolen gaming account and website login credentials.

The haul, thought to have been harvested using Trojans with information stealing capabilities, took in data associated with a variety of online games and websites.

Hackers had set up a system so that the relevant login details were checked using a botnet of PCs compromised with the Loginck Trojan, a strain of malware distinct from those that steal passwords and login details in the first place.

The approach allowed cybercrooks to check whether accounts were valid or not before selling them via gaming websites. The approach allowed hackers to build up a 17GB stash of compromised accounts alongside extremely useful sales data such as gaming levels, all without breaking a sweat. Accounts that have reached higher levels of a game are worth far more than those of newbies.

By using a distributed system of thousands of PCs rather than a handful of machines, crooks effectively avoid hitting blacklisting problems that would result from multiple-login failures from the same machine.

Trojans that steal banking login credentials get the most press, but those targeted at online gamers are also a big problem, particularly in the far east, as Symantec's research illustrates. A detailed write-up of the find can be found in a blog post here. ®

Cloud based data management

44 million swiped online game logins?

I think that's virtually significant........

1
0

Yep.

It's also a good way to get your account banned by Blizzard- the pay to level services are also against the T&Cs that no one bothers to read after every patch update. :D

0
0

As a matter of interest.

By far and large, at least as far as WoW is concerned, I believe Social Engineering to be the main source of compromised accounts.

Unfortunately if these guys get your email address, they will spam you with emails that look almost convincing to some that look clearly fake. These direct you to a fake website (ie, something like bl!zzard.com which your eye may not catch the first time round if you are not careful) and there you go.

Apart from that you will often get in-game messages from other characters about special offers, some even purporting to be GM's. (Hint: if you were ever messaged by a GM, you'd KNOW they were a GM and not some plain vanilla toon).

Apart from that hiring someone to 'level' your toon or get you rare bind-on-pickup items is also a sure fire way of getting yourself pwned, as obviously, you need to surrender access of your account to these folks for the said transaction to happen.

I have certainly come across players that have had this happen to them. They usually target, as one might imagine, the more naive, trusting and.. I am assuming mainly younger player population that may not necessary know any better.

So... as always, a bit of paranoia is good for you!

0
0

More from The Register

 breaking news
Curtain drops on Apple Store ahead of WWDC: What lies behind?
Steve Jobs watching from on high. No pressure, lads
 breaking news
Cold, dead hands of Steve Jobs slip from iPhones: The Cult of Ive is upon us
Billionaire biz baron's death clears way for uber-shiny iOS 7
Airbus imagines suitcases that find themselves
Point your mobe at your smalls to track their every move
Surprise! Intel smartphone trounces ARM in power trials
Tests show equal performance while sipping significantly less juice
Apple said to be 'exploring' 5.7-inch iPhone
Who's the copycat this time, Mr. Cook?
Review: Belkin Thunderbolt Express Dock
Missing Mac ports reunited, for a price
 breaking news
Australian 'Apple tax' repealed for MacBook Air
But the new MacPro is priced at a premium