Rising fraud threats in virtual worlds

Virtual worlds are playgrounds not just for people who want some online fantasy role-playing, but for cybercriminals who are looking for places to launder money and steal data, according to a new white paper from McAfee (PDF).

The in-game economies of virtual worlds are being hijacked by criminals who attempt to hide their profits through the exchange of virtual currencies, Dr. Igor Muttik, a senior architect at McAfee's Avert Labs says in a white paper entitled "Securing Virtual Worlds Against Real Attacks--The Challenges of Online Game Development."

"Typically, when a gaming account is compromised, attackers will convert the objects they steal into virtual currency--and then convert the virtual currency into real money," the white paper says.

Scammers also are increasingly attracted to virtual worlds, where they have numerous ways of trying to steal private data for fraud. For instance, sloppy scripting in some online games allows viruses to auto-execute and propagate. There are also phishing attempts and messaging spam luring members to malicious sites for "free" games.

Also increasing in number and frequency are data-stealing Trojans that use keystroke loggers and other software to record IDs and passwords, mouse movements, and even screenshots, the report says.

And that's not all; there have been other threats in the virtual worlds. A virtual illness wiped out entire servers of users in World of Warcraft in 2005 when a design flaw allowed the disease to spread throughout low level players. Meanwhile, user-created code caused a virtual terrorist attack in Second Life, according to the report.

Because virtual worlds appeal to the underground, there's also the possibility they could serve as honey pots to attract criminals and terrorists and provide counterterrorists a glimpse into terrorist activities.

Gaming Trojans and Trojans (Password Stealers or PWS) targeting online banking are about equally common.

(Credit: McAfee Avert Labs)

[yacahuma]

If you are too stupid to fall for internet scams, you should be scam.

Please help me I need to give away 2M dollars but I need 1M to get it out of my country. Please send me 1M to bla bla bla, come ON!!!!

Tips:
1. Dont open email from people you dont know. Didnt you father told you that?
2. Use antivirus. Avast is free, fast and easy
3. If you like those sexualy oriented sites, create another virtual partition in you machine, or on another machine and just use it for that.
4. keep you machine updated.
5. Dont use explorer. Use firefox and do a clear all private data, the more the merrier .
6. Have a separate email account for doing stupid things. Keep your real one for important stuff.
7 Share these tips to you friends. If their machine is hacked , yours is next.

[Vegaman_Dan]

Money Laundering comes to VR worlds. It was only a matter of time, really. The more you simulate a world, the closer it comes to the real thing and that includes criminal activity as well.

[ScaryMonkey69]

Meh. As a resident in Second Life, we hear these scare tactics all the time. I can see where the phishing & email scams would work, but the whole "money laundering" thing is a joke. There are "circuit breakers" within the exchange rate that stop huge sums of money from just leaving. Large amounts are carefully scrutinized first. As for Terrorist Training- that's also a joke! C'mon McAfee!! Get Real! Most residents are LOL'ing whenever someone comes up with this hare-brained idea. Maybe in 10-20 years when the broadband speed is fast enough to negate the lag. But for now its laughable.

[play7]

Ok happy to see Second Life name in this one. Because they themselves run or had run most of the inside games banking. They even Promoted it to get poor stupid people to become bankers.

Anyways stealing within the game of Second Life is nothing new. A brower windows ups or opens the game of second life........while its no active . people have their Paswword checked to keep the passwork keept. The hacker opens the unknowing second life users client VIA a remoto exess code WALA..........stealing at its finest........Besides again who the hell knows withthis artical Again Second Life is seling everyone the idea the companies from many different types are now using their sign as a way to get more users for their products..........Tacky and lower way to track the users to believe companies are really in the Second Life. But all it is is paid advertizing.........Don`t buy this BS. Or even start playing Second Life. Because at the end your money real monies will be gone. and what money you earned will be taken way as well...................YOUR MONEY YOUR LOST............LINDEN LAB LIES....

Signed
A ex Second Life Worker

[Harrison912]

Since safety and security is my business, I like to not only read the article for good information but thanks for all those great comments too!

[play7]

Good information? You mean planted for a story you mean............Its all a VR story to stirup more tacky PR for Linden Lab........Nobody is as simple minded as you make then out to be.