WOW News Blog

The use of virtual worlds like World of Warcraft and Second Life are being targeted by organized criminals to spread key loggers, ID harvesters and to launder money. This was the waring Symantec was trying to spread to the online community of these games, these warnings are contained in their ‘Internet Security Threat Report’ and they also reported that over the next 6 to 24 months these security concerns shall rise. These virtual worlds allow players to carry on real money transactions in these virtual worlds, players can use credit cards or other payment methods to buy virtual credits and then exchange this credits with players in other countries, where they can then e locally exchanged for their currency. Symantec speculates that these worlds have virtual identities and could possibly exploited by criminals. Here is a part of the report:

“… a criminal enterprise could open several thousand MMOG accounts. Each could be used to trade with other players in the purchase or sale of in-game assets, the funds from which would ultimately be withdrawn from the accounts. Since thousands of accounts may engage in millions of transactions, each with small profits or losses, it would be difficult to trace the true source of the funds when they are withdrawn. These transactions can be conducted worldwide without the oversight that typically accompanies international bank remittances. In fact, in February 2007, China’s central bank and finance ministries called upon companies to stop trading QQ coins and virtual currencies, presumably to curb the unregulated exchange of currency.”

Rogan Mallon, Symantec senior systems engineer states that gamers themselves make the mistakes and become more susceptible to these threats. As keen gamers would usually put their security applications down to improve speed and gameplay, and many Lan parties that spread viruses more easily. Some cyber criminals take advantage of cracked software that allows them to run the games without having the disc in the machine.

This report is an update of world-wide Internet threat activity that includes a review of known vulnerabilities, highlights of malicious code and an analysis of networked based attacks. It would also asses the trends in spamming and phising activities in a six-month period.