Cyber-crooks exploit gamers in pursuit of financial gain
(12/06/2008)

Virtual worlds can provide an exciting terrain to inhabit, play and interact within computer-simulated environments but they have become increasingly personal and involve more and more dedicated users desperate to do well. With their virtual ambitions set high, some users occasionally cheat to keep up with the pace of the game. In effect, less skilful users are prepared to pay for the virtual assets they are unable to obtain by playing the game.

These human vulnerabilities are being exploited by the hacker-controlled black market which is taking the advantage of special forums, chats and online auctions to sell stolen assets. The gaming industry is consistently stripped of its virtual assets as cyber-crooks continue to exploit gamers in pursuit of financial gain.

“Because functions, objects and passwords are accumulated exclusively through user experience they can be of significant user value,” said Dominic Hoskins, Country Manager, Panda Security UK.

In certain cases such as Second Life, some games even extend to developing fictitious money, Linden dollars, which can be then exchanged into real currency.

According to Panda, this latest infiltration of the gaming industry has flourished, with hackers becoming ever more precise, and creating malicious codes aimed at specific players to steal passwords. For example, Trojans of the Lineage family steal Lineage passwords whilst those of the Wow family target World of Warcraft players.

Stealing passwords for gaming purposes may not seem a big deal but with the number of active users now in the millions, this suddenly becomes more than just a lucrative business. Virtual worlds hold a database of hundreds of thousands of users whose profiles can be compromised for spamming purposes.

Gaming cyber-crooks can also damage systems by exploiting flaws in the design of programmes needed to access an online game. The damage caused can range from infecting PCs with malware, to taking control of the affected machine. Vulnerabilities can also be used to affect users during the game.

To ensure a fun and enjoyable virtual world experience you should follow the following practical tips:

- Install a security solution with proactive technologies on your PC. This way, you will be protected against the malware designed to steal game passwords.

- Keep the computer up-to-date and regularly scan it online: the vulnerabilities that affect programmes (e.g. those used to access virtual worlds) must be resolved.

- Do not share confidential information: If you access forums and chats to exchange tricks, information, etc. with other players, do not give out confidential information (email addresses, credentials, etc.).

- Do not provide more information other than necessary in the profiles: If it is mandatory to provide a credit card number, etc., select the option to hide this information from other users, or any method that prevents players and administrators from accessing your details.

- Report crimes: If you observe unsuitable or criminal behaviour, you should inform the administrators. Most virtual worlds have channels for users to send their comments.