Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Second Life Exploit Allows Hackers Steal Linden Currency from Avatars

Two security researchers have found a security hole in the online virtual world, Second Life, developed by Linden Lab, where cyber-terrorists can purloin Linden dollars from a target's avatar, and also hack his/her PC.

Evidently, that would be very troublesome, since the currency, called Linden dollars, can be directly converted to the US dollars.

Second Life is an Internet-based virtual community where consumers can produce avatars and buy virtual property like estate, accommodation, furniture and apparel.

As per Takahashi, cyber-terrorists Charles Miller and Dino Dai Zovi informed him that they had exposed a security hole that could permit somebody to con Second Life inhabitants of their Linden currency.

The exploit code is connected to Apple's QuickTime program, which is utilized for video display in Second Life.

The exploit succeeds as Second Life permits customers to insert videos or photos on their avatar's or their virtual property. Whenever somebody is in the vicinity or is within the range of the person, the Second Life program starts QuickTime in order to handle the video or images. This way, QuickTime leads the Second Life program to another site, reported Mercextra, according to news by TECH.BLORGE.

By attacking the QuickTime glitch, cyber-terrorists can guide the Second Life program to malevolent sites to run Trojan files that might permit them to hijack the target's PC and its Second Life character.

As per the United States Computer Emergency Readiness Team (US-Cert), the vulnerability was detected within the Real Time Streaming Protocol (RTSP) on which Quicktime's hosts and clients are based. Unsuspecting end users who install the malicious RTSP software through a webpage, or via a file, can allow hackers to attack their PCs unnoticed, cautioned the agency. In this situation, cyber-terrorists can easily steal the money of online community user.

Linden Labs has recommended its customers to stop the streaming video playback choice in the Second Life Viewer (downloadable program), except while playing in a secure site. Second Life users should comply with this rule till Apple issues a patch.

The officials at Linden asserted that they are well equipped to hunt down strikes, and upon detecting a malevolent stream, they are confident of tracking the hacker, informed iTWire on December 3, 2007.

Related article: Second Zero-Day Vulnerability Hit Windows

ยป SPAMfighter News - 14-12-2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next