Lavasoft News - February 2007

Spyware Sneaks into Virtual Worlds

Virtual worlds are not all fun and games anymore. These MMORPG's (Massive Multiplayer Online Role-Playing Games) are one of the latest targets of spyware authors.

Avert Labs estimates that 18 percent of known Trojan password-stealers, infamous for targeting financial institutions, attack these virtual worlds thanks to all the cash to be had.

In these games, players usually pay a monthly subscription fee and then insert real money in order to purchase items and interact with other fictional characters. The virtual resources purchased are typically weapons, armor and real estate.

Players can spend hundreds of hours racking up items that can be traded and a profit turned. Some are there solely to amass goods and cash and sell for real world dollars to players who do not have the time or effort to do it themselves.

The scammers are usually after the credit card and billing information for the account, or better yet, those virtual world loots. They later auction them on places like IRC or eBay for real money.

Online game accounts can be worth thousands of dollars. In October of 2005, the sale of a virtual asteroid based space resort for $100,000 US to one famed gamer in the MMORPG Entropia Universe set a world record for the most valuable virtual item.

"For a lot of the customers out there, there is more store value on their MMO characters than there is on the credit card with which they pay for the account," said Dave Weinstein, a Microsoft security development engineer at a video game development conference late last year. "The police are really good at understanding someone stole my credit card and ran up a lot of money. It's a lot harder to get them to buy into 'someone stole my magic sword'".

According to Kaspersky Lab, the first cyber crime targeting online games took place in 2003 when Trojans designed to steal user data were detected in the Asian game Legend of Mir. Since then World of Warcraft, Lineage and EVE Online have all become victims of similar attacks.

It is not only the player and his/her account that can be victimized. More and more employees are entering their virtual worlds on company computers which, security experts say, is putting businesses at risk.

"Let's say employee X sets up their own World of Warcraft server and lets people come in and play. That allows people on other machines to come into the business. It allows people outside the business to log on behind the firewall," said David Marcus with Avert Labs.

Some security suites are now adding features designed specifically for online games that block all communication between your PC and the wider web apart from the all-important game connection.

If you want to avoid being a victim in your MMORPG, never give your account details out to anyone - not even those in-game claiming to be GMs. And do not download packet editors, zeny generators, item duplicators, or botting programs.

Home  arrow

Trophy Image
Extra! Extra!
Ad-Aware Breaks Records at
Read all about it here.
More than 3/4 of Americans are net users, spending an average of 8.9 hours online a week. For the first time in 2006, the number of women logging on equaled the number of men.
Source: Survey from the Center for the Digital Future
Cookie Image
Term(s) of the Month
A cookie is a piece of data that a website saves on a user’s hard drive and retrieves when the user revisits that site. It may use a unique identifier that links to login data, preferences, etc. A tracking cookie is any cookie used for tracking users’ surfing habits. They are typically used by advertisers wishing to analyze and manage advertising data. Read more in Lavasoft’s Spyware Glossary.
Tech Tips
Did you know that the Lavasoft Support Forums are the perfect place to go for up-to-date technical advice? Forums Administrator Janie Whitty, aka Calamity Jane, checks all new posts made. Lavasoft staff members regularly go in to read and post. We also have a team of international volunteers who help our users with their questions and concerns. If you do not already have an account sign up today at There are currently more than 15,000 registered members!
Letters to the Editor
Thanks to all of you who wrote to us with your thoughts on spam and the future of e-mail. Spam definitely gets people talking. Read some of your letters here.
Text Size
If you think the text size on the back pages of Lavasoft News is too small, remember you can adjust the sizing in your browser when reading our newsletter online here.
Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg
Page footer
Home HomeAbout LavasoftPrivacy Policy