My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to the news list

Caution: Gaming fraud!

October 6, 2014

At the end of September, Doctor Web issued a report about the new Trojan program Trojan.SteamBurglar.1, which steals game items from Steam users, particularly Dota 2 fans. So far Doctor Web's security researchers have learnt about several dozen modifications of this malware. However, cybercriminals seeking to take advantage of massively multiplayer online role-playing game (MMORPG) players have other tools at their disposal to make illicit profit. In this post we will talk about the fraud techniques criminals use against gaming fans.

Modern multiplayer games cast players into virtual worlds that are complete with their own traditions, history, and culture. They even have their own economic models that enable players to buy and sell objects and even characters that have been upgraded to a certain level. Developed and maintained by Blizzard Entertainment, World of Warcraft is among the most popular games of this kind. It should be noted that the sale of characters is expressly prohibited by the rules of most multiplayer games, whose administration makes considerable efforts to stop it. So, in an effort to put an end to account trading, upon releasing a World of Warcraft update, the game’s creators offered players the option to pay to boost their characters to level 90, but this security measure did not yield the expected result. When acquiring an account on the game server, a buyer wants to get not just the character with the maximum number of different "skills" and experience points, but also game items such as armour and mounts (sometimes quite rare ones), as well as the set of skills and professions that are available for this character. The more assets are available, the greater the account price will be. In some cases, it can exceed USD 500.


The main element of risk one encounters when purchasing a character lies in the fact that most game servers (including those supported by Blizzard) associate user accounts with an email address and, sometimes, phone numbers. If an account gets blocked, the server administration may ask the user to provide their ID. That's why an account offered for sale by fraudsters can be returned to them as soon as the first support request is made. If the administration discovers that the account has been sold in violation of the rules, it will be blocked. In any case, the money will remain with the intruders, and the problems will be left to their victims.

Among other things, a potential buyer has a good chance of ending up with a stolen account that was hijacked earlier from another user. Criminals seldom steal accounts for the purpose of playing a game. More often than not, they do it for profit. Simply selling the stolen account is the most primitive way to make money. However, the shadow business involving virtual universes provides other quite real opportunities: for example, scammers can transfer all their “loot” to another account (for the purpose of engaging in further selling). The new owners of a stolen account can exploit the trust of their gaming guild compatriots by borrowing some virtual coins or robbing the guild bank. Also, criminals can use chat to distribute phishing URLs, e.g., they can publish a fake announcement about a promo on offer from the game developer that requires participants to sign in with their game login and password on a third-party website or offer them malware in the guise of a program that will help them to enhance their characters' attributes.


That's why experienced gamers recommend that new joiners take some precautions when purchasing an account. For example, in addition to requesting from the seller the password and the answer to the security question, they should also request full access to the mailbox associated with the account as well as scanned copies of the current owner's ID and the photo of the owner holding the ID in their hand—so that these can be presented to support specialists for verification. However, in reality even these steps may not help. To validate the account owner's identity, the technical support personnel can request that the photo include a recent issue of a newspaper or a magazine to prove that it was taken recently. As a result, account access will be granted to the person who will be able to provide such a photo; or if it is proven that a sale has taken place, the account will end up being blocked for good. Gamers should also remember that an agreement, whose terms they accept in order to use most game servers, usually includes the administration's disclaimer and a clause that entitles it to block any account without explanation—this often comes as a surprise to many players who get into trouble but have never actually read the License Agreement. That's why users playing popular online games should exercise caution whenever they get involved in online transactions and should try to follow the rules set by the administration, particularly the rule that prohibits the selling of accounts.

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments