Forgot your password?
typodupeerror
Botnet Crime Security Games

Symantec Finds Server Containing 44 Million Stolen Gaming Credentials 146

Posted by Soulskill
from the who-wants-to-buy-a-level-80-paladin dept.
A Symantec blog post reports that the company recently stumbled upon a server hosting the stolen credentials for 44 million game accounts. It goes on to explain how the owners of the server made use of a botnet to process that mountain of data: "Now it's time to turn those gaming credentials into hard cash. But how do you find out which credentials are valid and thus worth some money? Three options come to mind: 1) Log on to gaming websites 44 million times! 2) Write a program to log in to the websites and check for you (this would take months). 3) Write a program that checks the login details and then distribute the program to multiple computers. Option one naturally seems next to impossible. Option two is also not very feasible, since websites typically block IP addresses after multiple failed login attempts. By taking advantage of the distributed processing that the third option offers, you can complete the task more quickly and help mitigate the multiple-login failure problems by spreading the task over more IP addresses. This is what Trojan.Loginck's creators have done."
This discussion has been archived. No new comments can be posted.

Symantec Finds Server Containing 44 Million Stolen Gaming Credentials

Comments Filter:
  • by Monkeedude1212 (1560403) on Thursday May 27, 2010 @02:01PM (#32365234) Journal

    Don't tell me that people buy stolen creds and log into them just to take all their e-loot (worth thousands of e-dollars)? Oh for the love of humanity the things people will do in the name of wasting time.

    No, this is often the people who STOLE the creds, log in, and sell the E-loot for REAL money. If you've never played WoW, Eve, or Runescape for more than a Month, I wouldn't expect you to understand. But this is a problem that does occur regularly.

  • by interkin3tic (1469267) on Thursday May 27, 2010 @02:07PM (#32365348)

    Is the buyer really going to come back and demand a refund when it doesn't work?

    While I'd guess it's not impossible to just fake the account details, and maybe people do that, it could just be that these particular people found it is just more profitable to be legitimate after stealing the account for a variety of reasons. These are legitimate auction sites according to TFA.

    Just guessing, but you see a account you'd like to get on the auction site, check to see if that character is actually good or has good equipment on WOW or whatever. If it isn't, no bid. If you buy it and the login doesn't work, I guess you first might cancel the transaction on your credit card or report it to paypal, the auction house bans that user from selling again, they'd have to start over with a new auction account with a lower user feedback rating.

  • by TrisexualPuppy (976893) on Thursday May 27, 2010 @02:09PM (#32365376)
    There are lots of holes in games since the last thing that programmers or gamers really want to think about is account security. (Cheating security frequently is the first thing that comes to mind.)

    One of my buds ran a long thread here [incgamers.com] a while back. Several of his accounts were taken...don't remember how they got his WoW account. But it ended up that he eventually figured out that a server admin had poisoned a Web-downloadable .exe map pack file with a trojan that scraped some account info off files while running a keylogger to get anything that the scraper missed. These hackers are usually on top of their game (no pun intended).
  • by BForrester (946915) on Thursday May 27, 2010 @02:38PM (#32365808)

    RTFA. This is not a case of Symantec hammering through random servers looking for bogeymen.

    The very first sentence of the article states that the server was flagged from a new set of sample data submitted to Symantec. This is likely user data aggregated from Norton's threat detection network.

  • Re:Symantec stumbled (Score:3, Informative)

    by Anachragnome (1008495) on Thursday May 27, 2010 @05:23PM (#32368572)

    My WoW account was inactive for a year and a half.

    It was also hacked, months after I canceled my subscription. No idea how.

    So, in short, they sit on the account info and wait until it is inactive. This way they are less likely to be noticed as they link the WoW account to a battle.net account that they control. They also PAY to have the stolen account reactivated and thus raise no flags with Blizzard. It looks like someone simply reactivated the account as far as Blizzard is concerned.

    Once they have the account, and they are pretty sure nobody will be using it anytime soon (except them), they turn your best toon into a miner/herbalist and set it up to bot its way to mountains of ore/herbs. All the resources were simply mailed to another of my toons and auctioned or passed onto yet another toon on another account.

    I choose to reactivate my account while the guy was full-steam-ahead. He had dropped my enchanting on my hunter (already had 375 herbs), paid for the WotLK expansion so he could get both herbalism and mining skills to 450. He didn't touch any of my other toons, except for a level 2 in Stormwind.

    After Blizzard was done restoring my account they left the hunter with 450 Herbalism, reset the enchanting and replaced his items. He also had about 3k in gold more then he did when I canceled.

    They joy was on the level 2. STACKS and STACKS of ore that the hacker mailed to another toon came back in the mail. This worked out great as I wanted to roll a new toon with engineering. All told, I logged back in about 6k richer, more then enough to get back into the swing of things.

    At least that is what happened to my account.

There is hardly a thing in the world that some man can not make a little worse and sell a little cheaper.

Working...