Cyber-Crooks Targeting Online Games

According to a study by security firm Panda Software, cyber-crook's new malware of choice is increasingly targeting online games.

Specifically, cyber-crooks are going after the login details for installing and accessing online games. Similarly, these criminals are trying to rob players of the "virtual assets" obtained in the games, such as virtual money that can be used in the game to buy weapons, powers, etc. Given the effort required by players to obtain these items, there are many people prepared to pay for them as an easy way of reaching higher levels and increasing their reputation. In this way, the virtual economy of the game translates into real profits for the cyber-crook.

With the increasing number of games available online, there is a corresponding increase in the options for those willing to exploit this lucrative by-product of online games. There is now the risk that a whole new business model could be operated by cyber-mafias, stealing virtual assets, of apparently no real value, and selling them for real money to the highest bidder.

The malware that most frequently affects games are Trojans. The Lineage virus steals the login details of a player, allowing another player to relieve him of the virtual money used to buy weapons, privileges or abilities within the game. The different variations of the Legmir virus target players of Legend of Mir, stealing their passwords. Gaobot and its variants, although more widely known for their bot characteristics, also try to get in on the act, stealing the Cd-Keys of several games, and spreading to new potential victims. Similarly, they open a backdoor on infected computers making them vulnerable to future attack. Users of World of Warcraft could be affected by Trj/WoW.

According to Luis Corrons, director of PandaLabs, "the new financial motivation for malware creators and the professionalisation of malware has led us to believe that the sacking of these virtual assets offers potential returns for cyber-crooks that cannot be ignored."

In addition, it is important to consider the damage that this type of malware represents for developers of games, allowing unauthorised users to play freely using stolen login details or CD Keys. Moreover, if companies block access to the key to prevent the fraud, legitimate users will also be blocked with the consequent confusion and annoyance, and generating a negative impression of the company.

One sound piece of advice for players who don't want their details or virtual assets stolen is to ensure that they use legal software, which has the guarantee of being genuine and untampered with by third parties. It is also advisable to be wary of files sent over e-mail or chat sessions, especially those accompanied by messages promising some kind of benefit or profit. In particular, users are advised not to open any attachments unless they are completely sure they have come from a trusted source.

Posted by Jon Erickson at 11:19 AM  Permalink