Malware attacks on virtual world greater than on real world

MetaSecurity’s latest post cites McAfee:

McAfee now sees more malware programmed to steal passwords for World of Warcraft now than trojans aiming for banking information, said Craig Schumager of the McAfee research labs.

This is highly misleading, I say. Banking is not just a brick-and-mortar building with furniture from the 1980s, bad art, and air-conditioning in overdrive. The exchange of funds in the virtual world, in online forums, etc. is now reaching proportions that it rivals or even replaces more traditional forms of access. Call it a back-door to the same assets, if you will. MetaSecurity hints at this perspective in the same post:

In talks with Erik Larkin at PCWorld.com, he outlined why fake game gold is more attractive than real money. Primarily, there’s less risk of getting caught and easier punishments for hacking World of Warcraft than Bank of America, but the gold is still easily commutable to real-world dollars and cents.

It goes deeper than that, as they point out in terms of a “secondary” market:

As Brock Pierce of Affinity Media (formerly IGE), put it “Fraud in the secondary market is rampant. On eBay, secondary sales were resulting in 10 percent fraud at one point I think. Someone in Russia could login through a proxy to a server in the US and make a purchase with a stolen card, turn around and resell it on the secondary market, and sell it for 75 percent in a matter of minutes. Organized crime is involved, and it’s anonymous.“

Or as Raph Koster put it: “I described this years ago at a social policy conference. And they [the government representatives] said, ‘Well it’s not drug money, but it is terrorist money.’ The government will get interested.�

Good for Koster.

I see the core of the story as malware aimed at finance is shifting to the newer less regulated methods of banking. This is not really about a move from banking to non-banking, but a move from attacking bank A to bank B, and that is a big difference in security perspective if you are a bank.

I remember arguing in political science classes about what the lifetime would be for the nation-state and its boundaries (as introduced by the medieval Italians). Will virtual worlds be dragged back into the constructs that we use today (real-world banks operating virtual-world branches) in order for us to make sense of how to regulate them, or is a whole new paradigm needed (real-world banks displaced by virtual-world challengers)?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.