Online Games and Fraud: Using Games as Bait
by Sergey Golovanov - Kaspersky Lab - Wednesday, 12 September 2007.
We all play games. Some play sports, some gamble, and for some people, life itself is a game. Even computer games have become an everyday phenomenon, with millions of people playing them. Some choose Tetris, others choose Counter Strike, and everyone has fun.

The growth of the Internet has given birth to a new type of computer game: games which players can play on any computer, with thousands - even tens of thousands - of players around the world. In the world of MMORPGs (Massive Multiplayer Online Role Playing Games), also known simply as online games, players can meet other players, become friends, engage in battle, fight shoulder to shoulder against evil, find their virtual destiny - and play, play, play... However not all is well in these virtual worlds, where virtual evil can become greedy reality. Online games are played by real people, including thieves and con artists who make real money by stealing other people's virtual property.

This article will explore how MMORPG passwords and virtual property are stolen and how other malicious acts are committed against MMORPG players.

The Games

Online games involve exploring magnificent virtual worlds and completing tasks - known as quests - which gain the players money, valuables and experience, not points as in a more traditional computer game. These virtual riches, which are earned with the character's blood, sweat and tears, can then be spent on other in-game valuables. These attributes, once purchased are used to complete even more difficult quests, earn more money, or to enable the character to simply continue wandering the game - there is no “Game Over” in online games.

Online games have rules that are determined by the developers and administrators of game servers. These are the people who spend their time and real money creating and supporting virtual worlds, and this is how they earn a living. Online games can be purchased at stores or downloaded from the Internet, but in order to play you usually have to pay a monthly subscription fee. The money from these monthly fees covers traffic costs, support for game servers, the creation of new virtual worlds and new items for players (swords, spears, ships, etc.). Players can “live” for years in these rapidly growing and constantly evolving virtual worlds.


The world of online games moves very quickly: each year new games are released and the army of players continues to grow. Almost immediately after the licensed version of a new game has been released, pirate (rogue) servers begin appearing. These rogue servers offer free versions of the worlds provided in the licensed, fee-based games.

The number of rogue servers is enormous. For example, a Google search for "private game server" on 22 June 2007 returned approximately 10,800,000 results and that number is constantly on the rise. One popular online game can spawn hundreds of thousands of rogue servers. This high number results from the fact that rogue servers are in high demand among players who want to save money or who simply don't have any, like teenagers and students. The idea is very tempting: why pay a subscription to an official server every month when you can play the same game on a rogue server and you only have to cover traffic costs? However, in reality the situation is very different...

Opening a rogue server is not an easy task. Servers have to be administered and supported, and this includes financial support that covers the cost of traffic at the very least. Why do pirates bother? The answer is simple: the administrators of rogue servers sell virtual valuables for real money. Judging by the type of equipment administrators lease for servers, the sale of virtual goods brings in a considerable income.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th