Kaspersky_Präsentation_ENG_ Gaming The Security
Transcrição
Kaspersky_Präsentation_ENG_ Gaming The Security
Gaming the security – Daily Hacker Tales GamesCom 2011 Christian Funk, Virus Analyst Global Research and Analysis Team Kaspersky Lab Having a look at numbers ... How many gamers are out there? - About 23 mln Germans play video games on a regular basis (Spiegel.de) Trend (in Germany)? - The online/browser based video gaming market grew by 15% in H1 2011 compared to the same period last year. That's 154 mln Euro (BIU) So, where is the underground market? PAGE 2 | What about online games? Find it yourself or trade PAGE 3 | What about online games? Need IMBA equipment? PAGE 4 | What's the easy way, please? PAGE 5 | What's the easy way, please? PAGE 6 | What's the easy way, please? PAGE 7 | What's the easy way, please? PAGE 8 | What's the easy way, please? PAGE 9 | Market Research Ebay gaming market monitoring for 14 days: Search term: ‘WoW gold’ (ended items only) PAGE 10 | Market Research Ebay gaming market monitoring for 14 days: Search term: ‘WoW gold’ (ended items only) The result: Number of sold items: 3286 Average price: 26,61€ Total revenue: 77.579€ - 14 days 155.158€ - 1 month Estimated total revenue in one year: PAGE 11 | 1.861.896€ Market Research Ebay gaming market monitoring for 14 days: Search term: ‘WoW account’ (ended items only) PAGE 12 | Market Research Ebay gaming market monitoring for 14 days: Search term: ‘WoW account’ (ended items only) The result: Number of sold items: 3641 Average price: 132,33€ Total revenue: 481.817€ - 14 days 963.634€ - 1 month Estimated total revenue in one year: PAGE 13 | 11.563.608€ What's the easy way, please? According to techcrunch.com, one third of all gamers paid real money for virtual goods in 2010 . . . PAGE 14 | So, how does it happen? The evil triangle of attack vectors Social Engineering Phishing PAGE 16 | Malware Daily Hacking Stories Example #1 -Phishing Real World Example #1 PAGE 18 | Real World Example #1 PAGE 19 | Phishing – A closer look PAGE 20 | Phishing – A closer look PAGE 21 | Phishing – A closer look PAGE 22 | Phishing – A closer look PAGE 23 | How can you protect yourself from phishing? Use an anti-spam solution Never click links in e-mails – always type in URL manually or use bookmark PAGE 24 | Daily Hacking Stories Example #2 - Malware What about malware? The first online gaming trojan appeared in 2002: Verdict: Trojan-PSW.Win32.Lmir Source: http://www.flickr.com/photos/satchmo1980/2208047732/ (Creative Commons) PAGE 26 | Real World Example #1 PAGE 27 | Keylogger techniques How a keystroke gets processed: kb-driver PAGE 28 | crss.exe game-thread game-window Keylogger techniques How a keystroke gets processed: kb-driver crss.exe game-thread game-window Trojan-PWS Classic keylogger method But: most game vendors encrypt keyboard messages nowadays → Obsolete! PAGE 29 | Keylogger techniques Network API Sniffer Keyboard RAM NIC Game-Server Trojan-PWS Drop-Zone PAGE 30 | Keylogger techniques Memory Sniping 0x13370001 0xCODE 0x13370002 0xFOO 0x13370003 0xBAR 0x13370004 [username] 0x13370005 [password] 0x13370006 0xWOHOO 0x13370007 0xITCONTENT 0x13370008 0xROSI PAGE 31 | Evolution of Online Gaming Malware PAGE 32 | Evolution of Online Gaming Malware Number of unique online gaming malware samples is steadily rising Known samples as of 15th August 2011: 2,408,501 PAGE 33 | How can you get infected? How can you get infected? Drive-By Downloads PAGE 35 | How can you get infected? Drive-By Downloads Botnets PAGE 36 | How can you get infected? Drive-By Downloads Botnets P2P Downloads PAGE 37 | How can you get infected? Drive-By Downloads Botnets P2P Downloads USB-Storage Devices PAGE 38 | How can you get infected? Drive-By Downloads Botnets P2P Downloads USB-Storage Devices E-Mail PAGE 39 | How can you get infected? Drive-By Downloads Botnets P2P Downloads USB-Storage Devices E-Mail Download of Gaming Related Extra Tools PAGE 40 | How can you protect yourself from malware? Check the reputation of a downloaded file, if unsure wether trustworthy or not Keep your software up-to-date Use an effective AV solution (with gaming mode) PAGE 41 | Daily Hacking Stories Example #4 – Social Engineering Social Engineering By definition: Social engineering is the art of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques¹. Methodology: Mercy Lottery with stunning prizes Scare Source [1]: Goodchild, Joan, "Social Engineering: The Basics" PAGE 43 | Evolution of Online Gaming Malware Online gaming fraud will increase as new games become available The nature of online games hasn’t changed a lot – so online gaming malware hasn’t changed either PAGE 44 | Thank You Gaming the security – Daily Hacker Tales Christian Funk, Virus Analyst Global Research and Analysis Team 18th August 2011 – GamesCom 2011, Cologne