It’s the way of the world: where a lot of people congregate, there will always be pickpockets. What is true for the real world, is true for the cyber one, too.
Gaming is known to be a big international community, and gamers are an ideal target for what has become a standard mode for attack: password-stealing Trojans.
There is a lot of money to be made in the gaming market. People are prepared to pay real money for virtual currency, equipment and bank items. Therefore it’s not surprising that researchers at Webroot found out there are malicious users who will try to steal them.
One of the most common ways that computers get “infected” is through posts on the WoW message board. In most cases, after clicking on it the person is redirected to a pornographic page where all the links lead to a malware installer (recently, we have seen this tactic used on Facebook).
After running the installer, the Trojan is installed and ready to steal password through keystroke logging, and thanks to a modification in the registry, it loads up every time you start the computer.
Well, the good thing about this is that the theft of virtual armor and money is not the same as the theft of a car or a credit card in real life (although the user did spend a lot of time and effort getting it, and he could have sold all those things himself and earned some money). The bad news is: What’s stopping those malicious attackers from using the other login credentials they collected from your infected computer?