Virtual worlds are playgrounds not just for people who want some online fantasy role-playing, but for cybercriminals who are looking for places to launder money and steal data, according to a new white paper from McAfee (PDF).
The in-game economies of virtual worlds are being hijacked by criminals who attempt to hide their profits through the exchange of virtual currencies, Dr. Igor Muttik, a senior architect at McAfee's Avert Labs says in a white paper entitled "Securing Virtual Worlds Against Real Attacks--The Challenges of Online Game Development."
"Typically, when a gaming account is compromised, attackers will convert the objects they steal into virtual currency--and then convert the virtual currency into real money," the white paper says.
Scammers also are increasingly attracted to virtual worlds, where they have numerous ways of trying to steal private data for fraud. For instance, sloppy scripting in some online games allows viruses to auto-execute and propagate. There are also phishing attempts and messaging spam luring members to malicious sites for "free" games.
Also increasing in number and frequency are data-stealing Trojans that use keystroke loggers and other software to record IDs and passwords, mouse movements, and even screenshots, the report says.
And that's not all; there have been other threats in the virtual worlds. A virtual illness wiped out entire servers of users in World of Warcraft in 2005 when a design flaw allowed the disease to spread throughout low level players. Meanwhile, user-created code caused a virtual terrorist attack in Second Life, according to the report.
Because virtual worlds appeal to the underground, there's also the possibility they could serve as honey pots to attract criminals and terrorists and provide counterterrorists a glimpse into terrorist activities.