Spyware Worm Steals Usernames and Passwords From Fantasy Role-Playing Gamers, Sophos Reports
Posted on 24 August 2005 | Other Sophos releases at HNS
Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centres, have reported that a new spyware worm, PrsKey-A, is stealing usernames, passwords and information from players of the massive multi-player internet role-playing game, "Priston Tale".
The worm lurks in the background waiting for users to enter either "Priston Tale" or the Yahoo mail system, and then begins capturing keypresses including usernames and passwords.
"More malware is being written that not only causes disruption, but also steals registration keys, passwords and data from players of computer games," said Graham Cluley, senior technology consultant for Sophos. "In many cases the virtual weapons, cash and armour needed for such games are then sold in the real world, where there's a growing demand from online gaming fanatics. If gamers buy these virtual goods online they should be careful not to purchase them from internet criminals who are making online life more dangerous for everyone."
Sophos is also seeing a trend of more battles between rival internet gamers and malicious code to assist with this kind of robbery. Disturbingly, this particular spyware worm also steals information from users of the Yahoo mail system, giving hackers an opportunity to steal infected users identities.
"Priston Tale" is a 3D fantasy multi-player game played over the internet that involves fighting monsters. The game has millions of subscribers across the globe, many of them in South Korea, where the game originated and which has an advanced internet infrastructure. It is also played in Japan, China, Taiwan, Thailand and English-speaking countries. Some players have submerged themselves into the virtual world's universe, playing for many hours at a time.
Other popular multi-player online games whose players have been targeted by viruses and Trojan horses in the past include "Lineage", "Outwar" and "Legend of Mir 2". Last month, Sophos reported that a gang had been arrested in South Korea for allegedly stealing from online gamers via password stealers.
Although there have been relatively few reports of this worm, Sophos recommends computer users ensure their anti-virus software is up-to-date, and that companies protect themselves with a consolidated solution which can defend them from the threats of both spam and viruses.
Further information can be found at: http://www.sophos.com/virusinfo/articles/priston.html