Feeds

11-YEAR-OLD code wizard hacks Greedy RuneScape geeks

Kid's .NET Trojan offers hard coin but teleports passwords

Secure remote control for conventional and virtual desktops

A Trojan that promises RuneScape players gold but instead steals their passwords was developed by an 11-year-old, researchers claim.

Antivirus biz AVG said it made the discovery after studying a piece of code masquerading as a cheat tool for the wizards'n'warriors online role-playing game. The malware asks victims for their login details and, rather than send them in-game currency as promised, it passes the sensitive data to its munchkin master.

But the little tyke was outed by his own source code: it contained personally identifiable information that a more experienced VXer would never reveal.

AVG Technologies said this isn't the first time a child-built nasty has wandered onto its radar, and said the age of the Canadian developer suggests that kids are "digitally fluent far earlier than previous generations".

While snooping on players' login details may at first seem a petty triumph, gaming accounts often store credit-card details or virtual currency for in-game purchases.

And many people use the same passwords for their accounts on Facebook, Twitter, Google and other websites and gaming networks, potentially putting the victims at serious risk across the entire web: as well as the inconvenience of regaining access to compromised accounts, there's a possibility information could be exploited by online bullies and identity thieves.

"We have now seen a number of examples of very young individuals writing malware, including an 11-year-old from Canada," said Yuval Ben-Itzhak, chief technology officer at AVG Technologies, referring to the RuneScape Gold Hack tool.

"The code usually takes the form of a basic Trojan written using the .NET framework, which is easy to learn for beginners and simple to deploy via a link in an email or posted on a social media page.

"We believe these junior programmers are motivated mainly by the thrill of outwitting their peers, rather than financial gain, but it is nevertheless a disturbing and increasing trend. It is also logical to assume that at least some of those responsible will be tempted to experiment with much more serious cyber-crimes."

The rise of the pre-pubescent VXer is documented in AVG Technologies' latest security dossier (PDF here), which also reports that almost 60 per cent of all threat activity online was carried out using exploit toolkits. The newly created Cool Toolkit accounted for 16 per cent of the top web threats in Q4 2012, topped only by the Blackhole Exploit Kit at 40 per cent. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
TEEN RAMPAGE: Kids in iPhone 6 'Will it bend' YouTube 'prank'
iPhones bent in Norwich? As if the place wasn't weird enough
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
iPAD-FONDLING fanboi sparks SECURITY ALERT at Sydney airport
Breaches screening rules cos Apple SCREEN ROOLZ, ok?
Crouching tiger, FAST ASLEEP dragon: Smugglers can't shift iPhone 6s
China's grey market reports 'sluggish' sales of Apple mobe
A moment of brilliance? UPnP for Internet of Stuff lightbulbs
Thus doth tech of future illuminate present, etc
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
The British Museum plonks digital bricks on world of Minecraft
Institution confirms it's cool with joining the blocky universe
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.