[ insider_reports_insider ]
Next Malware Breeding Ground: Online Games?
Jason Lee Miller
Staff Writer
2008-08-29
 Insider Reports RSS Feed
You know the bad guys are after your money and identity via traditional methods already. Did you know security experts are warning against attackers going after your or your kids' virtual currency?
 | | Next Malware Breeding Ground: Online Games? |  |
Dr. Igor Muttik, senior architect for McAfee Avert Labs, has published a 19-page whitepaper (PDF) warning we may soon see a spike in malware targeting in virtual worlds and online gaming.
What would they want with virtual goods? The same thing they always want: money. Virtual goods and currencies can be traded for real goods and currencies. General data can work too for nefarious purposes, so key-logging and the like are distinct possibilities.
Muttik says the spike in the number of password-stealing Trojans in general is alarming, but different alarms are set off when he reveals that up to half of them are targeted toward online gamers.
"It is not surprising," he writes, "that online gaming is beginning be plagued by almost all the problems of the real world-theft of identities and virtual assets, extortion, and even virtual terrorist attacks in these venues are becoming more and more common!
"Metaverses grow their own economies, and virtual currencies are converted into real money and back, so it is only natural that virtual profits, too, get targeted by cybercriminals. If Willie Sutton, the accomplished twentieth century American bank robber, were alive today, he probably would have an avatar and would be writing password-stealing Trojans."
What Muttik characterized as "the most intense spamming runs" were related to W32/Nuwar (also known as Stormworm), where hackers created free games websites that weren't safe to click anywhere.
The next great threats, he predicts will be/are in MMORG games like WOW, and virtual worlds like Second Life, which use common scripting languages. But also, as more of this sector moves toward open source software because of costs, readily available code and lack of proprietary security protocols could make them even more vulnerable.
But also, the next movement will be in convergence of the Web and the metaverse. Second Life already allows users to create HTML-style links to point to any point within the virtual world. Muttik views this as a development, the development of more readily clickable destinations within online games, destined for abuse.
"Before too long, we will start seeing polymorphic or metamorphic bots (bots in the MMOG sense). Bots that make use of stealth and rootkit technologies already exist and even became a point of legal battle. We soon might see cheating software that uses virtualization, too. These technologies are already widely used in malware, so we should expect them to find their way into unwanted programs that plague online gaming on a significant scale."
Add that to the thought that younger users who will grow up with these types of games may be less concerned, more naïve about, and more vulnerable to attack just by nature.
About the Author:
Jason is a graduate of the University of Kentucky. He covers business, technology, and security issues.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
