Trojan Robs Online Gamers of their Account Information
Hoping to gain financially by tapping the real world economy that revolves around multiplayer online games, hackers are disseminating a Trojan program that steals usernames and passwords from gamers.
Security experts at MicroWorld Technologies, provider of anti-spam, anti-virus and content security, are warning that the latest Trojan called Win32.OnlineGames.dr is capable of sniffing game accounts' usernames and passwords and robbing the account holder of his real assets. It appears that the Trojan particularly targets the gamers of Wowtaiwan and Gamania intended for players in Taiwan.
The malware enters the computer in the guise of help notes and offers that the crooks post on game forums or via browser vulnerability exploitation. The Delphi-language scripted 'OnlineGames.dr' pushes its DLL element into active browsers and installs an 'autorun.inf' file in each drive so that it starts to work whenever some drive is opened.
The active autorun.inf file tracks user activity, captures sensitive account information and transmits it to the distant attacker. Sometimes, the Trojan even posts these stolen details on certain malware-infected Websites. Armed with a virtual gamer's username and password, the Trojan author can directly access the victim's game account and trade off his goods and characters for real money.
According to MicroWorld CEO Govind Rammurthy, the different gaming sites are connected to nearly half a billion dollars worth of real money. Gameindustry published Rammurthy's statement on November 13, 2007.
The growth of virtual worlds and online games in sophistication and popularity has also given rise to associated threats. Security experts have cautioned that 2008 may see identity frauds as one kind of cyber threat in online real worlds. Besides direct theft of gamers' account information and real assets, the digital goods market could also be a medium for money laundering.
The rise in maturity of the market and the absence of a system of tracking exchange of such money through gamers' online accounts would increase the scope for organized criminals to purchase and barter digital goods or sell them off for cash.
Rammurthy has advised gaming firms to improve their authentication system and gamers to deploy and maintain updated anti-virus software.
Related article: Trojans to Target VoIP in 2006
» SPAMfighter News - 28-11-2007