|
|
|
|
|
|
| Search | ||||||||||||
| Security News | ||||||||||||
|
||||||||||||
| IT Directory | ||||||||||||
|
||||||||||||
 | |
|
2010-06-01 14:44:42 | |
|
Security firm Symantec has discovered a single server that holds the log-in credentials for 44 million online game accounts. What is impressive is not only the sheer amount of compromised game accounts, but also the way they are being gathered and verified by the ones controlling the server.
The stealing of online accounts, for games or others, is certainly not a new thing. With the use of keyloggers or other malware, it is not complicated for a person to obtain the log-in credentials of users. In this case, however, automated tools are being used to gather the credentials from vulnerable computers. The Trojan known as Infostealer.Gampass is being distributed to computers of targeted games' users. This Trojan is mostly used for harvesting registration keys and account information for Massively Multiplayer Online Role-Playing Games (MMORPG). The games in question must be installed on the target computer in order for the Trojan to release its payload. It is often distributed as game "add-ons" or on online forums. When it is installed, it logs all user-entered account information and sends these credentials to the hacker. At that point, the hacker can use the account information to log in to the account and do whatever he wants with it, usually gaining some profit. But in the case examined by Symantec, the strategy is much more elaborate than a single hacker doing some wrong with an illegally-accessed game account; the person or group behind this is obviously aiming for resale (which is usually made illegal by the games' EULA) of the accounts. But for that, they have to make sure the information they have gathered is valid. Another Trojan horse, Trojan.Loginck, is distributed through a botnet by the hackers and validates the credentials by trying to log-in to the accounts. This strategy mitigates the problem of an IP address being blocked by the game provider after too many failed log-in attempts. The scheme looks like it is quite effective so far and according to a research by Symantec, credentials could be worth up to $28,000 for an account with "several powerful characters". Prices are estimates based on asking prices by account sellers on specialized Web sites. The most affected game publisher is Chinese Web site Wayi Entertainment, with around 16 million compromised accounts. PlayNC, a service provided by NCsoft (publisher of games such as Lineage II, Guilwars and City of Heroes), is second with around 2 million compromised accounts. The popular World of Warcraft has only some 210,000 accounts in the database. Symantec recommends to update anti-virus definitions and to change your account password as an added precaution if you have an account with one of the affected games. | |
Reference 2: http://techno.branchez-vous.com/actualite/2010/05/piratage-44-millions-comptes-jeux-video.html
Reference 4: http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-052013-2257-99
|
© 2006-2010 Heptacube Inc. |