Major Spike in Security Threats To Online Games 48
Gamasutra reports on data from security software firm ESET, which shows a major increase in the number of gaming-related security threats over the last year. They attribute the rise in attacks to the amount of money involved in the games industry these days. ESET's full report (PDF) is also available.
"[ESET's research director, Jeff Debrosse] explains: 'It's a two-phase attack. If someone's account was compromised, then someone else can actually [using their avatar] during a chat session, or through in-game communication... they could leverage that people trust this person and point them at various URLs, and those URLs will either have drive-by malware or a specific [malware] executable. What ends up happening is that folks may end up downloading and using it. This is just one methodology.' These attackers also target gamers in external community sites, says Debrosse, through 'banners on websites or URLs in chat rooms or forums' — which can lead to unsafe URLs. 'If [users] don't have adequate protection, they could very well be downloading malware without their knowledge.'"
Re:Considering the Rush Job... (Score:3, Informative)
This being /. and all, I didn't bother to read TFA, but phishing targeting online games is out there, too. I maintain an anti-phishing ruleset, and I first published rules targeting WoW phish over 6 months ago. The target of the phish was login credentials for WoW.
Disclaimer (Score:5, Informative)
How convenient that ESET, the author of the report, offers a product [wikipedia.org] to protect against that.
Possible solution... a SecurID like card (Score:4, Informative)
Similar to the concept of OpenID, perhaps the solution to password theft would be a SecurID card that all the main game companies would have as an option to attach to an account. Right now, Blizzard has one, which is an OEM-ed Vasco Digipass Go 6. I just wish SOE, Valve, and other networked games would offer this.
Of course, this brings with it its own can of worms, like what to do if a token is lost, disables itself, or stolen. Blizzard requires a fax of a lot of RL info before it releases control of an account if a token is lost. PayPal/eBay have a mechanism of calling one of the phone numbers on file.
The advantage of two factor authentication is a big thing, as game accounts are worth a lot of money. Not just for characters to sell, but to use as farming/exploiting/spam bots until the MMO company bans the account.
Re:Considering the Rush Job... (Score:3, Informative)
Sure, but WoW and the like are immensely more popular than Quake II Internet play.
It's also not possible to play WoW solo, is it?
Sure, you were playing STV online from 1999 to 2002, along with a few hundred other people.
World of Warcraft hit 10 million subscribers in January of 2008. It's probably bigger now, a year later.
It's a significantly different situation than it was in 1997 when you were playing Quake online.
And come on. 40 hours a week gaming for 4 years? Do you seriously think you're statistically average with that? You're probably an outlier to the outliers......
Re:Considering the Rush Job... (Score:3, Informative)
What should be punished? A person you have known for years tells you "Oh Bob, this is SO cool, you gotta check it out!" Problem is just, it's not the person you knew but someone who hacked his account.
Imagine NewYorkCountryLawyer posting a link here. Will you follow it? Probably. Why? Because you know that his links are usually quite informative. And this here is /., the average computer clue level here is way above anything you find in WoW or similar games. You might still be wary where it leads to, but I guess many will follow it. Some of the better hidden info is on more or less obscure pages. And how many here check EVERY SINGLE link they follow, especially when in an article where the usual information about the real target URL is not displayed? It's after all an "approved" article...
I can't see how anyone can be punished for anything. The person who followed the link? Why? The person whose account has been hacked? Why? The person who hacked the account? How?
Re:Considering the Rush Job... (Score:3, Informative)
You're not listening.
Yes, these types of games existed in 2000 or so.
But the category is massively more popular now than it's ever been. I'd guess there were a few hundred thousand people worldwide during any given month that played games online in 2000.
Now, there are over 11.5 million people that are paying a subscription to play just one particular online-only game in a given month. That says nothing of all the other games that can be played online today.
Also, WoW has individual accounts that persist for as long as the subscription, allowing the player to build up quite a reputation, significant abilities, and valuable in-game resources.
Counterstrike, on the other hand, you start from scratch every time you play. No value, no persistence.
Like I said...it's not the same market, and not even remotely the same size.