Slashdot Mirror

← Back to Stories (view on slashdot.org)

Major Spike in Security Threats To Online Games

Posted by Soulskill on from the i-blame-world-of-warcraft dept.

Gamasutra reports on data from security software firm ESET, which shows a major increase in the number of gaming-related security threats over the last year. They attribute the rise in attacks to the amount of money involved in the games industry these days. ESET's full report (PDF) is also available. "[ESET's research director, Jeff Debrosse] explains: 'It's a two-phase attack. If someone's account was compromised, then someone else can actually [using their avatar] during a chat session, or through in-game communication... they could leverage that people trust this person and point them at various URLs, and those URLs will either have drive-by malware or a specific [malware] executable. What ends up happening is that folks may end up downloading and using it. This is just one methodology.' These attackers also target gamers in external community sites, says Debrosse, through 'banners on websites or URLs in chat rooms or forums' — which can lead to unsafe URLs. 'If [users] don't have adequate protection, they could very well be downloading malware without their knowledge.'"

3 of 48 comments (clear)

  1. Re:Considering the Rush Job... by gujo-odori · · Score: 3, Informative

    This being /. and all, I didn't bother to read TFA, but phishing targeting online games is out there, too. I maintain an anti-phishing ruleset, and I first published rules targeting WoW phish over 6 months ago. The target of the phish was login credentials for WoW.

  2. Disclaimer by Mozk · · Score: 5, Informative

    If [users] don't have adequate protection, they could very well be downloading malware without their knowledge.

    How convenient that ESET, the author of the report, offers a product to protect against that.

    --
    No existe.
  3. Possible solution... a SecurID like card by mlts · · Score: 3, Informative

    Similar to the concept of OpenID, perhaps the solution to password theft would be a SecurID card that all the main game companies would have as an option to attach to an account. Right now, Blizzard has one, which is an OEM-ed Vasco Digipass Go 6. I just wish SOE, Valve, and other networked games would offer this.

    Of course, this brings with it its own can of worms, like what to do if a token is lost, disables itself, or stolen. Blizzard requires a fax of a lot of RL info before it releases control of an account if a token is lost. PayPal/eBay have a mechanism of calling one of the phone numbers on file.

    The advantage of two factor authentication is a big thing, as game accounts are worth a lot of money. Not just for characters to sell, but to use as farming/exploiting/spam bots until the MMO company bans the account.