Fighting malware and spam

Playing dirty: evolving security threats in the gaming world

Amir Fouda, Hannah Mariner CA

Game-targeting malicious software has been the quiet achiever in the malware landscape over the past year. In fact, over the last several years, with the worldwide explosion in popularity and profitability of online games, malware writers and hackers have turned their attention towards the growing pool of new target users. Note the increasing numbers of specialized malware that attempt to steal the online gamer's login credentials and in-game assets. Think of the social engineering tactics malware writers use to entice the unsuspecting gamer into running their malicious software.

This paper focuses on drawing attention to the rise of game-targeting malware designed to trick, steal and profit from the vulnerable gamer. What makes the gamer a tempting prospect for malware writers? What functionality does game-targeting malware exhibit? What social engineering strategies are employed in luring vulnerable users? What role does the games industry have in protecting and informing its users, and where does the security industry fit into this scheme?

Our research will track the evolution of game-targeting malware by deconstructing real-life examples. This will be presented in terms of the malware's technical capabilities, its evolving functional complexity, and indications of possible directions in the near future. We will also provide an insight into how gaming consoles are vulnerable to such attacks, as well as examining possible preventative measures for users in the gaming community.