By Mike Kronenberg
E3, the annual trade show for the computer and video games industry, kicked off in Los Angeles yesterday, not long after the unofficial start of summer on Memorial Day. These events got me thinking about what many students might do with their free time over the next three months. I imagine that for legions of young PC gamers, this could mean hour after blissful hour spent honing their skills as a blacksmith and earning gold in their favorite online fantasy universe. You can bet cybercriminals are imagining the same thing, too – and banking on it.
In PC gaming, it used to be that hackers would seek to steal log-in information to take control of someone’s character for their own personal enjoyment. But they’ve figured out in-game currency translates into real-world money, and now many people log onto World of Warcraft or Lineage to find their account balances wiped to zero.
To help keep hackers out — and hopefully make their summer a little less lucrative – I’ve outlined the most common tactics for infection during gaming and how gamers (of all ages) can avoid them.
Hot links in forum posts: Aside from the fact that they’re usually out of context with the rest of the forum’s thread, these innocuous-looking URLs can be compelling enough to click. In one example we found a link that, when clicked, led to a site designed to look like YouTube. We were then prompted by a phony message from Microsoft to download the latest version of Adobe flash to view the video. Other than a couple transposed letters in the phony filename, the messages seemed legitimate, and a few clicks later, our test system was infected. While gamers tend to self-police forums for World of Warcraft and other games for these links, they’re still prevalent.
Hot links in in-game emails: Using the same tactics as above, keyloggers distribute malicious links through the World of Warcraft e-mail system and in-game chat channels. In this case, a gamer would need to copy and paste the URL into a browser to launch the site.Webroot’s research found a phishing site behind one of these links designed to look remarkably like World of Warcraft’s log-in page to capture your username and password.
Links to porn: Keyloggers will appeal to all of your senses to get you to click on links you shouldn’t. We found many such links in posts promising naked women in compromising positions leading to videos and pictures booby-trapped with malware.
Offsite infections: Hackers often bind password-stealing gaming Trojans to applications on P2P file-sharing networks to hide their presence. They jump to action when you log onto your game account.
SQL injection attacks: Once a hacker gains access to a site server’s database, he can use any number of tricks to steal your gaming account credentials. For instance, malicious code can be hidden underneath a banner ad in order to turn it into a vehicle for infection. Within PC gaming, these attacks are targeted, and they’re very difficult to anticipate. Your best defense is to use a safer browser like Firefox which has an extension called NoScript that alerts you when potentially malicious activity is detected..
Overall, the general guidelines for protecting yourself while gaming are simple:
- Be aware! If something seems too out of place or too good to be true, it probably is;
- Make sure your PC is updated with the latest operating system and browser patches;
- Consider protecting your PC with an antivirus and antispyware program;
- If you already have AV/AS installed, make sure it is updated with the latest malware definitions; and
- Download applications from their original source rather than from a P2P file-sharing network
Happy safe gaming!
Mike,
Do you think you can clarify your last point about defending against SQL injection attacks by switching to Firefox and using NoScript?
As I understand it (and you describe it), SQL injection attacks are run against a database hosted on a server, not a client or end-user. If such an attack is successful, the cracker is able to view or modify the data within that database, ranging from product pricing to username/password combinations and other personal information.
What I don’t understand is how a client-side change would affect this problem. If the attacker leveraged a SQL injection into forcing a legitimate server to host malicious JavaScript/Flash components, I can see your point. But if the only attack was a SQL injection, then the problem has to be addressed by the site’s administrators, not it’s users.
For the record, I do believe that we should all be using Firefox with NoScript (or something similar), just want to understand your post better.
IWearAWhiteHat —
You have a point; once a SQL injection attack is successful, the hacker has already gained access to whatever valuable data might be hosted on the server. This could be anything from usernames/passwords, account information, or personal information. It depends what the server was used for.
However, many times the hacker’s goal is to also propagate malware by adding malicious code to the website which is hosted on the server. In these cases, the exploit would most likely be blocked by a utility such as NoScript.
When it comes to hacked servers, it is the server admin who is responsible for fixing the issue. This leaves a legit site in a compromised state until the site admin is notified and is able to remedy the infection. In addition, site admins often do not notify their users that personal information might have been accessed, and therefore people are unable to take the necessary steps to protect themselves. Not a lot can be done to fix this, though users of sites that are attacked should be encouraged to be vocal on the site forum to alert others that their personal data may have been compromised.
MGuthrie
Webroot Threat Blog admin
thank you!