Spyware worm steals usernames and passwords from fantasy role-playing gamers, Sophos reports

August 24, 2005 Sophos Press Release
Sophos's anti-virus products can shield fantasy online gamers from the worm
Sophos's anti-virus products can shield fantasy online gamers from the worm.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have reported that a new spyware worm, W32/PrsKey-A, is designed to steal usernames and passwords from players of a massive multi-player internet role-playing game.

The PrsKey-A spyware worm attempts to steal passwords and user information from players of the massive medieval fantasy role-playing game, "Priston Tale". "Priston Tale" is played over the internet and has millions of subscribers around the globe, many of them in South Korea which has an advanced internet infrastructure.

The worm lurks in the background waiting for users to enter either "Priston Tale" or the Yahoo mail system, and then begins capturing keypresses including usernames and passwords.

"More malware is being written that, as well as causing disruption, also steals registration keys, passwords and data from players of computer games," said Graham Cluley, senior technology consultant for Sophos. "This isn't just about doing better in a computer game. Criminals are stealing virtual assets like armor, money and weapons to trade for hard cash in the real world. We are seeing a trend of more battles between rival internet gamers and malicious code to assist with this kind of robbery."

Disturbingly, the spyware worm also steals information from users of the Yahoo mail system, giving hackers an opportunity to steal infected user's identities.

"Priston Tale" is a fantasy multi-player game which involves fighting monsters across a 3D world. Originating in South Korea, it is also played in Japan, China, Taiwan, Thailand and English-speaking countries. Some players have submerged themselves into the virtual world's universe, playing for many hours at a time.

Other popular multi-player online games whose players have been targeted by viruses and Trojan horses in the past include "Lineage", "Outwar" and "Legend of Mir 2". Last month, Sophos reported that a gang had been arrested in South Korea for allegedly stealing from online gamers via password stealers.

Although there have been relatively few reports of this worm, Sophos recommends computer users ensure their anti-virus software is up-to-date, and that companies protect themselves with a consolidated solution which can defend them from the threats of both spam and viruses.