Researchers at Symantec have discovered a server hosting 44 million online gaming account credentials — but that is only part of the story.
Just as interesting as the massive amount of data is their discovery of a Trojan being used to verify the data’s validity.
“What makes this unique is not just the number of stolen accounts, but the way the criminals behind this server are going about checking the validity of the accounts,” blogged Eoin Ward, with Symantec Security Response. “Enter Trojan.Loginck, which has been created for the specific purpose of verifying their status as active.”
The program checks the log-in details by attempting to log in to gaming sites using the computers it has infected. If it succeeds, “it will update the database with the time it logged in and any user credentials,” Ward wrote. The value of the information can range from $10 to an asking price of $28,500 for an advanced “World of Warcraft” account.
“Most botnets have the ability to download and run files, so why not push a custom piece of malware to each bot?” Ward blogged.
Read more about the stolen credentials and the Trojan here.