The stolen gaming credentials of 44 million people have been found on a server.
Symantec Security Response's Eoin Ward claimed that recent analysis of a sample of a data harvesting threat revealed the stolen credentials. What was interesting was not just the sheer number of stolen accounts, but that the accounts were being validated by a Trojan distributed to compromised computers.
The company detected this threat as Trojan.Loginck, and said that the database server is part of a distributed password checker aimed at Chinese gaming websites.
Ward said: “The stolen login credentials are not just from particular online games, but also include user login accounts associated with sites that host a variety of online games. In both cases the accounts contained in the database have been obtained from other sources, most likely using malware with information-stealing capabilities, such as Infostealer.Gampass.”
He claimed that with 44 million sets of gaming credentials at a user's disposal, three options were present - log on to gaming websites 44 million times, write a program to log in to the websites or write a program that checks the login details and then distribute the program to multiple computers.
Ward said that the first two were either impossible or not feasible, but by taking advantage of the distributed processing that the third option offers, a user can complete the task more quickly and help mitigate the multiple-login failure problems by spreading the task over more IP addresses. This is what Trojan.Loginck's creators have done.
He said: “Most botnets have the ability to download and run files, so why not push a custom piece of malware to each bot? The malware could log on to the database and download a group of user names and passwords in order to check them for validity.
“If the Trojan succeeds in its task of logging in, it will update the database with the time it logged in, and any user credentials (such as current game level, etc) before moving to the next user name and password. The attackers can then log on to the database and search for the valid user name and password combinations.”
As the database currently holds approximately 17GB of flat file data, he asked how valuable a database of this sort was. Prices as the requested value show that 210,000 World of Warcraft logins have a value range of $35-$28,000, while two million logins to PlayNC to allow access to Lineage II, Guildwars and City of Heroes would be worth anything from $6 to $2,855.