SlideShare uma empresa Scribd logo

Ce hv6 module 51 hacking and cheating online games

Vi Tính Hoàng Nam
Vi Tính Hoàng Nam

Ce hv6 module 51 hacking and cheating online games

Tecnologia
1 de 36
Baixar para ler offline
Ethical Hacking and Countermeasures Version 6 Module LIModule LI Hacking and Cheating Online GamesOnline Games
News EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Source: http://newpaper.asia1.com.sg/
Module Objective This module will familiarize you with: • Online Games • Basics of Game Hacking • Online Gaming Exploits • Types of Exploits • Online Gaming Risks • Threats in Online Gaming • Online Gaming Theft • Social Engineering and Phishing • Email-Worm.Win32.Lewor.a EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Module Flow Online Games Online Gaming TheftTypes of Exploits Basics of Game Hacking Online Gaming Risks Social Engineering and PhishingBasics of Game Hacking Online Gaming Risks g Online Gaming Exploits Threats in Online Gaming Email-Worm.Win32. Lewor.a EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Online Games: Introduction Online games are played over a computer network (the Internet) Online games come in different forms, including simple text based games and games with highsimple text based games and games with high graphics Online games associate themselves with online communities and form a social network EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Basics of Game Hacking Cheating Massively Distributed Systems, discoverg y y the various attacks and hacking techniques to target the vulnerabilities found in online games Game hacking includes the following techniques: • Building a bot i h i f following techniques: • Using the user interface • Operating a proxy • Manipulating memory • Drawing on a debugger EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Drawing on a debugger
Online Gaming Exploits Online Gaming Exploit is a software bug, hack or bot that is gi en to the user's in a manner not intended b theis given to the user's in a manner not intended by the developers The consideration for this type of exploit varies between games and developers The EULA (End-User License Agreement) typically affirm what type of gameplay is not acceptable Developers may consider First-person shooter (FPS) to be an exploit while others may not EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited an exploit, while others may not
Types of Exploits Wall hack: • It is the process of changing of wall properties in first-person shooters a ac : p • Wallhack gives hidden information about the players, thus by allowing players to see objects that are present behind the wall Aimbot: • Aimbot is software used in online “multiplayer first-person shooter games” • It provides guidance to the player to reach the target and gives advantage over unaided EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited target and gives advantage over unaided players
Types of Exploits (cont’d) Cham hacks: • Cham hacks are a common method of cheating in online first-person shooters It restores player models with brightly colored Cham hacks: • It restores player models with brightly colored skins such as neon red/yellow and blue/green colors • Bunny hopping or Strafe-jumping use both mouse and keyboard input Bunny hopping or Strafe-jumping: and keyboard input • The correct method and the combination depend on the game • Most of the games follow some types of user actions S FPS(Fi t P Sh t ) G h EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited • Some FPS(First Person Shooter) Games have maps made just for this trick
Online Gaming Risks li i i k i h f ll iOnline gaming risks comprise the following: • Malicious software • Risks from viruses, Trojan horses, computer worms, and spyware • Insecure or Compromised Gamer Servers • Insecure Game Coding • Risks from computer intruders • Risks from online and real-world predators • Risks are associated with strangers who may trick you to get personal or fi i l i f tifinancial information EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Online Gaming Risks (cont’d) The intruders may want to do any of these: • Capture your personal information • Steal your identity S l di d i f i• Steal your credit card information • Inappropriately contact children by pretending to be another child, setting up meetings, or tricking them into revealing personal information • Cyber prostitution• Cyber prostitution • Virtual mugging • Virtual sweatshop EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Threats in Online Gaming Gain illegal access to play the game by guessing d i i it b bbpassword or acquiring it by robbery Cheat at game play • Collude with others to attain higher levels of play • Use cheat program • Buy virtual properties/skill • Steal virtual properties/skill • Attack on gaming software that controls play levels Disrupt game play • Man-in-the-middle attack on communications • DNS (denial of service) attack • Inside job arranges disruptions Disrupt game play EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited • Inside job arranges disruptions • Release virus/worms
Threats in Online Gaming (cont’d)(cont d) Cheat while paying for game play • Obtain copies of legitimate time card serial numbers • Obtain card by robbery • Dictionary attack on time card serial number Cheat while paying for game play • Dictionary attack on time card serial number • Guess time card serial number • Use Trojans to transmit a player’s time card number • Attack on connection time tracker software I id k id f f i• Inside worker at game provider arranges for free time Steal proprietary parts of the software • Inside worker arranges theft • Attack on server containing desired software • Use Trojans to transmit desired code or design documents • Kidnap members of design team EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Kidnap members of design team
Online Gaming Theft Player authorization system in most online games is based on a password systempassword system Online games use player authorization system to verify player authenticity Malicious users steal usernames and passwords to steal items, put up for auction, and sell them to get virtual money A cyber criminal may also demand a ransom for stolen items Malicious users demand money for stolen items from the users Malicious users target most of the online game players EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Malicious users target most of the online game players
Online Gaming Theft: ScreenshotScreenshot Characters for sale on Ebay A message on a gaming forum (and some appropriate Google Ads) EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Methods Used to Stealet ods Used to Stea Passwords EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
How Passwords for Online Games are StolenGames are Stolen Cyber criminals steal only the user name and passwords of i ti d t th dd f h th ivictim users, and not the address of server where the user is actually playing the game Malicious users log on to the machine where the victim is actually playing EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Social Engineering and Phishing Social engineering: • A person using social engineering try to gain the confidence of someone who is authorized to access the network in order to reveal information Social engineering: who is authorized to access the network in order to reveal information that compromises the network's security • Cyber criminal sends phishing emails, from the server administrators, Phishing: Cyber criminal sends phishing emails, from the server administrators, which invite player to authenticate his/ her account via a website linked in the message • Cyber criminals enter a game or a forum on a game server and offer a bonus, or help in the game, in exchange for other players’ passwords M li i hi hi /h l ( i h ld f d ) d EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited • Malicious user achieves his/her goal (getting hold of passwords) and leaves his/ her victims with nothing
