By Mike Kronenberg
E3, the annual trade show for the computer and video games industry, kicked off in Los Angeles yesterday, not long after the unofficial start of summer on Memorial Day. These events got me thinking about what many students might do with their free time over the next three months. I imagine that for legions of young PC gamers, this could mean hour after blissful hour spent honing their skills as a blacksmith and earning gold in their favorite online fantasy universe. You can bet cybercriminals are imagining the same thing, too – and banking on it.
In PC gaming, it used to be that hackers would seek to steal log-in information to take control of someone’s character for their own personal enjoyment. But they’ve figured out in-game currency translates into real-world money, and now many people log onto World of Warcraft or Lineage to find their account balances wiped to zero.
To help keep hackers out — and hopefully make their summer a little less lucrative – I’ve outlined the most common tactics for infection during gaming and how gamers (of all ages) can avoid them.
Hot links in forum posts: Aside from the fact that they’re usually out of context with the rest of the forum’s thread, these innocuous-looking URLs can be compelling enough to click. In one example we found a link that, when clicked, led to a site designed to look like YouTube. We were then prompted by a phony message from Microsoft to download the latest version of Adobe flash to view the video. Other than a couple transposed letters in the phony filename, the messages seemed legitimate, and a few clicks later, our test system was infected. While gamers tend to self-police forums for World of Warcraft and other games for these links, they’re still prevalent.
Hot links in in-game emails: Using the same tactics as above, keyloggers distribute malicious links through the World of Warcraft e-mail system and in-game chat channels. In this case, a gamer would need to copy and paste the URL into a browser to launch the site.Webroot’s research found a phishing site behind one of these links designed to look remarkably like World of Warcraft’s log-in page to capture your username and password.
Links to porn: Keyloggers will appeal to all of your senses to get you to click on links you shouldn’t. We found many such links in posts promising naked women in compromising positions leading to videos and pictures booby-trapped with malware.
Offsite infections: Hackers often bind password-stealing gaming Trojans to applications on P2P file-sharing networks to hide their presence. They jump to action when you log onto your game account.
SQL injection attacks: Once a hacker gains access to a site server’s database, he can use any number of tricks to steal your gaming account credentials. For instance, malicious code can be hidden underneath a banner ad in order to turn it into a vehicle for infection. Within PC gaming, these attacks are targeted, and they’re very difficult to anticipate. Your best defense is to use a safer browser like Firefox which has an extension called NoScript that alerts you when potentially malicious activity is detected..
Overall, the general guidelines for protecting yourself while gaming are simple:
- Be aware! If something seems too out of place or too good to be true, it probably is;
- Make sure your PC is updated with the latest operating system and browser patches;
- Consider protecting your PC with an antivirus and antispyware program;
- If you already have AV/AS installed, make sure it is updated with the latest malware definitions; and
- Download applications from their original source rather than from a P2P file-sharing network
Happy safe gaming!