"Winnti" Attacks On Online Gaming Servers Dissected

Nerval's Lobster writes "Kaspersky Lab has completed a detailed analysis of "Winnti," a group of Asian hackers who target servers hosted by gaming companies, copying their source code and surreptitiously stealing money or virtual goods over time. In findings published April 10, the security firm said it had completed the latest phase of its eighteen-month investigation. A more detailed account of an actual attacks was published separately (PDF). Winnti has attacked two gaming companies in North America, two in Germany, two in Russia, and fourteen in South Korea. Although the Winnti group has been around for years, it first came to light in 2011, when Trojans began appearing on the PCs of users playing MMORPGs, online computer games which usually require a monthly subscription. Those Trojans, which included RAT (Remote Administration Tool) functionality, had been "signed" with the digital certificate of KOG, a South Korean gaming company. In the course of its investigation, Kaspersky discovered that the gaming companies (which often share resources, partner, and subcontract out work to one another) had provided an opportunity for the Winnti team to secure access to otherwise legitimate digital certificates, which could be used to sign malware. Malware signed by Japanese gaming company YNK Japan was used to attack the servers of social networks Cyworld and Nate in South Korea in 2011."

Re:Stealing on-line gold?

[GoodNewsJimDotCom]

I'm surprised an online MMORPG hasn't tried to recreate what Bitcoin is. The problem as I see it is MMORPG have an infinite supply of gold, orcs drop gold, rabbits drop gold, sharks drop gold. The economy is always inflating. There is a virtual market for this gold, but it is always being cratered over time. I sell MMORPG stuff sometimes, I know this. Now if a MMORPG created a MMORPG with a limited number of gold coins in the game, the value of them would not drop over time. I think this should not be the primary currency as there is something to be said for giving noobs gold to buy better equipment at low levels. But at high levels, there could be some alternative currency, maybe even consumable like Path of Exile(goes back into the environment to be found by someone else). This currency which does not inflate, but can deflate, would hold its value as a tradable good, so long as your game retains its value.

So far, only the mammoth of a game World of Warcraft has shown it can last from generation to generation. In general you don't want a cashcow to also have legal fees where people sue you because they lost real money in the game. But I guess with Diablo 3, they've tried real money auctions, so they have a legal team to handle this.

If I was a World of Warcraft designer, I'd add a coin you can get at high level raid bosses. The coin if consumed would give you some special power that isn't game breaking, but quite desirable(like +magic or gold find for 10 days). The coin drops at a certain % at certain raid bosses. But the trick is that the more coins people have, the less this % drop is eventually reaching zero or near zero. When people use the coin, the % drop increases again. If people delete their character, the coin is used and the % drop increases again. It'd be a function of how many coins found as the drop rate, pretty straightforward. I believe this type of drop would retain its value for a long time.