Worlds of Scamcraft

By Matthew Hines  |  Posted 2009-09-30 Print this article Print

Attackers continue to assail users of online video games with scams aimed at parting them with their hard earned virtual assets.

Long the target of cybercriminals interested in making off with gamers' credentials to sell them for a profit, popular massive multiplayer online role-playing games (MMORPGs) have become such magnets for hacker activity that they're believed to have served as the breeding ground for some of the worst malware threats ever created - including some of the more advanced attacks aimed at the high profile Microsoft .ANI vulnerability several years ago.

However, as researchers with F-Secure have highlighted in recent days, attackers continue to refine their tactics aimed at stealing video game credentials, namely those needed to log into the wildly popular Worlds of Warcraft, creating phony log-in sites that mimic the real deal as well as any seen to this point.

With so much money to be made in selling stolen WoW merchandise, it's spawned increasingly professional attempts to do so. Gone are the days of crude knock-offs easily uncovered by the naked eye as fake, replaced by slick duplicates of the actual game site.

F-Secure specifically highlighted the emergence of new sites that promises to give WoW users access to previously unseen trial content for the game, under the guise of its legitimate producer, Blizzard, but that instead serve merely to steal usernames and passwords.

Those who do log onto the sites predictably end up losing all the electronic possessions that they've earned in the game, with their accounts also sometimes used to rope in additional users through messages sent to them from the compromised accounts, adding another level of social engineering to the attack.

The involved pages compromise a network of over a dozen different iterations of the phishing campaign, which also serves to illustrate the professionalism of the schemes, noted F-Secure.

A few years ago a Chinese national was killed by another guy who was mad that his friend had sold a virtual sword the two of them had saved up together to buy in an online fighting game.

Losing all your WoW earnings might not make you that insane, but, it's definitely got to be a serious bummer.

No matter whether it's an e-mail attachment, a link in a Twitter post or a video game log in site, if you aren't 100 percent sure that something is the real deal these days you have to double check every time.

Of course, nobody actually does that, right?

Follow eWeek Security Watch on Twitter at: eWeekSecWatch.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel