Why is malware that targets online games so prevalent these days?
Why is there an interesting saying in China: "Trojan writers drive BMW" ("写木马, 开宝马")?
The writers and distributors of trojans that steal passwords and account details from popular online games have been making huge profits. Why and how can they make huge profits from writing and distributing trojans that target online games? My paper "Playing with shadows - exposing the black market for online game password theft" presented at VB 2008 addresses these questions. (You can find the slides from my presentation here.)
My paper looks at the black market that surrounds and facilitates online game password theft. It presents the 4 different products available on this black market: envelopes, stalls, trojans and trojan generators. In particular, it examines the malware (trojans and trojan generators) available for sale on the black market, and illustrates how they are maintained and supported (in a manner very similar to that used by ‘legitimate’ software products – and for similar reasons – for the money of course!). In the “Q & A” time, I had further discussions with representatives from F-Secure and high-tech crime units also working in this area.
After my presentation (before I returned to Australia) when strolling down the street in Ottawa, I found a “friend”-- another traveller who had also crossed the ocean from the other end of the Earth!