Some of you may have heard of the book, Exploiting Online Games by Greg Hogluhd and Gary McGraw, which is a modern day look at the security of MMO’s.

If you haven’t been paying attention, you may not have noticed that the virtual items in online games are producing real currency. For some who realize this, they have taken an aggressive and efficient approach to obtaining the virtual items needed to make cash through the use of bots or other tools. Others use phishing attacks, malware, trojans, keyloggers, and more to obtain access to your account and then steal all of your items which you have worked so hard for.

A recent article @ SecurityFocus reminds us that those who make MMO’s may try to prevent this from happening, but nothing is foolproof. In the article, it is mentioned that a MMO’s design is part of the problem, as the user’s PC is used for certain processes to include keeping certain ’states’ of the game. As McGraw states in the article, “Trying to keep track of all possible state transitions in a sophisticated multi-user game is computationally infeasible,…” This makes it appear that it is very difficult to track and find the cheaters and hackers.

Is there anything that we can do to protect ourselves? Certainly. The simple rules of computer security, such as:

• 1. Do not give out your password to anyone. This includes a GM (game master), friends, or through an email to anyone.
  • If you accidently give out your password, change it immediately, even if it was to a friend.
  • Change your password every month. Use a password manager (Password Safe, KeePass) to help you.
• Keep your operating system, game client and anti-virus/spyware definitions up-to-date.
• Keep current on security related news for the game(s) you play, which could mention a phishing attack they’ve been made aware of.
• Read the security literature of your game. They all post FAQs or articles on safe gameplay.

Two last points. First, I’d like to quote McGraw on one paragraph that I felt was obviously true and important.

“So far, malicious hackers have not directly targeted game clients running on other peoples’ machines for exploit. Nor have malicious code writers written viruses or worms to go after game clients. It’s only a matter of time, though.”

Second, knowing that there are some 9 million subscribers to World of Warcraft, why not target those users if there is a definite money making opportunity. Second Life, another large MMO that allows you to convert real currency into game currency, is a look at a new and innovative gaming market. Second Life has also seen explosive growth in it’s user population, especially since you can make real money. So why wouldn’t the hacker/criminal underground target MMO’s? They will, especially since there are a number of young players that could be potential easy targets.