[ISN] Trojan Snags World Of Warcraft Passwords To Cash Out Accounts

From: InfoSec News (isn@private)
Date: Thu May 04 2006 - 01:16:31 PDT


By Gregg Keizer 
May 2, 2006

A new password-stealing Trojan targeting players of the popular online
game "World of Warcraft" hopes to make money off secondary sales of
gamer goods, a security company warned Tuesday.

MicroWorld, an Indian-based anti-virus and security software maker
with offices in the U.S., Germany, and Malaysia, said that the
PWS.Win32.WOW.x Trojan horse was spreading fast, and attacking World
of Warcraft players.

If the attacker managed to hijack a password, he could transfer
in-game goods -- personal items, including weapons -- that the player
had accumulated to his own account, then later sell them for
real-world cash on "gray market" Web sites. Unlike some rival
multiplayer online games, Warcraft's publisher, Blizzard
Entertainment, bans the practice of trading virtual items for real

"Win32.WOW is a clear indication that malware writers are targeting
anything that involves money," said MicroWorld chief executive Govind
Rammurthy in a statement. "Bucks may be smaller compared to a Trojan
that steals bank accounts or credit card numbers...[but] cyber
criminals are not complaining as long as the target is soft and
numbers are high."

The Trojan spreads via traditional vectors, such as e-mail and
peer-to-peer file sharing, added Rammurthy, but it has also been
watched while it installs in a drive-by download from gaming sites'
pop-up ads. The surreptitious installation is accomplished by
exploiting various vulnerabilities in Microsoft's Internet Explorer
Web browser.

Identity thieves have aimed at Warcraft previously. Just over a year
ago, players were warned about a campaign that collected passwords
from a bogus log-in site.

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Thu May 04 2006 - 01:35:11 PDT