Phishers swoop for gaming credentials

Security firm Webroot is warning that cyber criminals are increasingly going after the credentials of online gamers.

In a blog posting, the firm's Andrew Brandt said that the Webroot Threat Research Group had been tracking an increase in this kind of activity since the start of the year.

He said the researchers had noted an "astonishing volume" of phishing Trojans, designed to steal the licence keys that gamers use to install copies of legitimately purchased games, and also the usernames and passwords which players use to log in to their accounts on games such as World of Warcraft.

"These single-purpose Trojans are very good at what they do, and can rapidly (and silently) report the desired information back to servers -- typically, perhaps unsurprisingly, located in China," wrote Brandt on the Webroot threat blog.

"We know the exact servers they contact, and what kinds of information they're sending. And we know why: Thar's gold in them thar WoW accounts, and the rush is on to cash in."

According to Brandt, the method by which the initial executable file gets on a user's PC varies, with exploits in malicious iframes being commonplace. Once infected, PCs could end up with "metric tons of malware on them", he added.

"I can only imagine that it takes very little effort for the jerks behind this scheme to retrieve thousands of account details," wrote Brandt.

"With such an effortless infection method, and the difficulty of prosecution (let alone identifying the perps), they don't even seem to be concerned in the slightest about covering their tracks."