NASA Worm Talk Underscores Spread of Online Gaming Threats

A laptop and an affinity for online gaming-that may have been all it took to introduce a cyber-security threat to a space station.

Though NASA spokesperson Kelly Humphries remained unwilling Aug. 29 to officially confirm the nature of the worm detected on laptops at the International Space Station, spaceref.com, which broke the story, and other news organizations have reported it to be the password-stealing worm W32.Gammima.AG.

What NASA has said is that there was no threat to the command and control systems at the space station. However, the possible presence of the worm, which according to Symantec spreads via removable media and is targeted at online gamers, underscores the growing pervasiveness of malware aimed at virtual games.

In its Global Threat Trends report for July, security vendor ESET ranked Trojans in the Win32/PSW.OnLineGames malware family as the most prevalent threat it had detected. In all, the malware family comprised 12.72 percent of all detected threats during the month-nearly three times as many as the next entry on the company’s top 10 list. In addition, research from McAfee has the number of unique password-stealing Trojans and keyloggers so far this year already surpassing the total for 2007.

In some cases, the damage done by malware targeting online gamers is relatively minimal; the focus of the malware author may just be on gaining an edge in a game. But the practice some users have of exchanging real money for virtual money that can be used in the games creates an incentive for cyber-thieves looking to make a buck.

In an interview with eWEEK earlier in 2008, Igor Muttik, senior architect for McAfee Avert Labs, cited ROI as the No. 1 factor for the jump in online gaming attacks.

“When you rob a bank you get quite a lot of money, but the risk is really high,” Muttik said. “In virtual gaming, the risk is virtually zero because there is no policing there at all. At the moment, all the security in virtual environments is provided by the gaming vendors and they [are] just not focused on the phenomena of stealing their virtual assets.”