An Example of a Phishing Email llHello, You have been sent this email because you are a registered user on our server (www.Lineage2.su). Because the number of registered users of our server has increased sharply over the last month, we have to purge i ti t f d t b Pl fi th t till linactive accounts from our database. Please confirm that you still play on our server by undergoing authentification here: If you do not authenticate your account within 48 hours of receiving this message your account will be deleted, and it will not be possible to restore it. Y EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Yours, The Lineage2.su administrators
News: Phishing Attack on Gamers' AccountsGamers Accounts EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Exploiting Game Server VulnerabilitiesVulnerabilities Game Servers comes with system services, programs and databases designed to support on line gamessupport on line games Game server software might contain programming errors, bugs, and vulnerabilities Attackers use these vulnerabilities to exploit the Game Server and gain access to the databases After gaining access they execute arbitrary code and retrieve the encrypted passwords Another way to get passwords is by clicking on forgotten passwords Cyber criminals send mails with malicious content to the target user, then EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Cyber criminals send mails with malicious content to the target user, then change the victim's password, and enter the game using new password
Vulnerability in-Game Chat in Lineage 2Lineage 2 EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Using Malware Malicious users create malware and send it using • Publishing links to malicious programs which claim to be game patches on player message boards Malicious users create malware and send it using any means possible: on player message boards • Sending in-game spam containing links to a malicious program presented as a “new patch” • Sending spam via email with a malicious program attached, or a link to a malicious programa c ous p og a • Spreading malicious programs via file sharing networks • Exploiting browser vulnerabilities in order to download malicious programs when a user visits a game-related website EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Using Malware (cont’d) Translated, the message above reads as follows: Attention all, Certain people in this game have been forcefully recommending a certain path, which allegedly makes it possible to enchant items completely safely. This patch is actually a Trojan which steals your user name and password. We ask you not to launch this patch, and if you've already downloaded it and launched it it's still not too late to change your password Andalready downloaded it and launched it, it s still not too late to change your password. And here's a general earnest request - don't download any dodgy patches because they could contain all types of viruses and Trojans imaginable. In such cases the administrators won't take any responsibility for the loss of your characters. Only use the patches which are on our it EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited site.
Malicious Programs and MalwareMalware The following are Malicious Programs and j i The following are Malicious Programs and Malware designed to attack online game players: • Trojan-PSW.Win32 • Trojan.Win32.Qhost • Trojan-Spy.Win32.Delf • Trojan-PSW.Win32Trojan PSW.Win32 EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Message from a gamer about a password stolen by a malicious program
Email-Worm.Win32.Lewor.a The first worm to steal passwords for online gamesp g This worm sends itself to addresses harvested from Outlook Express address books on infected computersp If the worm finds user name, password, and server address on an infected computer, it saves that data to an FTP server belonging to a malicious user The malware would be designed to copy itself to removable disks with an additional file called “autorun.inf” One example of this class of malicious programs is classified by Kaspersky Lab as Worm.Win32.Viking Currently the most recent achievement by those writing viruses for online EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Currently, the most recent achievement by those writing viruses for online games is the polymorphic Virus.Win32.Alman.a and its successor, Virus.Win32.Hala.a
Part of a file infected by Virus.Win32.Alman.aVirus.Win32.Alman.a EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Online Gaming Malware from 1997-20071997 2007 EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
How Modern Attacks are ConductedConducted Attacks on computer players are conducted by creating worms that h l i l f ihave multiple functions: • Self-replicating (email worms, P2P worms, network worms) • Infecting executable files (viruses)g • Masking their presence in system (rootkits) • Stealing passwords (PSW Trojans) The passwords retrieved after the attack is sent to an email address orThe passwords retrieved after the attack is sent to an email address or to an FTP server on a .cn domain EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Geographical Considerations The theft of passwords of online games primarily concerns China and South Korea The reasons are not entirely clear, but the figures speak for themselves: over 90% of all Trojans targeting online games are written in China, and 90% of passwords stolen by these Trojans belong to players on South Korean sites EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Statistics Total number of malicious programs targeting online game passwords Malicious programs targeting Lineage 2 and World of Warcraft passwords, 2006 EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Source: http://www.viruslist.com/
Best Practices for Secure Online GamingGaming Steps for protecting Online GamingSteps for protecting Online Gaming from risks are: • Use antivirus and antispyware programs • Be cautious about opening files attached to email messages or instant messages Verify the authenticity and security of• Verify the authenticity and security of downloaded files and new software • Configure your web browsers securely • Use a firewallUse a e a • Identify and back-up your personal or financial data • Create and use strong passwords h d d li i f EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited • Patch and update your application software
Summary Online games are played over a computer network (the Internet) and come in varied forms ranging from simple text based games to games incorporating complex graphics d i l ldand virtual worlds Cheating Massively Distributed Systems, discover the various attacks and hacking techniques to target the vulnerabilities found in online games After the theft, malicious users can demand money for stolen items from the users. All online game users are made target by cyber criminals M li i l t th hi h th i ti i t ll l iMalicious user log on to the machine where the victim is actually playing. With online games fast growth and popularity, cheating online games has become a regular incident in current game play on the Internetg g p y Cyber criminals steal only the user name and passwords of victim users, and not the address of server where the user is actually playing the game. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Game Servers comes with system services, programs and databases designed to support on line games
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited

