Cyber criminals now target gamers

By siliconindia   |   Monday, 23 November 2009, 21:32 IST   |    1 Comments
Printer Print Email Email
Cyber criminals now target gamers
Bangalore: Are you an avid online gamer? Watch out for the malware that would not only copy the codes of the games that you have purchased, but also your credentials and other details. Once stolen from a genuine gamer, these are sold to others to harvest money. In the last one year, the number of programmes designed to steal passwords shot up by a whopping 400 percent. Dennis Elser and Micha Pekrul of McAfee Laboratory have analyzed that the number of such programmes have leapt from around 75,000 in 2007 to over 3.8 lakh in 2008. The criminal organizations behind the circulation of malicious software often operate from countries such as Russia, China, or Brazil; and their sole interest is obtaining user credentials and turning these into cash. Vinoo Thomas, Virus Research Lead of McAfee Avert Labs told Times of India that most of the hard-core gamers accumulate 'weapons' by playing online games. These weapons can actually be sold to new comers, which make's the latter's job easy. They just buy it online and in the bargain, the hard-core gamer loses his identity and other details in his login. Infections with password stealers targeting games were less common before 2006 with 2007 onwards seeing an increase in this subcategory. During that period, underground economies sprung up around the trade of virtual game goods, like swords, helmets, and skill points. These virtual goods are later turned back into real money as soon as they're sold to other players who want to improve their gaming skills and scores without having to spend endless hours actually playing these games. 'Gold farming' is a way to make a living in some countries. In China, for example, thousands of people try to harvest as much virtual value as possible and then sell it to more prosperous players worldwide. Steam Stealer is the password thief that has evolved during this period. Though less common compared to two other professionally authored password stealers, Sinowal and Zbot, its code has a modular structure, which might indicate the existence of a construction kit or various code snippets stolen from other malware. As soon as Steam Stealer is running, it loads several modules that start collecting Firefox's saved passwords, CD keys, and product IDs of a huge list of popular games and Microsoft products. Steam Stealer follows a predefined list of registry paths belonging to the products and reads their values, which hold unencrypted credentials that the attackers hunt for. One component, explicitly targeting Steam credentials, reads and decodes a file that contains the user's Steam account and password. This file, lientRegistry.blob, is found in Steam's installation directory. The list of stolen credentials is assembled into a stack variable and saved to a separate location on disk-ready to deliver the goods to the attacker. Depending on the configuration embedded with Steam Stealer, the malware might also steal the credentials of instant messengers, email accounts, local area network accounts, and FTP accounts.