Blog

In October of 2006 we blogged (Stealing Fun for Profit) about the trend we were seeing with malicious code writers targeting users of online games, and the ways that they could make profits from attacking these customers. During the course of 2007 we tracked this trend in an ongoing fashion and saw it becoming more and more common. We aren't the only ones who have noticed this, so it's time to revisit the topic.

As it turns out, these sorts of attacks have become so prolific that it's often easy to find phishing pages attempting to steal usernames and passwords simply by going to the site for one of these games, going to its login screen to see what the real page's text is, then using a search engine to search for a sentence or so from the page.

For example, the official page for World of Warcraft -- the game mentioned in our previous blog on this subject, and one of the most popular online games out there -- has text such as the following:

"Secure World of Warcraft web pages that ask you for your account name and password will generally have URLs that begin with "https://www.worldofwarcraft.com/".

Searching Google for strings from the page returns multiple results, but results that are quite clearly not the legitimate World of Warcraft site. Some of these results even have this very warning saying that secure, legitimate pages will start with https://www.worldofwarcraft.com/, which the phishing pages do not!

Continued research on the matter shows that some of these are not, in fact, phishing sites, but rather free, emulated servers that people have set up to bypass the need to pay to play the game, or for various other reasons. Regardless of whether this is legitimate or not, there are also sites that are quite likely phishing sites, as they don't seem to have any other content associated with the login screen that suggests that they're doing anything but phishing. Many of these are even hosted on the same servers as other phishing sites we have seen in the past.

Looking further into the matter actually reveals that there are entire forums out there dedicated quite blatantly to hacking these games, with techniques for stealing account information and step-by-step instructions for how to set up your own phishing scams for the accounts. They even include directions on how to do mass emailings, and toolkits for setting up the fake phishing sites.

What's interesting about this is that the number of users and posts on the particular forum that we researched shows that there is a very large number of people interested in performing these attacks and stealing these accounts. Even more interestingly, quite a few of them don't seem to find any reason to bother trying to hide their tracks.

As more and more people get involved with online gaming, the market for the resale of accounts and in-game content, both legitimately and illegally, is only going to continue to grow along with the number of users. Additionally, it may be that attackers find these accounts to be a safer target than bigger ticket ones like banking accounts and other financial institutions. There is less legal recourse against these kinds of attacks, and fewer consumer protections, making it a much easier crime to get away with, and a much harder one to track and prosecute.

Security Researcher: Evelyn Scidmore