What’s McAfee up to, do you think?

Posted by in Analysis on Nov 11, 2008

So, today McAfee went on record with a very strange message. Specifically, they tell us that:

1) Malware is increasingly using Facebook as a vehicle for propagation; and
2) Malware is increasingly targeting virtual commnities (e.g., World of Warcraft, SecondLife) for password stealing

Interesting, but frankly I’m at a loss. This article interested me enough to actually go to the Avert site to try to download the research that this is coming from (which I couldn’t find, by the way), but it leaves me wondering what malware authors are smoking. Take WoW for example. The AV folks tell us the motivator is profit. If you hack a WoW account, you get the following:

1 Credit Card number
1 Address
1 Phone Number
1 Username
1 Limited-lifetime account to use for in-game spamming purposes
1000-2000 in virtual currency (say, for the sake of argument, that’s worth about 25 dollars to an in-game currency reseller like peonsforhire)

Compare that to the potential for exploitation if your malware targeted bank account information or passwords for online trading accounts. In that case you get:

1 Account number
1 Address
1 Phone Number
Upwards of 1000 dollars in real currency (that can be collected by the malware author for their own nefarious purposes)

If the motivation is profit, I’m just not getting why they would go down this road rather than the bank account road. Am I missing something here? If Avert’s numbers are right (and I don’t see why they wouldn’t be), what’s the deal?

Search
  • http://anti-virus-rants.blogspot.com kurt wismer

    when you think about profit, make sure you’re thinking about net profit… there are risks and costs associated with trying to go after such a mainstream target as a bank that aren’t there (yet) for many online games…

    also, i doubt mcafee is suggesting that game-related malware is anywhere near supplanting traditional banking malware, but i can certainly see an argument to be made that game-related malware is growing while traditional banking malware may be shrinking… online games are lower-hanging fruit, people don’t do as much to protect themselves when gaming as they do when banking…

  • http://www.terminal23.net Michael Dickey

    I can say that I’m surprised, still, at the number of attacks against WoW accounts online.

    I think it is largely because of the difference in economy between the attackers and attacked. Just like “gold farming” makes no economic sense to someone in the US, it is a solid bit of income for someone who can live nicely off $50 a week in another country.

    Likewise, WoW accounts may not be much, but the chances of being tracked down because you popped someone’s virtual character and stole some virtual game currency and had it given back forcibly by Blizzard? That’s still good risk/reward.

    Another might be how easy it is to target someone. You put up a banking-type phishing site, and you gotta hope they are using the bank you picked. But put up some spammy WoW blogs that scrape off others in an attempt to drive in hits and spread your malware, you likely get a good hit rate, especially since WoW will store this information the same exact way on every user’s system.

TwitterRssFacebook