Recomendados

Ce hv6 module 59 how to steal passwords
Ce hv6 module 59 how to steal passwordsCe hv6 module 59 how to steal passwords
Ce hv6 module 59 how to steal passwords
Vi Tính Hoàng Nam
 
TD3 Drofessional Developper CEH trojans & backdoors
TD3 Drofessional Developper CEH trojans & backdoorsTD3 Drofessional Developper CEH trojans & backdoors
TD3 Drofessional Developper CEH trojans & backdoors
th3prodevelopper
 
TH3 Professional Developper CEH hacking email accounts
TH3 Professional Developper CEH hacking email accountsTH3 Professional Developper CEH hacking email accounts
TH3 Professional Developper CEH hacking email accounts
th3prodevelopper
 
TheGRID
TheGRIDTheGRID
TheGRID
e-Lock Corporation
 
Qtx 6404
Qtx 6404Qtx 6404
Qtx 6404
Vi Tính Hoàng Nam
 
Ceh v5 module 18 linux hacking
Ceh v5 module 18 linux hackingCeh v5 module 18 linux hacking
Ceh v5 module 18 linux hacking
Vi Tính Hoàng Nam
 
Ceh v5 module 21 cryptography
Ceh v5 module 21 cryptographyCeh v5 module 21 cryptography
Ceh v5 module 21 cryptography
Vi Tính Hoàng Nam
 
Ce hv6 module 43 cyber warfare hacking al-qaida and terrorism
Ce hv6 module 43 cyber warfare hacking al-qaida and terrorismCe hv6 module 43 cyber warfare hacking al-qaida and terrorism
Ce hv6 module 43 cyber warfare hacking al-qaida and terrorism
Vi Tính Hoàng Nam
 

Recomendados

Ce hv6 module 59 how to steal passwords
Ce hv6 module 59 how to steal passwordsCe hv6 module 59 how to steal passwords
Ce hv6 module 59 how to steal passwords
Vi Tính Hoàng Nam
 
