Spyware worm steals usernames and passwords from fantasy role-playing gamers, Sophos reports

Sophos Press Release
Sophos's anti-virus products can shield fantasy online gamers from the worm
Sophos's anti-virus products can shield fantasy online gamers from the worm.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have reported that a new spyware worm, W32/PrsKey-A, is designed to steal usernames and passwords from players of a massive multi-player internet role-playing game.

The PrsKey-A spyware worm attempts to steal passwords and user information from players of the massive medieval fantasy role-playing game, "Priston Tale". "Priston Tale" is played over the internet and has millions of subscribers around the globe, many of them in South Korea which has an advanced internet infrastructure.

The worm lurks in the background waiting for users to enter either "Priston Tale" or the Yahoo mail system, and then begins capturing keypresses including usernames and passwords.

"More malware is being written that, as well as causing disruption, also steals registration keys, passwords and data from players of computer games," said Graham Cluley, senior technology consultant for Sophos. "This isn't just about doing better in a computer game. Criminals are stealing virtual assets like armor, money and weapons to trade for hard cash in the real world. We are seeing a trend of more battles between rival internet gamers and malicious code to assist with this kind of robbery."

Disturbingly, the spyware worm also steals information from users of the Yahoo mail system, giving hackers an opportunity to steal infected user's identities.

"Priston Tale" is a fantasy multi-player game which involves fighting monsters across a 3D world. Originating in South Korea, it is also played in Japan, China, Taiwan, Thailand and English-speaking countries. Some players have submerged themselves into the virtual world's universe, playing for many hours at a time.

Other popular multi-player online games whose players have been targeted by viruses and Trojan horses in the past include "Lineage", "Outwar" and "Legend of Mir 2". Last month, Sophos reported that a gang had been arrested in South Korea for allegedly stealing from online gamers via password stealers.

Although there have been relatively few reports of this worm, Sophos recommends computer users ensure their anti-virus software is up-to-date, and that companies protect themselves with a consolidated solution which can defend them from the threats of both spam and viruses.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.