Hackers Target Online Gamers

"All your base are belong to us." There's a real space invader in our midst and a quick thumb and some extra coins in the machine isn't going to buy us more time. This is a virtual invasion and its weapon of choice is malware, otherwise known as nasty little critters designed to steal passwords and cause all kinds of misery. According to global threat expert ESET, online gamers are the biggest target for criminals keen to make a pretty penny out of the virtual world.

ESET's Global Threat Report reveals that Trojans targeted at online games represented 12.72% of all threats in July 2008, making it the highest ranked nasty. Looking at the mid-year report, Win32/PSW.OnLineGames was ranked second, representing 6.55% of threats in the first half of 2008.

Win32/PSW.OnLineGames is a family of Trojans that gather information from online games and the more popular the game, the more likely it is to be attacked. World of Warcraft, Lineage and Second Life are all targets with criminals stealing account information or ingame items and then selling them on the black-market or even eBay.

If you're a MMOGer it's time to start taking stock of your personal information because it's way more valuable to thieves than your high-spec PC or plasma TV. Why go through the bother of breaking into someone's house and lugging all their crap into a van, when they can trick you into giving them information without even leaving their desk, warehouse or underground lair?

One look at gaming forums soon turns up a story similar to this one:

"I have had my password stolen and someone else has logged into my WoW account. Several characters were deleted and all my ingame currency is gone.

"I know it's just a game, but the only way someone could have done that was to have my credentials. I'm worried I've got a keylogger on my machine. I do have other sensitive stuff on this machine (banking etc). I need to know it's safe."

For the victim of a malware attack, the loss of their gaming account is just the tip of the iceberg. However, spend a moment with me and total up how many hours you play in a week, a month, a year. Now add up a year's subscription fees. How many high-end characters do you have and how much "phat loot"? It soon adds up.

A quick search on eBay comes up with a level 70 Mage for WoW – all yours for the tidy sum of £200 if you buy it now. Fall victim to a Trojan and all your hard work and spare time could in the hands of a thief. Trojans use keylogging capabilities to gather information such as your username and password. They then log in, change the password and you're locked out of your own account.

The fact is that the criminals behind malware attacks range from rank amateurs to organised crime-style syndicates with high degrees of specialisation. These gangs of criminals will find vulnerabilities in a game, ranging from crafting exploits, to causing ingame disruption, to collecting and selling data for personal gain and even as means of money laundering.

Although it is "only a game," the risk to gamers is very real and the loss is real. I spoke to Aryeh Goretsky, manager, research for ESET and he provided some top tips for reducing the risk of becoming a malware victim:

• MMO players should consider creating a separate user account on their computer, used exclusively for online gaming
• Make sure this user account does NOT have administrative privileges
• Never use pirate games as they are ripe territory for malware attacks
• Never install patches from unofficial sources
• Do NOT visit website from your gaming account as these are often targeted for deploying malware
• Always use unique passwords for every game
• NEVER use the same passwords on games as you do for sensitive accounts such as online banking, shopping and email
• If you do become a victim of malware, don't change your passwords until the PC has been cleaned, as all changes will be seen by the criminals

Gamers need to be more aware of the risks of malware and protect their personal information from fraudsters and other criminals. It's all fun and games until someone loses a username and password.

For more information on ESET and the Global Threat Report, head to the threats update here: http://www.eset.com/threat-center/

Most played: Vib Ribbon

Most wanted: Tomb Raider Underworld