TD3 Drofessional Developper CEH trojans & backdoors
TD3 Drofessional Developper CEH trojans & backdoorsTD3 Drofessional Developper CEH trojans & backdoors
TD3 Drofessional Developper CEH trojans & backdoors
th3prodevelopper
 
TH3 Professional Developper CEH hacking email accounts
TH3 Professional Developper CEH hacking email accountsTH3 Professional Developper CEH hacking email accounts
TH3 Professional Developper CEH hacking email accounts
th3prodevelopper
 
TheGRID
TheGRIDTheGRID
TheGRID
e-Lock Corporation
 
Qtx 6404
Qtx 6404Qtx 6404
Qtx 6404
Vi Tính Hoàng Nam
 
Ceh v5 module 18 linux hacking
Ceh v5 module 18 linux hackingCeh v5 module 18 linux hacking
Ceh v5 module 18 linux hacking
Vi Tính Hoàng Nam
 
Ceh v5 module 21 cryptography
Ceh v5 module 21 cryptographyCeh v5 module 21 cryptography
Ceh v5 module 21 cryptography
Vi Tính Hoàng Nam
 
Ce hv6 module 43 cyber warfare hacking al-qaida and terrorism
Ce hv6 module 43 cyber warfare hacking al-qaida and terrorismCe hv6 module 43 cyber warfare hacking al-qaida and terrorism
Ce hv6 module 43 cyber warfare hacking al-qaida and terrorism
Vi Tính Hoàng Nam
 
Ce hv6 module 64 economic espionage
Ce hv6 module 64 economic espionageCe hv6 module 64 economic espionage
Ce hv6 module 64 economic espionage
Vi Tính Hoàng Nam
 
Ce hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database serversCe hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database servers
Vi Tính Hoàng Nam
 
Ce hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsCe hv6 module 58 credit card frauds
Ce hv6 module 58 credit card frauds
Vi Tính Hoàng Nam
 
Ce hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warezCe hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warez
Vi Tính Hoàng Nam
 
Ce hv6 module 61 threats and countermeasures
Ce hv6 module 61 threats and countermeasuresCe hv6 module 61 threats and countermeasures
Ce hv6 module 61 threats and countermeasures
Vi Tính Hoàng Nam
 
Ce hv6 module 63 botnets
Ce hv6 module 63 botnetsCe hv6 module 63 botnets
Ce hv6 module 63 botnets
Vi Tính Hoàng Nam
 
Ce hv6 module 53 hacking web browsers
Ce hv6 module 53 hacking web browsersCe hv6 module 53 hacking web browsers
Ce hv6 module 53 hacking web browsers
Vi Tính Hoàng Nam
 
Ce hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data lossCe hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data loss
Vi Tính Hoàng Nam
 
Ce hv6 module 62 case studies
Ce hv6 module 62 case studiesCe hv6 module 62 case studies
Ce hv6 module 62 case studies
Vi Tính Hoàng Nam
 
Ce hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atomCe hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atom
Vi Tính Hoàng Nam
 
Ce hv6 module 47 spying technologies
Ce hv6 module 47 spying technologiesCe hv6 module 47 spying technologies
Ce hv6 module 47 spying technologies
Vi Tính Hoàng Nam
 
Ce hv6 module 44 internet content filtering techniques
Ce hv6 module 44 internet content filtering techniquesCe hv6 module 44 internet content filtering techniques
Ce hv6 module 44 internet content filtering techniques
Vi Tính Hoàng Nam
 
Ce hv6 module 60 firewall technologies
Ce hv6 module 60 firewall technologiesCe hv6 module 60 firewall technologies
Ce hv6 module 60 firewall technologies
Vi Tính Hoàng Nam
 
Ce hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internetCe hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internet
Vi Tính Hoàng Nam
 
Ce hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computersCe hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computers
Vi Tính Hoàng Nam
 
Ce hv6 module 56 hacking global positioning system
Ce hv6 module 56 hacking global positioning systemCe hv6 module 56 hacking global positioning system
Ce hv6 module 56 hacking global positioning system
Vi Tính Hoàng Nam
 
Ce hv6 module 65 patch management
Ce hv6 module 65 patch managementCe hv6 module 65 patch management
Ce hv6 module 65 patch management
Vi Tính Hoàng Nam
 
Ceh v5 module 17 physical security
Ceh v5 module 17 physical securityCeh v5 module 17 physical security
Ceh v5 module 17 physical security
Vi Tính Hoàng Nam
 
