I just had an interesting conversation with Ken Dunham, the always dedicated and meticulous head researcher for VeriSign iDefense’s Rapid Response Team.
Dunham (who, incidentally, had a relaxing Easter weekend with the family after pulling some all-nighters the week prior while tracking ANI exploits) told me how the latest Microsoft attacks are being used, in some cases, to compromise a user’s computer and steal his or her username and password for online role-playing games like World of Warcraft.
Apparently there’s an underground market for this stuff. An attacker can either pawn off the user’s account or some game assets, such as weapons or horses, for real cash. Some of the ANI exploit codes are specifically designed to “parse information” from these multiplayer games.
The good news is that apparently some cybercrooks are getting gun-shy over the feds’ crackdown on identity theft through the buying and selling of credit card information, so they’re turning their attention to virtual games. But, as Dunham says, if there’s money to be made, you better believe the bad guys are gonna show up and take advantage.