Gaming the gamers: tricks of the trade in the world of PWS warcraft

Chun Feng Microsoft

With the increasing prevalence of online games password stealers (hereinafter referred to as 'PWS'), game vendors and third-party security vendors are using new security mechanisms to provide better protection for online game users. However, without a doubt, there is an escalating fight between the anti-malware vendors/online game vendors and the operators of the black markets for PWS. Recent PWS have become more and more complicated and have been designed deliberately to attempt to break these protections.

This paper examines some popular protection technologies used by online games these days, such as password matrix cards, memory-based protection, and account/host binding, etc. In light of these technologies, it analyses some of the most recent PWS from the wild and unveils the novel tricks used to defeat these protections (such as DLL hijacking, for example).

Absolutely, it is more than just the responsibility of anti-malware vendors to protect the security and integrity of online games. This paper illustrates how the design/implementation of online game software, and the game users' behaviours impact on security. It also presents advice for game developers on designing with these kinds of threats in mind and advice for game users on how to improve the safety of their online game experience.

 del.icio.us  digg this! digg this

Quick Links

Poll
Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 24 comments

AusCert2014

Malware Prevalence
Adware-misc |##########|
Java-Exploit |########|
Autorun |#####|
BHO/Toolbar-misc |####|
Conficker/Downadup |###|
 View this month's full report

Virus Bulletin currently has 231,335 registered users.