Gaming the gamers: tricks of the trade in the world of PWS warcraft
Chun Feng Microsoft
download slides (PDF)
With the increasing prevalence of online games password stealers (hereinafter referred to as 'PWS'), game vendors and third-party
security vendors are using new security mechanisms to provide better protection for online game users. However, without a
doubt, there is an escalating fight between the anti-malware vendors/online game vendors and the operators of the black markets
for PWS. Recent PWS have become more and more complicated and have been designed deliberately to attempt to break these
This paper examines some popular protection technologies used by online games these days, such as password matrix cards,
memory-based protection, and account/host binding, etc. In light of these technologies, it analyses some of the most
recent PWS from the wild and unveils the novel tricks used to defeat these protections (such as DLL hijacking, for example).
Absolutely, it is more than just the responsibility of anti-malware vendors to protect the security and integrity of
online games. This paper illustrates how the design/implementation of online game software, and the game users' behaviours
impact on security. It also presents advice for game developers on designing with these kinds of threats in mind and
advice for game users on how to improve the safety of their online game experience.