Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Games

Major Spike in Security Threats To Online Games 48

Posted by Soulskill from the i-blame-world-of-warcraft dept.
Gamasutra reports on data from security software firm ESET, which shows a major increase in the number of gaming-related security threats over the last year. They attribute the rise in attacks to the amount of money involved in the games industry these days. ESET's full report (PDF) is also available. "[ESET's research director, Jeff Debrosse] explains: 'It's a two-phase attack. If someone's account was compromised, then someone else can actually [using their avatar] during a chat session, or through in-game communication... they could leverage that people trust this person and point them at various URLs, and those URLs will either have drive-by malware or a specific [malware] executable. What ends up happening is that folks may end up downloading and using it. This is just one methodology.' These attackers also target gamers in external community sites, says Debrosse, through 'banners on websites or URLs in chat rooms or forums' — which can lead to unsafe URLs. 'If [users] don't have adequate protection, they could very well be downloading malware without their knowledge.'"
This discussion has been archived. No new comments can be posted.

Major Spike in Security Threats To Online Games More

Major Spike in Security Threats To Online Games

Comments Filter:

  • Considering the Rush Job... (Score:3, Insightful)

    by WiiVault ( 1039946 ) on Friday February 06, 2009 @10:57PM (#26761179)
    that most games are these days it seems inevitable. The last few years it seems the mentality has been to ship first patch later.

  • Re:Considering the Rush Job... (Score:3, Insightful)

    by cbiltcliffe ( 186293 ) on Friday February 06, 2009 @11:59PM (#26761501) Homepage Journal

    Only the last few years?

    Games have frequently been crap for the first release for a decade or more. I think the only reason it's really coming to the fore now is that it's only in the last couple of years that games have moved from standalone or local networks to the Internet.

    Not that good programming would prevent problems for idiots that get caught by phishing scams, though.

  • Paradox (Score:2, Insightful)

    by ProfMobius ( 1313701 ) on Saturday February 07, 2009 @01:20AM (#26761855)

    The main paradox of this story is that, people believe other people inside a game over internet, pretending knowing them, but can't differentiate between a "standard" behaviour or a copycat, meaning they don't know them at all. Most people can easily recognise who is on the other side of the phone just by they way of speaking, even if they change their voice.

    I will never understand how you can have full confiance in someone you never meet and with who you never shared a beer, but well, maybe it is just me...

    Ha well, another day in gullible land...

  • Re:Disclaimer (Score:3, Insightful)

    by 4e617474 ( 945414 ) on Saturday February 07, 2009 @02:48AM (#26762191)

    How convenient that ESET, the author of the report, offers a product to protect against that.

    Yes, fortunate indeed. I would have thought that if you were going to go to the trouble of stealing account credentials, you'd engage in item theft or swindling money from a person's contacts like earlier posters mentioned. Fortunately, we had someone with a vested financial interest in setting them straight. The most valuable asset you accumulate in a MMORPG is the credibility with which you can display a hyperlink. I mean it's not like people will click on suspicious links from strangers [slashdot.org].

  • The games themselves (Score:4, Insightful)

    by Rei ( 128717 ) on Saturday February 07, 2009 @03:29AM (#26762285) Homepage

    It actually can be a problem with the games themselves. Let me recount one example. I was once a coder for a free MMORPG. Nothing huge -- usually a couple hundred people online at any given point in time -- but still relevant. Just in the random course of looking through the code during my work, I encountered some *glaring*, as in "OMG, I can't believe these are in here" security holes. Example: there was no server validation. None, at all. If a packet had the server's IP, they automatically trusted it, and made all kinds of assumption's about the packet's size, direct-copied it into memory with that assumption, etc; if anyone was able to compromise or spoof the server's IP, every last user's computer connected to the game could have been compromised. The management refused to act on that one. In fact, there was only one issue I was able to get them to act on, and that only because I wrote a freaking exploit for it. It was due to them using popen for opening webbrowsers on URLs, and they weren't bothering to check for injection. My exploit was a bit of text that anyone could have said on a chat line or in person that would have caused the computers of anyone who clicked on the link to have their hard drives wiped (assuming adequate permissions). That's what it took to get them to patch security holes; I couldn't convince them to let me fix it until I wrote an exploit. Unbelievable. They operated for years with that timebomb just sitting around.

Slashdot Top Deals

I tell them to turn to the study of mathematics, for it is only there that they might escape the lusts of the flesh. -- Thomas Mann, "The Magic Mountain"

Close