The Top Threats to Online Gamers

Fraud, thievery and malware are running rampant in online games and virtual worlds. Malware Labs at Lavasoft has compiled a list of the most common types of foul play that frequent gamers are bound to face. Keep reading, below, to prepare yourself for what you may encounter, giving you the information you need to avoid these hazards.

Rogue servers offering low or no cost games

Looking to cut corners by finding low or no cost versions of virtual worlds and online games? Not so fast! There are an abundance of rogue servers for Massively Multiplayer Online Role-Playing Games (MMORPG's) out there on the Web.

These rogue servers offer free versions of online games, and likewise are popular among those who cannot afford, or choose not to pay for, legitimate game servers. While rogue sites are widely available online, they pose a plethora of issues for users, from low game quality to support problems - and even a higher prevalence of theft and fraud.

“Administrators at rogue servers don't have the time or resources to investigate theft and fraud. This makes it easier for criminals to hide their presence and avoid getting caught,” says Albin Bodahl, a malware analyst at Lavasoft Malware Labs.

Social engineering scams and phishing to gain log-in details

In order to pilfer credit card information or log-in details from gaming accounts, scammers have been known to employ a variety of social engineering tactics to get victims to play right into their hands and give up their real or virtual world loot.

To pull off this devious tactic, criminals may login on forums or game servers and send messages to inexperienced users, offering their expertise in return for passwords or other personal information.

“They may use the information they gather to make use of the “Have you forgotten your password?” function on gaming sites. The thief will search for known answers to security questions, and then he or she will have the option to change the password and hijack the account,” Bodahl explains.

Phishing, when online scammers attempt to entice users into disclosing personal or financial information by appearing to be a trustworthy or familiar source, is also employed by thieves to specifically target gamers. According to the analysts at Malware Labs at Lavasoft, phishers, guised as representatives of the game - such the gamer server's administrator - have been known to persuade victims to authenticate their account, threatening to suspend gaming activity if they fail to comply. Once perpetrators have access to a user's password, they are able to steal the victim's virtual property and sell it to others.

Malware specifically targeting online games

Malware writers are seizing the opportunity to cash in on the transfer of money and goods that takes place regularly in online games and virtual worlds. They do this by developing Trojans aimed at plundering passwords and harvesting log-in details from users of MMORPG's.

Lavasoft Malware Labs calls this specific family of threats, which are detected by Ad-Aware, Win32.TrojanPWS.OnlineGames. Malware Labs also has MMORPG malware related to certain games in detection, such as Win32.TrojanPWS.WOW, which sets its sights on World of Warcraft players. These types of specific threats are often constructed to harvest passwords on the most popular game sites, stealing them from users as they visit the targeted game-server and fill in their log-in data.

Malware Labs works to prevent this type of fraud by constantly updating Lavasoft's Detection Database with threats related to online games and virtual worlds.

Exploiting vulnerabilities in game servers and browsers

An exploit is a vulnerability or bug in software used to take advantage of a user's system to gain unauthorized access. To target gamers, cyber criminals exploit vulnerabilities in both web browsers and game servers.

Game servers are servers, run either remotely or locally, that online entertainment fans use to play multi-player games or video games. Just like any other software, game servers can contain vulnerabilities, which can be leveraged by cyber thieves in order to access databases and passwords.

Browser exploits can be used to make the browser itself do something unexpected and unwanted, like propagating a virus or installing spyware. Browser vulnerabilities may be used by criminals on specific game sites and forums to download MMORPG malware, such as the Win32.TrojanPWS.Onlinegames family of threats.

To learn more about how to counter these types of online threats in online games and virtual worlds, read our next article, “Game On! How to Protect Yourself As You Play”.

Learn more about PlayWithPictures
Just how big is the online gaming industry? One Massively Multiplayer Online Role-Playing Game alone, World of Warcraft, has over 11 million active users. That's more users than the entire population of Sweden - the home of Lavasoft's headquarters.

Last month, we told you about the security highlights of the new Google Chrome browser. This month, we have the scoop on a Lavasoft partnership with Google that will give you the option to add an extra layer of protection to your online experience. Read more.
“Online gaming has become a massive industry over the last decade. With so many users and so much money involved, malware writers have the perfect opportunity to cash in on online games and virtual worlds.”

- Albin Bodahl, malware analyst at Lavasoft Malware Labs
Find us on
Contact us on
Follow us on
Watch us on
Pass on the news, tips and offers in this issue - e-mail Lavasoft News to a friend.

Lavasoft AB Odinsgatan 10, 411 03 Gothenburg, Sweden | |