"Winnti" Attacks On Online Gaming Servers Dissected 24
Nerval's Lobster writes "Kaspersky Lab has completed a detailed analysis of "Winnti," a group of Asian hackers who target servers hosted by gaming companies, copying their source code and surreptitiously stealing money or virtual goods over time. In findings published April 10, the security firm said it had completed the latest phase of its eighteen-month investigation. A more detailed account of an actual attacks was published separately (PDF). Winnti has attacked two gaming companies in North America, two in Germany, two in Russia, and fourteen in South Korea. Although the Winnti group has been around for years, it first came to light in 2011, when Trojans began appearing on the PCs of users playing MMORPGs, online computer games which usually require a monthly subscription. Those Trojans, which included RAT (Remote Administration Tool) functionality, had been "signed" with the digital certificate of KOG, a South Korean gaming company. In the course of its investigation, Kaspersky discovered that the gaming companies (which often share resources, partner, and subcontract out work to one another) had provided an opportunity for the Winnti team to secure access to otherwise legitimate digital certificates, which could be used to sign malware. Malware signed by Japanese gaming company YNK Japan was used to attack the servers of social networks Cyworld and Nate in South Korea in 2011."
Re:Stealing on-line gold? (Score:4, Interesting)
So far, only the mammoth of a game World of Warcraft has shown it can last from generation to generation. In general you don't want a cashcow to also have legal fees where people sue you because they lost real money in the game. But I guess with Diablo 3, they've tried real money auctions, so they have a legal team to handle this.
If I was a World of Warcraft designer, I'd add a coin you can get at high level raid bosses. The coin if consumed would give you some special power that isn't game breaking, but quite desirable(like +magic or gold find for 10 days). The coin drops at a certain % at certain raid bosses. But the trick is that the more coins people have, the less this % drop is eventually reaching zero or near zero. When people use the coin, the % drop increases again. If people delete their character, the coin is used and the % drop increases again. It'd be a function of how many coins found as the drop rate, pretty straightforward. I believe this type of drop would retain its value for a long time.