Playing with shadows - exposing the black market for online game password theft

Chun Feng Microsoft

Malicious software that targets online games has become increasingly prevalent over the past couple of years. Research into the cause of this trend has uncovered a thriving underground black market driving this malware's development and distribution.

The marketplace is organized to sell four different 'black products' to a variety of buyers. These products include 'envelopes' (stolen account information), 'stalls' (online spaces used to collect stolen account information), trojans (malware used to steal account details), and 'trojan generators' (used to generate customized trojans).

This paper explores the organization and operation of the black market and sheds light onto the clandestine relationships between the four products.

In particular, this paper presents a detailed analysis of the trojans and trojan generators sold on the black market. These products, designed by underground workshops, have been developed to include the features of both legitimate and illegitimate (i.e. malware) software products. As malware, they are deliberately designed to avoid detection and hinder removal; they also feature anti-protection mechanisms, advanced stealth functionality and often evolve through hundreds of variants. Similar to more traditional, legitimate software products, they have their own product-testing methodologies, sales channels, and support, maintenance and upgrade offerings.

Beyond doubt, there is an escalating fight between the anti-malware vendors/online game vendors and the operators of the black markets. However, the growth of this market poses considerable challenges, not just for those directly involved in the associated industries of AV and gaming, but for users, businesses and law-makers alike.

 del.icio.us  digg this! digg this

Quick Links

Poll
Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 24 comments

Jobs Recruit Sidebar

Malware Prevalence
Adware-misc |##########|
Java-Exploit |########|
Autorun |#####|
BHO/Toolbar-misc |####|
Conficker/Downadup |###|
 View this month's full report

Virus Bulletin currently has 231,340 registered users.