Ceh v5 module 22 penetration testing
Ceh v5 module 22 penetration testingCeh v5 module 22 penetration testing
Ceh v5 module 22 penetration testing
Vi Tính Hoàng Nam
 
Ce hv6 module 54 proxy server technologies
Ce hv6 module 54 proxy server technologiesCe hv6 module 54 proxy server technologies
Ce hv6 module 54 proxy server technologies
Vi Tính Hoàng Nam
 
Session2 2 김휘강 codegate2(hkkim)
Session2 2 김휘강 codegate2(hkkim)Session2 2 김휘강 codegate2(hkkim)
Session2 2 김휘강 codegate2(hkkim)
Korea University
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
Keshab Nath
 

Mais conteúdo relacionado

Destaque

Destaque (20)

Ce hv6 module 64 economic espionage
Ce hv6 module 64 economic espionageCe hv6 module 64 economic espionage
Ce hv6 module 64 economic espionage
 
Ce hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database serversCe hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database servers
 
Ce hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsCe hv6 module 58 credit card frauds
Ce hv6 module 58 credit card frauds
 
Ce hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warezCe hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warez
 
Ce hv6 module 61 threats and countermeasures
Ce hv6 module 61 threats and countermeasuresCe hv6 module 61 threats and countermeasures
Ce hv6 module 61 threats and countermeasures
 
Ce hv6 module 63 botnets
Ce hv6 module 63 botnetsCe hv6 module 63 botnets
Ce hv6 module 63 botnets
 
Ce hv6 module 53 hacking web browsers
Ce hv6 module 53 hacking web browsersCe hv6 module 53 hacking web browsers
Ce hv6 module 53 hacking web browsers
 
Ce hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data lossCe hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data loss
 
Ce hv6 module 62 case studies
Ce hv6 module 62 case studiesCe hv6 module 62 case studies
Ce hv6 module 62 case studies
 
Ce hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atomCe hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atom
 
Ce hv6 module 47 spying technologies
Ce hv6 module 47 spying technologiesCe hv6 module 47 spying technologies
Ce hv6 module 47 spying technologies
 
Ce hv6 module 44 internet content filtering techniques
Ce hv6 module 44 internet content filtering techniquesCe hv6 module 44 internet content filtering techniques
Ce hv6 module 44 internet content filtering techniques
 
Ce hv6 module 60 firewall technologies
Ce hv6 module 60 firewall technologiesCe hv6 module 60 firewall technologies
Ce hv6 module 60 firewall technologies
 
Ce hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internetCe hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internet
 
Ce hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computersCe hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computers
 
Ce hv6 module 56 hacking global positioning system
Ce hv6 module 56 hacking global positioning systemCe hv6 module 56 hacking global positioning system
Ce hv6 module 56 hacking global positioning system
 
Ce hv6 module 65 patch management
Ce hv6 module 65 patch managementCe hv6 module 65 patch management
Ce hv6 module 65 patch management
 
Ceh v5 module 17 physical security
Ceh v5 module 17 physical securityCeh v5 module 17 physical security
Ceh v5 module 17 physical security
 
Ceh v5 module 22 penetration testing
Ceh v5 module 22 penetration testingCeh v5 module 22 penetration testing
Ceh v5 module 22 penetration testing
 
Ce hv6 module 54 proxy server technologies
Ce hv6 module 54 proxy server technologiesCe hv6 module 54 proxy server technologies
Ce hv6 module 54 proxy server technologies
 

Semelhante a Ce hv6 module 51 hacking and cheating online games

Session2 2 김휘강 codegate2(hkkim)
Session2 2 김휘강 codegate2(hkkim)Session2 2 김휘강 codegate2(hkkim)
Session2 2 김휘강 codegate2(hkkim)
Korea University
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
Keshab Nath
 
Module 2 threats-b
Module 2 threats-bModule 2 threats-b
Module 2 threats-b
BbAOC
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
Mehedi Hasan
 
Security Issues in Massively Multiplayer Online Games
Security Issues in Massively Multiplayer Online GamesSecurity Issues in Massively Multiplayer Online Games
Security Issues in Massively Multiplayer Online Games
DebbieJiang
 
Web defacement
Web defacementWeb defacement
Web defacement
student
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdf
w4tgrgdyryfh
 
You think you are safe online. Are You?
You think you are safe online. Are You?You think you are safe online. Are You?
You think you are safe online. Are You?
TechGenie
 

Semelhante a Ce hv6 module 51 hacking and cheating online games (20)

Session2 2 김휘강 codegate2(hkkim)
Session2 2 김휘강 codegate2(hkkim)Session2 2 김휘강 codegate2(hkkim)
Session2 2 김휘강 codegate2(hkkim)
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
Web Security
Web SecurityWeb Security
Web Security
 
Module 2 threats-b
Module 2 threats-bModule 2 threats-b
Module 2 threats-b
 
Developers vs Cybercriminals: Protecting your MMO from online crime
Developers vs Cybercriminals: Protecting your MMO from online crimeDevelopers vs Cybercriminals: Protecting your MMO from online crime
Developers vs Cybercriminals: Protecting your MMO from online crime
 
En game hacking
En game hackingEn game hacking
En game hacking
 
League of legends is hacked, with crucial user info accessed
League of legends is hacked, with crucial user info accessedLeague of legends is hacked, with crucial user info accessed
League of legends is hacked, with crucial user info accessed
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi
 
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsCeh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoors
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
 
Security Issues in Massively Multiplayer Online Games
Security Issues in Massively Multiplayer Online GamesSecurity Issues in Massively Multiplayer Online Games
Security Issues in Massively Multiplayer Online Games
 
hacking
hackinghacking
hacking
 
Web defacement
Web defacementWeb defacement
Web defacement
 
h@kin9 & vulnerability assessment in android
h@kin9 & vulnerability assessment in androidh@kin9 & vulnerability assessment in android
h@kin9 & vulnerability assessment in android
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
 
Cyber security
Cyber securityCyber security
Cyber security
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdf
 
You think you are safe online. Are You?
You think you are safe online. Are You?You think you are safe online. Are You?
You think you are safe online. Are You?
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
 
Project KidHack - Teaching Kids Security through Gaming at BSidesTampa on Feb...
Project KidHack - Teaching Kids Security through Gaming at BSidesTampa on Feb...Project KidHack - Teaching Kids Security through Gaming at BSidesTampa on Feb...
Project KidHack - Teaching Kids Security through Gaming at BSidesTampa on Feb...
 

Mais de Vi Tính Hoàng Nam

Mais de Vi Tính Hoàng Nam (20)

CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)
 
CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)
 
Catalogue 2015
Catalogue 2015Catalogue 2015
Catalogue 2015
 
Tl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vnTl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vn
 
CATALOGUE CAMERA GIÁM SÁT
CATALOGUE CAMERA GIÁM SÁTCATALOGUE CAMERA GIÁM SÁT
CATALOGUE CAMERA GIÁM SÁT
 
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
 
Các loại cáp mạng
Các loại cáp mạngCác loại cáp mạng
Các loại cáp mạng
 
Catalogue 10-2014-new
Catalogue 10-2014-newCatalogue 10-2014-new
Catalogue 10-2014-new
 
Camera QTX-1210
Camera QTX-1210Camera QTX-1210
Camera QTX-1210
 
Brochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 SeriesBrochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 Series
 
NSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báoNSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báo
 
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quangSLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
 
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quangSLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
 
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQPEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
 
HRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008EHRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008E
 
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênhRPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênh
 
RPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênhRPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênh
 
HCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênhHCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênh
 
HCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênhHCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênh
 
I phone v1.2_e
I phone v1.2_eI phone v1.2_e
I phone v1.2_e
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Último (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 

