Virus Writers Turning to Online Games


« Conficker: 1 Year Later, 7 Million Infected | Main | Windows 7 Virus Vulnerabilities: Is It Getting Better? »

11/02/2009



Virus Writers Turning to Online Games

Kevin R. Smith
Co-Editor


A great piece today from the BBC's technology section called, Video gamers face malware deluge talks about the latest computer security / virus threats.

What may seem strange to some is that one of the main purposes of these viruses is to steal the game players online credentials (i.e. their usernames and passwords) to the video games themselves.

This may come as a surprise to many since typically the primary purpose of viruses is to infect the computers themselves; however, in this case it appears the goal is just to steal your access to the games.

Why?

Simple. To make a quick buck.

One of the main things gamers get out of online games is the long-term satisfaction, often including friends and companionship, from playing with the same group of people over a long period of time.

Additionally, gamers as they progress get higher and higher levels of performance their in-game characters get a host of different things including new 'skills', weapons or other attributes. The challenge is the time spent getting there.

Some people, after having seen the excitement that awaits them once they've built up a certain attributes in their in-game character, want to short-circuit the time needed to build up to the high levels, so they purchase the accounts from others who've spent the time playing the game to build up to the high levels.

In some cases these high-level accounts go for hundreds or even thousands of dollars--or more.

And, therein is the profit motive.

These virus writers, rather than attempting to build up their own characters to sell for profit, have created viruses that steal passwords, and by doing so, they can take over the accounts and sell the hard-won, highly lucrative characters to often unsuspecting buyers who're just looking for a way to avoid what some gamers perceive as early-game slog to get to the good stuff.

According to the story,

"Cliff Evans, head of security at Microsoft UK, said its latest look at the software threats facing Windows revealed a strong growth in one family of malicious programs known as taterf.

"In the last six months, Microsoft has seen more than 4.9m infections caused by Taterf - a figure up 156% on the total seen in the last six months of 2008."

Elsewhere in the article, and getting less note since it wasn't the headline, was discussion of worms like Conficker.

Information on the Conficker worm itself and help with Conficker removal have been covered here extensively for a variety of reasons, including as Mr. Evans of Microsoft cites,

"worms that travel networks independently looking for victims were seeing a resurgence.

"Such self-guided programs were now the second biggest security threat to Windows users." [Editor's Note: Emphasis is mine]

Worms, like all malware, are out there for a variety of reasons, but these days the most common one isn't just for the notoriety the virus/worm writer gets as it spreads, as it once was, it's for profit.

The profit may be from selling/using your computer as a spambot, from using it to steal people's banking information or identities, or it may be (as we see now) from selling your online gaming profiles.

All-in-all these worms, viruses, and other malware are threats. Their writers are clever, and they're only coming up with newer, more ingenious ways to ferret themselves into your computer and your life.

 What to do?

  1. Be careful with your passwords. Use different ones for each of your online banks/credit cards/utilities. Use different ones still for your email.

    Using one password everywhere opens you up to even more problems, as if one account is compromised, especially your email, where someone can easily see the places with whom you do business, it's trivial for them to login to these other business' websites and see if your credentials work. 

  2. Be careful with where you point your browser. Avoid using a search engine, even the best ones like Google, Yahoo, MSN/Bing, and Ask just to get to a website whose website address you already know.

  3. Why give the scammers an opportunity to setup a rogue website that looks just like your bank and get it listed in a search engine? It's very, very hard for the engines to know what's a real bank and what's a fake one.

    If you know you're banking with Wells Fargo, for example, why go to Google to get to Wells Fargo? Just type www.wellsfargo.com into your browser and go there directly. Then bookmark it, so you're not subject to a typographical error next time, which could just as easily ensnare you in a malware/phishing trap.

    Taking out that extra step of going to the engines to get to a place you already know could mean the difference between keeping your information safe and not.

All this crapware shows is that it's always smart to run antivirus firewall software, to keep it updated, and to keep your Operating System updated, too.

Lastly, remember: your online safety is your responsibility. Many of the companies you deal with do make efforts to keep your information safe, but in the end it's still your responsibility.

Comments

You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.