This past weekend a middle-aged professional academic who plays Everquest II as a serious hobby reported losing a mother lode of gaming loot –Ã‚Â worth USÃ‚Â $1,000 in the cyber underground –Ã‚Â to data thieves.Ã‚Â LastWatchdog wrote this letter to the player’s guild explaining the backdrop. Names of the guild and player are kept anonymous to preserve privacy.



Dear (guild name):

Sorry to hear about (gamer’s name)Ã‚Â loss. Sadly, I’m not surprised. The cyber underground has advanced to the point where keystroke loggers are routinely included in automated cyber attacks that revolve around foolingÃ‚Â even tech-savvy individuals into clickingÃ‚Â on tainted URLs.

Stolen logons flow to different criminal specialists such as corporate spies, online banking hijackers and gamer looters. Gamer logon thieves have been active since at least 2005; the corrupting of the Miami Dolphins stadium website just before the 2007 Superbowl was carried out by a gang of data thieves primarily seeking Lineage logons.

Smart hacks

Gamer thieves often ferret out gamer logons via “drive-by downloads.” They crawl the web in search ofÃ‚Â popular websites that will permit them toÃ‚Â invisibly corrupt an “iFrame” so that it runs malicious code. If you visit that website, a malicious program runs invisibly in your browser looking for any unpatched browser vulnerabilities — or anyÃ‚Â Adobe Acrobat Reader vulnerabilities, since that app runs on 95% of browsers.

The attack code is smart enough to check what browser you’re using and run through a complete list of known, patchable vulnerabilities, looking for the ones you haven’t yet patched. The cutting-edge attack codes look for zero-day vulnerabilities –Ã‚Â freshly-discovered flawsÃ‚Â for which there areÃ‚Â no patches yet.

As soon as the attack code finds a vulnerability, it exploits the security hole. It swiftly implants a tiny wormhole, called a Trojan downloader, and you’re owned. Through this wormhole the attacker will implant a keystroke logger. These are no longer crude programs that capture all your keystrokes. Instead, they stay dormant most of the time, waking up only when you navigate to any account logon page; they quickly grab and transmit your logons to the bad guys, then go back to sleep.

In the past year or so, these type of malicious attacks, that essentially turn over full control of your machine to the attacker,Ã‚Â have expanded exponentially via Black SEO. This is the black art of causing malicious URLs to turn up high in the rankings of search queries for celebrity news and other hot topics. Click on a bad URLÃ‚Â and you will arrive at a webpage pre-loaded with a driveby download. What’s worse, these attack techniques in recent months have been extensivelyÃ‚Â adapted to Facebook messages and wall postingsÃ‚Â and Twitter microblog postings.

The botnet quotient

None of this seems likely toÃ‚Â slow down anytime soon because these attacks run off botnets. In addition to stealing your logons, the badguys willÃ‚Â send a botnet management program through the wormhole and deeply root it onto your harddrive. You are now a bot, and part of a bot network under the control of the attacker.

From time to time, your machine will receive a command to join 5,000 or 10,000 other PCs dispatched toÃ‚Â spread spam, participate in denial of service attacks and perform other criminal tasks. The big time botnet operators control hundreds of thousands of botted PCs.

Law enforcement and/or regulators would have to cut off tens of millions of infected consumer PCs and workplace PCs to materiallyÃ‚Â slow botnet activities. Here is a chart showing the pervasive daily activity level of the major spam-spreading bots. Each color represents spam generating activity levels of a major botnet:

Reducing your exposure

One way gamers can minimize exposure to malicious attacks is to dedicate a PC exclusively to gaming. Never use the browser on that machine to do search queries, social networking, online banking, or anything else. If you’re not quite ready to go as far as that, then you ought to:

InstallÃ‚Â all Microsoft and Adobe software updates as soon as they become available.

Keep your firewall up andÃ‚Â your antivirus suite updated.

Use webpage health scanning plug-ins, such asÃ‚Â McAfee SiteAdvisor or AVG LinkScanner or, better yet, both simultaneously. These free scanners willÃ‚Â block you from navigating to known or suspected bad URLs.

In general, be ÃƒÂ¼ber-circumspect about the links you click on, especially those in search results, instant messages, e-mails, Facebook messages and wall postings and Twitter Tweets. These best security and privacy practices actually hold true for anything and everythingÃ‚Â you do online. Hope that’s helpful.

Regards,

Byron Acohido

June 14th, 2010 | Imminent threats | Top Stories