Feeds

11-YEAR-OLD code wizard hacks Greedy RuneScape geeks

Kid's .NET Trojan offers hard coin but teleports passwords

High performance access to file storage

A Trojan that promises RuneScape players gold but instead steals their passwords was developed by an 11-year-old, researchers claim.

Antivirus biz AVG said it made the discovery after studying a piece of code masquerading as a cheat tool for the wizards'n'warriors online role-playing game. The malware asks victims for their login details and, rather than send them in-game currency as promised, it passes the sensitive data to its munchkin master.

But the little tyke was outed by his own source code: it contained personally identifiable information that a more experienced VXer would never reveal.

AVG Technologies said this isn't the first time a child-built nasty has wandered onto its radar, and said the age of the Canadian developer suggests that kids are "digitally fluent far earlier than previous generations".

While snooping on players' login details may at first seem a petty triumph, gaming accounts often store credit-card details or virtual currency for in-game purchases.

And many people use the same passwords for their accounts on Facebook, Twitter, Google and other websites and gaming networks, potentially putting the victims at serious risk across the entire web: as well as the inconvenience of regaining access to compromised accounts, there's a possibility information could be exploited by online bullies and identity thieves.

"We have now seen a number of examples of very young individuals writing malware, including an 11-year-old from Canada," said Yuval Ben-Itzhak, chief technology officer at AVG Technologies, referring to the RuneScape Gold Hack tool.

"The code usually takes the form of a basic Trojan written using the .NET framework, which is easy to learn for beginners and simple to deploy via a link in an email or posted on a social media page.

"We believe these junior programmers are motivated mainly by the thrill of outwitting their peers, rather than financial gain, but it is nevertheless a disturbing and increasing trend. It is also logical to assume that at least some of those responsible will be tempted to experiment with much more serious cyber-crimes."

The rise of the pre-pubescent VXer is documented in AVG Technologies' latest security dossier (PDF here), which also reports that almost 60 per cent of all threat activity online was carried out using exploit toolkits. The newly created Cool Toolkit accounted for 16 per cent of the top web threats in Q4 2012, topped only by the Blackhole Exploit Kit at 40 per cent. ®

High performance access to file storage

More from The Register

next story
Video games make you NASTY AND VIOLENT
Especially if you are bad at them and keep losing
Report: Apple seeking to raise iPhone 6 price by a HUNDRED BUCKS
'Well, that 5c experiment didn't go so well – let's try the other direction'
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Nvidia gamers hit trifecta with driver, optimizer, and mobile upgrades
Li'l Shield moves up to Android 4.4.2 KitKat, GameStream comes to notebooks
Gimme a high S5: Samsung Galaxy S5 puts substance over style
Biometrics and kid-friendly mode in back-to-basics blockbuster
Dell Wyse Cloud Connect: Pocket Android desktop
Ultrathin client with a lot of baggage. The upside? It's a rogue sysadmin's delight
AMD unveils Godzilla's graphics card – 'the world's fastest, period'
The Radeon R9 295X2: Water-cooled, 5,632 stream processors, 11.5TFLOPS
Sony battery recall as VAIO goes out with a bang, not a whimper
The perils of having Panasonic as a partner
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.