I am trying to spend some time off, but I could not resist highlighting this growing and troubling trend…and taking some thoughts a bit further- considering some recent observations and studies into the avatar economy.

At Infoworld Matt Hines’ Zero Day blog we find, complete with a couple of top 10 charts and an appearance from supernova- malware smashing colleague, Paperghost, nothing that surprising.

Top Ten Web-Based Malware According to Sophos:

The top ten countries hosting web-based malware in Q1 2007 were:

1. China
2. United States
3. Russia
4. Germany
5. Ukraine
6. United Kingdom
7. France
8. Netherlands
9. South Korea
10. Taiwan

From WoW to WOW

“The ANI exploit is a sophisticated attack,” Roger Thompson, co-founder of Exploit, said in an e-mail. “We believe it first originated in China, with the relatively benign goal of stealing World of Warcraft (WoW) passwords. But within days, bad guys from around the world had picked it up and begun enhancing it for more nefarious purposes.”

In another trend, China’s roll in the security exploit world appears to be growing. The modified MDAC exploit taking leading the prevalence survey originated in China. This supports Thompson’s belief — and others including Trend Micro CEO Eva Chen and FaceTime botnet researcher Chris Boyd — that a global shift is taking place with China becoming a center for suspicious activity.

“We’re now seeing a rapid rise in the number of active cybercriminal groups in China looking to profit from exploits,” Thompson said. “The technical sophistication of Chinese exploit code is easily on a par with code coming out of the U.S. and Russia.”

What are compromised accounts trading for?

I think this is one of the key questions, among others, to ask and another sign of the power of the “post human self”.

Exploits that target Virtual games like World of Warcraft and tactics are later adapted to even more nefarious purposes (think Borg-like behavior- attack, adapt, attack, adapt)…but is World of Warcraft (WoW) hijacking really that benign?.

A Decade Ago: Quake- Gaming the Game

I can remember playing Quake ages ago (ok- 1997) and knowing how to contend with OOB (out of band) data was standard stuff if you wanted any shot at your clan surviving a llama attack. There was a very high degree of gaming outside of the game. This “nuke exploit” sent a string of OOB data to the target computer on TCP port 139 (NetBIOS), causing it to lock up and display a “Blue Screen of Death” if you had an unpatched O/S.

Worse yet if you were a HPB you had to contend with some LPB hitting you with a ping flood. This consisted of sending fragmented or invalid ICMP (Internet Control Message Protocol) packets to the foe which was easily achieved by using a modified ping utility (or command line) to repeatedly send corrupt data slowing down the target until it comes to came to a stop. Let’s not forget modified stooge bots, etc, etc.

But a decade ago- our Quake accounts didn’t matter that much. They were simply identities of pride. There were no Honor Killing, Reputation Leveling, and Profession Leveling services. You were on your own.

Fast Forward to 2007- Massively Multiplayer Online Role-Playing Games (MMORPGs) and what is benign?

The money trail researcher in me senses stronger monetary motives given the value of World of Warcraft (WoW) items on the secondary market and given that many companies are reported to use Chinese game labor to farm virtual goods.

Find it, steal it, strip it, move it- technologic. Sounds a bit like Daft Punk lyrics.

Think about this for a moment…Why power level when you can power steal- or power steal so one can power level? Why steal credit cards when you use ANI exploits to nail a hapless gamer’s account?

The path of least resistance would be to steal something that is going to be stripped down, of low “economic value” and sold at a value greater than its whole after the strip. Then diffused into a market that is hard to understand and idiosyncratic at best. Stealing credit cards is one thing- law enforcement will get that concept, but nailing a WoW account? Explain that one…”He owned by Level 70 Mage

This is pure conjecture of course…some virtual goods farmers do not use nefarious methods, from what I have observed and continue to study. Others I would not rule it out- either by ignorance or averted eyes. What next? Is someone going to target high funded resident’s Second Life accounts? I doubt it…there are copybots for all the intellectual property in Second Life and it has nowhere near the mass of World of War Craft and all that gold…The Lord of the Rings game opens up next week.

If this does interest you I highly recommend The State of Play a collection of essays curated by Jack M. Balkin, Knight Professor of Constitutional Law and the First Amendment at Yale Law School, where he is also director of the Information Society Project. I have started digging into the material and after the first three chapters and you will never see an avatar in the same light.

If you are not a reader, but hardcore WoW…you can check out this WoW Teleport Hack…hopefully they fixed this one.

Try Windows Live OneCare free for 90 days to see how easy caring for your computer can be. Download the free trial.

Popularity: 9% [?]

Share This