Ce hv6 module 51 hacking and cheating online games

  • 1. Ethical Hacking and Countermeasures Version 6 Module LIModule LI Hacking and Cheating Online GamesOnline Games
  • 2. News EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Source: http://newpaper.asia1.com.sg/
  • 3. Module Objective This module will familiarize you with: • Online Games • Basics of Game Hacking • Online Gaming Exploits • Types of Exploits • Online Gaming Risks • Threats in Online Gaming • Online Gaming Theft • Social Engineering and Phishing • Email-Worm.Win32.Lewor.a EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 4. Module Flow Online Games Online Gaming TheftTypes of Exploits Basics of Game Hacking Online Gaming Risks Social Engineering and PhishingBasics of Game Hacking Online Gaming Risks g Online Gaming Exploits Threats in Online Gaming Email-Worm.Win32. Lewor.a EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 5. Online Games: Introduction Online games are played over a computer network (the Internet) Online games come in different forms, including simple text based games and games with highsimple text based games and games with high graphics Online games associate themselves with online communities and form a social network EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 6. Basics of Game Hacking Cheating Massively Distributed Systems, discoverg y y the various attacks and hacking techniques to target the vulnerabilities found in online games Game hacking includes the following techniques: • Building a bot i h i f following techniques: • Using the user interface • Operating a proxy • Manipulating memory • Drawing on a debugger EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Drawing on a debugger
  • 7. Online Gaming Exploits Online Gaming Exploit is a software bug, hack or bot that is gi en to the user's in a manner not intended b theis given to the user's in a manner not intended by the developers The consideration for this type of exploit varies between games and developers The EULA (End-User License Agreement) typically affirm what type of gameplay is not acceptable Developers may consider First-person shooter (FPS) to be an exploit while others may not EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited an exploit, while others may not
  • 8. Types of Exploits Wall hack: • It is the process of changing of wall properties in first-person shooters a ac : p • Wallhack gives hidden information about the players, thus by allowing players to see objects that are present behind the wall Aimbot: • Aimbot is software used in online “multiplayer first-person shooter games” • It provides guidance to the player to reach the target and gives advantage over unaided EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited target and gives advantage over unaided players
  • 9. Types of Exploits (cont’d) Cham hacks: • Cham hacks are a common method of cheating in online first-person shooters It restores player models with brightly colored Cham hacks: • It restores player models with brightly colored skins such as neon red/yellow and blue/green colors • Bunny hopping or Strafe-jumping use both mouse and keyboard input Bunny hopping or Strafe-jumping: and keyboard input • The correct method and the combination depend on the game • Most of the games follow some types of user actions S FPS(Fi t P Sh t ) G h EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited • Some FPS(First Person Shooter) Games have maps made just for this trick
  • 10. Online Gaming Risks li i i k i h f ll iOnline gaming risks comprise the following: • Malicious software • Risks from viruses, Trojan horses, computer worms, and spyware • Insecure or Compromised Gamer Servers • Insecure Game Coding • Risks from computer intruders • Risks from online and real-world predators • Risks are associated with strangers who may trick you to get personal or fi i l i f tifinancial information EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 11. Online Gaming Risks (cont’d) The intruders may want to do any of these: • Capture your personal information • Steal your identity S l di d i f i• Steal your credit card information • Inappropriately contact children by pretending to be another child, setting up meetings, or tricking them into revealing personal information • Cyber prostitution• Cyber prostitution • Virtual mugging • Virtual sweatshop EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 12. Threats in Online Gaming Gain illegal access to play the game by guessing d i i it b bbpassword or acquiring it by robbery Cheat at game play • Collude with others to attain higher levels of play • Use cheat program • Buy virtual properties/skill • Steal virtual properties/skill • Attack on gaming software that controls play levels Disrupt game play • Man-in-the-middle attack on communications • DNS (denial of service) attack • Inside job arranges disruptions Disrupt game play EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited • Inside job arranges disruptions • Release virus/worms
  • 13. Threats in Online Gaming (cont’d)(cont d) Cheat while paying for game play • Obtain copies of legitimate time card serial numbers • Obtain card by robbery • Dictionary attack on time card serial number Cheat while paying for game play • Dictionary attack on time card serial number • Guess time card serial number • Use Trojans to transmit a player’s time card number • Attack on connection time tracker software I id k id f f i• Inside worker at game provider arranges for free time Steal proprietary parts of the software • Inside worker arranges theft • Attack on server containing desired software • Use Trojans to transmit desired code or design documents • Kidnap members of design team EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Kidnap members of design team
  • 14. Online Gaming Theft Player authorization system in most online games is based on a password systempassword system Online games use player authorization system to verify player authenticity Malicious users steal usernames and passwords to steal items, put up for auction, and sell them to get virtual money A cyber criminal may also demand a ransom for stolen items Malicious users demand money for stolen items from the users Malicious users target most of the online game players EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Malicious users target most of the online game players
