Vicious Trojan attacks on gaming sites also pose business threat

Vociferous and widespread attacks against online gaming accounts by cybercriminals have spawned a new family of Trojans.

These Trojans dominate malware activity worldwide and also poses a threat to businesses, a security expert warns.

Trojans designed to steal the online gaming account information of its victims now account for over one-third of all malware activity, reports Fortinet Technologies Inc.

The Sunnyvale, Calif.-based security vendor identified the new threat in its monthly report for June.

But just because these Trojans are designed with the purpose of hijacking online gaming accounts, doesn’t mean businesses can rest easy, says report author Derek Manky, who is a security research engineer at Fortinet.

“Most of the time, Trojans have integrated functionality so they can accept commands from a remote attacker and download new code to be used for any purpose,” says the security researcher based in Burnaby, B.C.

Two specific online gaming Trojans catapulted to Fortinet’s top 10 threats in April. Since then, the Trojans have moved into second and fourth place on the list. As a family, the malware is twice as pervasive as the next leading group of insidiously-designed software.

Devastation wrought by the Trojans is documented on World of Warcraft (WoW) technical support forums.

The WoW site has been created by Irvine, Calif.-based Blizzard Entertainment, a leading developer and publisher of entertainment software.

The popular massive-multiplayer online game’s forum is replete with user complaints bemoaning stolen accounts as a result of malware.

“Please lock the account username Txexhale,” writers one gamer. “It has been stolen along with all of my information. I believe someone key logged my e-mail address, WoW account and everything else on my computer.”

Once the account is hijacked, the attacker will often sell it on the black market, Manky says. “The motivation is financial and there’s a market for these gaming accounts.”

But the Trojans can also mine a computer for other types of sensitive data, or turn a system into a “zombie” PC – that’s part of a botnet, and then use that compromised machine to send out spam.

Businesses should be aware that cyber-criminals engineer different types of targeted attacks to lure in specific users.

One of the most prominent malware programs, known as “Pushdo,” is designed to fool business users with an e-mail feigning an invoice from delivery service UPS Inc. Once users open the attached invoice, they become infected with the Trojan.

Pushdo can be hard to detect because it buries itself deep in a system’s root kits. It also is programmed to aggressively spread its infection.

“It can harvest all the e-mail contacts on your computer to try and spread itself out further,” Manky says.

For gamers, the bait comes in the form of fake programs that promise the player benefits in the gaming world. For example, common malware lures promise players the ability to duplicate their gold or to instantly transport their avatar across the game’s virtual terrain.

“Hackers and account thieves like to put their viruses, key loggers, etc. into executable files and then make those files very appealing to our World of Warcraft fan base, to trick users into downloading and running their programs,” says the Blizzard site.

The online gaming company also notes that once a Trojan is on a player’s computer, it can steal other sensitive information from users as well.

Manky echoes this warning.

“It’s always a concern when we see a particular piece of code going around that it could land inside an organization.”  

To prevent infection, he says, IT managers should have a layered security approach in place that includes a firewall and a virus scan on end-user machines.

But he adds that user education is often the best approach to take.

End users should be taught to exercise caution when opening up attachments, as the consequences of Trojan infiltrating an organization’s network could be disastrous, the security researcher says.

“They could delete a lot of data and trigger a denial of service attack. They could bring an organization to its knees.”

There are tell-tale signs of a Trojan infection and IT managers should be alert to these, he says. These include any abnormal behaviour from a user’s computer, such as strange ports being accessed and unknown programs running.

End users should be concerned if they start getting adware pop-ups or e-mails being bounced back to them.

If an employee is overheard complaining they can’t access their Warcraft account that should also raise a red flag.

Share on LinkedIn Share with Google+
More Articles