Growth in password theft from online games

News by Andrew Donoghue

Players should not count on desktop security to protect them

Players should not count on desktop security to protect them

Criminals are increasing using online games as a way to steal passwords and initiate phishing attacks according to a report.


According to the Mid-Year Global Threat report, released by security vendors ESET, online games are a growth area for phishing and password theft, fuelled by a realisation amongst criminal gangs that virtual currencies can be converted into real money.


ESET claims that the second most detected threat in the first half of 2008 is Win32/PSW.OnlineGames – a family of trojans with keylogging and rootkit capabilities which can harvest information from online games.


David Harley, director of Malware Intelligence, ESET said threats against sites like World of Warcraft or Second Life aren't just about teenage mischief any more. “The theft of "virtual" treasure often translates into real profit for organised criminal gangs," he said.

Gamers need to be aware of malicious activity occurs in virtual worlds, some of which cannot be prevented by desktop security software, said Harley. “Gamers need to find out what security measures RPG and metaverse providers are putting in place for the protection of their subscribers," he added.

Linden Labs, owner of Second Life, said it is constantly developing tools to detect and block suspicious activity. "We have a team of trained professionals who work to detect such behaviour. Feedback we've received from the law enforcement community has been highly positive and productive. We feel confident that these tools not only reflect 'best practices' but that they are a model for our industry," the company said in a statement. 

Online games have been targeted by hackers and criminals for several years. In 2006, "World of Warcraft" users were hit by trojan that aimed to steal gamers' passwords.

The trojan, called PWSteal.Wowcraft, affected Microsoft Windows operating systems and injects msdll.dll code into certain processes before emailing the game's passwords back to the trojan's author. The malware also attempts to disable a number of processes, according to Symantec Security Response.

In the same year, 2,000 South Koreans had their names and national identity numbers stolen from the popular online role-playing game "Lineage" so hackers could play the game for free.

Earlier this week, security company BitDefender launched an antivirus defence package for online PC gamers called GameSafe.


The company claims the software defends the user's PC with minimal impact on processing power, memory and virtual memory, allowing players to maintain 'in-game' responsiveness and eliminating any unscheduled interruptions.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews