Feeds

11-YEAR-OLD code wizard hacks Greedy RuneScape geeks

Kid's .NET Trojan offers hard coin but teleports passwords

Providing a secure and efficient Helpdesk

A Trojan that promises RuneScape players gold but instead steals their passwords was developed by an 11-year-old, researchers claim.

Antivirus biz AVG said it made the discovery after studying a piece of code masquerading as a cheat tool for the wizards'n'warriors online role-playing game. The malware asks victims for their login details and, rather than send them in-game currency as promised, it passes the sensitive data to its munchkin master.

But the little tyke was outed by his own source code: it contained personally identifiable information that a more experienced VXer would never reveal.

AVG Technologies said this isn't the first time a child-built nasty has wandered onto its radar, and said the age of the Canadian developer suggests that kids are "digitally fluent far earlier than previous generations".

While snooping on players' login details may at first seem a petty triumph, gaming accounts often store credit-card details or virtual currency for in-game purchases.

And many people use the same passwords for their accounts on Facebook, Twitter, Google and other websites and gaming networks, potentially putting the victims at serious risk across the entire web: as well as the inconvenience of regaining access to compromised accounts, there's a possibility information could be exploited by online bullies and identity thieves.

"We have now seen a number of examples of very young individuals writing malware, including an 11-year-old from Canada," said Yuval Ben-Itzhak, chief technology officer at AVG Technologies, referring to the RuneScape Gold Hack tool.

"The code usually takes the form of a basic Trojan written using the .NET framework, which is easy to learn for beginners and simple to deploy via a link in an email or posted on a social media page.

"We believe these junior programmers are motivated mainly by the thrill of outwitting their peers, rather than financial gain, but it is nevertheless a disturbing and increasing trend. It is also logical to assume that at least some of those responsible will be tempted to experiment with much more serious cyber-crimes."

The rise of the pre-pubescent VXer is documented in AVG Technologies' latest security dossier (PDF here), which also reports that almost 60 per cent of all threat activity online was carried out using exploit toolkits. The newly created Cool Toolkit accounted for 16 per cent of the top web threats in Q4 2012, topped only by the Blackhole Exploit Kit at 40 per cent. ®

New hybrid storage solutions

More from The Register

next story
Apple iPhone 6: Missing sapphire glass screen FAIL explained
They just cannae do it in time, says analyst
Quit drooling, fanbois - haven't you SEEN what the iPhone 6 costs?
How keen will buyers be when exposed to the real price?
Slap my Imp up: Bullfrog's Dungeon Keeper
Monsters need to earn a living too
Amazon axes hated Fire Phone price: 99 pennies but a niche? Ain't none
Forgive the double negative but seriously, no one wants this mobe
Apple's big bang: iPhone 6, ANOTHER iPhone 6 Plus and WATCH OUT
Let's >sigh< see what Cupertino has been up to for the past year
The Apple Watch and CROTCH RUBBING. How are they related?
Plus: 'NostrilTime' wristjob vid action
Oh noes, fanbois! iPhone 6 Plus shipments 'DELAYED' in the UK
Is EMBIGGENED Apple mobile REALLY that popular?
Apple's SNEAKY plan: COPY ANDROID. Hello iPhone 6, Watch
Sizes, prices and all – but not for the wrist-o-puter
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.