Online gamers targeted by cyber criminals

10 Sep 2007

Stealing online gaming accounts is predicted to become as profitable as stealing from bank accounts, as gamers are included in the growing number of categories of users targeted by cyber criminals.

A new report from CA warns of growing, more complex internet threats facing home PC users, including targeted identity theft, emerging risks with online gaming, doubling of malware exploits and new software vulnerabilities.

According to CA, gamers are under siege. The second most common malware seen this year is designed to steal gaming passwords. Characters and virtual money are being sold in underground websites that rival legitimate commodity markets.

“Spear-phishing” will grow as identity theft surpasses record levels.

Almost 3.25 million Americans discovered that their personal information has been used to open credit cards. Phishers are shifting from pure opportunism to “spearing” specific individuals based on age, socio-economic status, and so on.

Malware will increase by 132pc this year over last, with Trojans leading the pack. From January to June 2007, CA Security Advisor saw that 65pc of the malware threats were trojans, 18pc were worms, 4pc were viruses, and 13pc were other types of malware.

Mozilla Firefox will no longer be considered more secure than Microsoft Internet Explorer; and conventional wisdom that Apple Mac OS X is more secure than Microsoft Windows will crumble.

Internet Explorer and Firefox are running neck-and-neck, with 52 and 53 vulnerabilities this year respectively, and will easily surpass the number of vulnerabilities reported last year. In the first half of this year, there were 51 reported vulnerabilities for Mac OS X, 29 for Windows XP and 19 for Windows Vista.

Cyber-criminals will increasingly use a “multi-step” approach to creating and distributing malware. Multi-component malware, such as sending spam with a Trojan, allows them to fine-tune the malware-making it harder for security vendors to identify.

Lesser-known techniques to hide from security software, including “packers” or “encryptors,” are now widespread (representing two of the top five malware this year).

Internet crime groups will look more like legitimate software businesses. No more attention-seeking hackers-organised groups of criminals have developers, marketers and distribution channels. Many are located in Eastern Europe and China.

As Botnets grow, so will the risk of “bot-herders” using information about victims’ behavior to offer demographics-based marketing. Such targeted efforts would rival the largest legitimate marketing. Based on current estimates, millions of home PCs may be controlled by botnets today.

As adware and hijackers continue to fade, the spyware category will be dominated by Trojans and downloaders. The versatility of Trojans has clearly made them the tool of choice for malware authors. Downloaders will become attractive as new versions not only distribute spyware but defend against its removal.

Criminals will increasingly target lower profile but useful software, such as Adobe Acrobat Reader and Macromedia Flash, to exploit security holes. At the current rate, we’ll see twice the number of vulnerabilities in Reader and Flash.

Social networks are under fire for security weaknesses. Not only are they subject to the same weaknesses as web sites – SQL injection, cross-site scripting attacks and forgeries – but the ability to create web pages allows a criminal to post malicious code. On a social network, attacks move faster because everyone is interconnected.

Mobile social networks can also be easily attacked providing information for stalking and other crimes.

“Everyone using the Internet should be aware of the nature and severity of online threats – especially gamers, social network users, seniors, tweens and their parents” said Sean O’Connell, security consultant, CA.

“It’s especially important to teach younger users about protecting personal information and handling cyber-bullies, because even though they may be more adept at using the internet than their parents, they tend to be far less diligent about practicing safe online computing,” O’Connell added.

By John Kennedy