Major Spike in Security Threats To Online Games 48
Gamasutra reports on data from security software firm ESET, which shows a major increase in the number of gaming-related security threats over the last year. They attribute the rise in attacks to the amount of money involved in the games industry these days. ESET's full report (PDF) is also available.
"[ESET's research director, Jeff Debrosse] explains: 'It's a two-phase attack. If someone's account was compromised, then someone else can actually [using their avatar] during a chat session, or through in-game communication... they could leverage that people trust this person and point them at various URLs, and those URLs will either have drive-by malware or a specific [malware] executable. What ends up happening is that folks may end up downloading and using it. This is just one methodology.' These attackers also target gamers in external community sites, says Debrosse, through 'banners on websites or URLs in chat rooms or forums' — which can lead to unsafe URLs. 'If [users] don't have adequate protection, they could very well be downloading malware without their knowledge.'"
Re:Considering the Rush Job... (Score:2, Interesting)
Re:Considering the Rush Job... (Score:3, Interesting)
Step 1: Steal (or scam or otherwise obtain) login info for one character.
Step 2: Log in as that character.
Step 3: Find another player that appears to have a pre-existing relationship with the account owner.
Step 4: Convince that player that a family member suddenly died, and that he can't afford the bus/plane ticket to be able to attend the funeral.
Step 5: Profit (via Western Union).
Unfortunately this actually happened to someone I know. She was out $300 as a result of this scam. Normally she wouldn't fall for something like this, but the compromised account happened to belong to someone she had known for several years.
Note that this doesn't require a game bug or other vulnerability--it can be accomplished entirely through social engineering.
Re:Considering the Rush Job... (Score:3, Interesting)
And this is where you can easily put a stop on the problem: Ask for a phone number. If you have known someone for years, it is likely that you know where they live, or at least that you have a more or less good idea from the things you two discussed. When your friend refuses to give you their phone no when they want money from you, I guess it can't be so dire. And when they give you a phone number in Malaysia or Whateverstan, you can pretty much assume as well that this isn't the friend you're looking for.