Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[News] Microsoft Brings Malware to Computer Games

0 views
Skip to first unread message

Roy Schestowitz

unread,
Aug 14, 2006, 11:08:51 PM8/14/06
to
Microsoft warns game developers of security risk

,----[ Quote ]
| Using malware or software designed to infiltrate a computer system,
| hackers steal account information for users of MMO games and then sell
| off virtual gold, weapons and other items for real money.
`----

http://yahoo.reuters.com/news/articlehybrid.aspx?storyID=urn:newsml:reuters.com:20060814:MTFH51554_2006-08-14_23-45-08_N14313943&type=comktNews&rpc=44

Oliver Wong

unread,
Aug 15, 2006, 12:49:44 PM8/15/06
to

"Roy Schestowitz" <newsg...@schestowitz.com> wrote in message
news:1601497.4...@schestowitz.com...

What the article is actually saying is that a Microsoft security
development engineer publicly told MMO developers to "be careful". Player
accounts on MMOs are becoming valuable due to the items and gold they've
earned over the years, and organized crime may start to target them just as
they current target credit card numbers and bank account information.

There is no actual announcement of a new vulnerability or malware or
anything like that. It's just a security expert notifying us of one more
thing to watch out for, independently of what OS we're using.

- Oliver

Roy Schestowitz

unread,
Aug 16, 2006, 3:33:03 AM8/16/06
to
__/ [ Oliver Wong ] on Tuesday 15 August 2006 17:49 \__

I can't recall which article (among a few) I ended up citing, but have you
read the stories of those who fell victim to theft, which was the product of
malware that affects World of Warcraft? A penetrable system cares not
whether you play games or access your bank. Windows has back door. Thus, it
is not secure. Not for gaming. Not for banking. But most ironic is the fact
that something as innocent and seemingly childish as online games is
subjected to outside intervention.

Oliver Wong

unread,
Aug 16, 2006, 10:39:10 AM8/16/06
to

"Roy Schestowitz" <newsg...@schestowitz.com> wrote in message
news:3429978.U...@schestowitz.com...

I think I've only read two stories about theft in MMOs (one was
EverQuest, and was via social engineering rather than a vulnerability in the
OS, the other I don't recall the details of what game or what methodology
was used). I'm not saying anything for or against the security of the
Windows series of operating systems. I was just clarifying the contents of
the article.

For example, online banking sites typically use some sort of encryption,
such as SSL, to protect valuable information such as your account number and
password. Some MMOs might not bother to encrypt any of their information,
sending their user's login name and password in clear text, under the
assumption that nobody cares enough to try to gain access to an MMO account.

The security expert is saying that this is not the case, and for some
players, the value of the online artifacts (extremely rare items, high level
characters, etc.) exceed the values of their owners bank accounts. The
security expert is stressing that it's not merely script kiddies who will be
going after the MMO accounts, but organized crime, because stealing MMO
accounts is more profitable than stealing credit card or banking
information.

Again, this doesn't have much to do with Windows the operating system
itself, except that most MMO games run only on Windows.

- Oliver

Roy Schestowitz

unread,
Aug 17, 2006, 2:22:10 AM8/17/06
to
__/ [ Oliver Wong ] on Wednesday 16 August 2006 15:39 \__


I don't think we talk about packet interception and sniffing here. It's a
case of malware. But please correct me if I am wrong. *smile*


> The security expert is saying that this is not the case, and for some
> players, the value of the online artifacts (extremely rare items, high
> level characters, etc.) exceed the values of their owners bank accounts.
> The security expert is stressing that it's not merely script kiddies who
> will be going after the MMO accounts, but organized crime, because stealing
> MMO accounts is more profitable than stealing credit card or banking
> information.


Intersting point. My Digg account turns out to have become quite valuable. I
never ever expected this to be the case and some Digg users (at least two)
put their account up for bidding in eBay. The following was posted last
night.

http://www.calacanis.com/2006/08/16/ten-more-navigators-makes-20-or-proving-benkler-wrong-one-day/

I am among those 5.


> Again, this doesn't have much to do with Windows the operating system
> itself, except that most MMO games run only on Windows.


Which is a platform that is too penetrable. It was not designed with the Web
in mind. It was not designed for /multiplayer/ gaming, let alone to be a
multi-user platform.

Best wishes,

Roy

--
Roy S. Schestowitz | "Turn up the jukebox and tell me a lie"
http://Schestowitz.com | Free as in Free Beer Ś PGP-Key: 0x74572E8E
Cpu(s): 18.6% user, 2.6% system, 0.8% nice, 78.0% idle
http://iuron.com - semantic engine to gather information

Oliver Wong

unread,
Aug 17, 2006, 11:29:43 AM8/17/06
to

"Roy Schestowitz" <newsg...@schestowitz.com> wrote in message
news:3205502.K...@schestowitz.com...

> __/ [ Oliver Wong ] on Wednesday 16 August 2006 15:39 \__

>> For example, online banking sites typically use some sort of


>> encryption,
>> such as SSL, to protect valuable information such as your account number
>> and password. Some MMOs might not bother to encrypt any of their
>> information, sending their user's login name and password in clear text,
>> under the assumption that nobody cares enough to try to gain access to an
>> MMO account.
>
>
> I don't think we talk about packet interception and sniffing here. It's a
> case of malware. But please correct me if I am wrong. *smile*

I re-read the article, and it looks like they do explicitly mention
"malware" as the point of attack, though that information was not attributed
to Dave Weinstein, the person being interviewed, so I'm not sure if this is
background research done by the reporter, or really Weinstein's main
concern. I concede that the article itself is indeed about malware, though.
Sorry about that.

>
>
>> The security expert is saying that this is not the case, and for some
>> players, the value of the online artifacts (extremely rare items, high
>> level characters, etc.) exceed the values of their owners bank accounts.
>> The security expert is stressing that it's not merely script kiddies who
>> will be going after the MMO accounts, but organized crime, because
>> stealing
>> MMO accounts is more profitable than stealing credit card or banking
>> information.
>
>
> Intersting point. My Digg account turns out to have become quite valuable.
> I
> never ever expected this to be the case and some Digg users (at least two)
> put their account up for bidding in eBay. The following was posted last
> night.
>
> http://www.calacanis.com/2006/08/16/ten-more-navigators-makes-20-or-proving-benkler-wrong-one-day/
>
> I am among those 5.
>

I don't have much experience with these social bookmarking sites, so I
had a bit of difficulty following along this blog post, but it sounds like
because you were such a good contributer, you're not hired as a professional
bookmarker? If so, congratulations. =) I'm also guessing that you're using
this as an example of how user accounts themselves can be valuable.

>
>> Again, this doesn't have much to do with Windows the operating system
>> itself, except that most MMO games run only on Windows.
>
>
> Which is a platform that is too penetrable. It was not designed with the
> Web
> in mind. It was not designed for /multiplayer/ gaming, let alone to be a
> multi-user platform.

Hopefully, since the Wii and PS3 are running Linux internally, that'll
spur some game development efforts for Linux on the PC, and eliminate one of
the larger barriers for switching from Windows to Linux.

- Oliver

0 new messages