  • 15. Online Gaming Theft: ScreenshotScreenshot Characters for sale on Ebay A message on a gaming forum (and some appropriate Google Ads) EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 16. Methods Used to Stealet ods Used to Stea Passwords EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 17. How Passwords for Online Games are StolenGames are Stolen Cyber criminals steal only the user name and passwords of i ti d t th dd f h th ivictim users, and not the address of server where the user is actually playing the game Malicious users log on to the machine where the victim is actually playing EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 18. Social Engineering and Phishing Social engineering: • A person using social engineering try to gain the confidence of someone who is authorized to access the network in order to reveal information Social engineering: who is authorized to access the network in order to reveal information that compromises the network's security • Cyber criminal sends phishing emails, from the server administrators, Phishing: Cyber criminal sends phishing emails, from the server administrators, which invite player to authenticate his/ her account via a website linked in the message • Cyber criminals enter a game or a forum on a game server and offer a bonus, or help in the game, in exchange for other players’ passwords M li i hi hi /h l ( i h ld f d ) d EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited • Malicious user achieves his/her goal (getting hold of passwords) and leaves his/ her victims with nothing
  • 19. An Example of a Phishing Email llHello, You have been sent this email because you are a registered user on our server (www.Lineage2.su). Because the number of registered users of our server has increased sharply over the last month, we have to purge i ti t f d t b Pl fi th t till linactive accounts from our database. Please confirm that you still play on our server by undergoing authentification here: If you do not authenticate your account within 48 hours of receiving this message your account will be deleted, and it will not be possible to restore it. Y EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Yours, The Lineage2.su administrators
  • 20. News: Phishing Attack on Gamers' AccountsGamers Accounts EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 21. Exploiting Game Server VulnerabilitiesVulnerabilities Game Servers comes with system services, programs and databases designed to support on line gamessupport on line games Game server software might contain programming errors, bugs, and vulnerabilities Attackers use these vulnerabilities to exploit the Game Server and gain access to the databases After gaining access they execute arbitrary code and retrieve the encrypted passwords Another way to get passwords is by clicking on forgotten passwords Cyber criminals send mails with malicious content to the target user, then EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Cyber criminals send mails with malicious content to the target user, then change the victim's password, and enter the game using new password
  • 22. Vulnerability in-Game Chat in Lineage 2Lineage 2 EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 23. Using Malware Malicious users create malware and send it using • Publishing links to malicious programs which claim to be game patches on player message boards Malicious users create malware and send it using any means possible: on player message boards • Sending in-game spam containing links to a malicious program presented as a “new patch” • Sending spam via email with a malicious program attached, or a link to a malicious programa c ous p og a • Spreading malicious programs via file sharing networks • Exploiting browser vulnerabilities in order to download malicious programs when a user visits a game-related website EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 24. Using Malware (cont’d) Translated, the message above reads as follows: Attention all, Certain people in this game have been forcefully recommending a certain path, which allegedly makes it possible to enchant items completely safely. This patch is actually a Trojan which steals your user name and password. We ask you not to launch this patch, and if you've already downloaded it and launched it it's still not too late to change your password Andalready downloaded it and launched it, it s still not too late to change your password. And here's a general earnest request - don't download any dodgy patches because they could contain all types of viruses and Trojans imaginable. In such cases the administrators won't take any responsibility for the loss of your characters. Only use the patches which are on our it EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited site.
  • 25. Malicious Programs and MalwareMalware The following are Malicious Programs and j i The following are Malicious Programs and Malware designed to attack online game players: • Trojan-PSW.Win32 • Trojan.Win32.Qhost • Trojan-Spy.Win32.Delf • Trojan-PSW.Win32Trojan PSW.Win32 EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 26. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Message from a gamer about a password stolen by a malicious program
  • 27. Email-Worm.Win32.Lewor.a The first worm to steal passwords for online gamesp g This worm sends itself to addresses harvested from Outlook Express address books on infected computersp If the worm finds user name, password, and server address on an infected computer, it saves that data to an FTP server belonging to a malicious user The malware would be designed to copy itself to removable disks with an additional file called “autorun.inf” One example of this class of malicious programs is classified by Kaspersky Lab as Worm.Win32.Viking Currently the most recent achievement by those writing viruses for online EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Currently, the most recent achievement by those writing viruses for online games is the polymorphic Virus.Win32.Alman.a and its successor, Virus.Win32.Hala.a
  • 28. Part of a file infected by Virus.Win32.Alman.aVirus.Win32.Alman.a EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 29. Online Gaming Malware from 1997-20071997 2007 EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 30. How Modern Attacks are ConductedConducted Attacks on computer players are conducted by creating worms that h l i l f ihave multiple functions: • Self-replicating (email worms, P2P worms, network worms) • Infecting executable files (viruses)g • Masking their presence in system (rootkits) • Stealing passwords (PSW Trojans) The passwords retrieved after the attack is sent to an email address orThe passwords retrieved after the attack is sent to an email address or to an FTP server on a .cn domain EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 31. Geographical Considerations The theft of passwords of online games primarily concerns China and South Korea The reasons are not entirely clear, but the figures speak for themselves: over 90% of all Trojans targeting online games are written in China, and 90% of passwords stolen by these Trojans belong to players on South Korean sites EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 32. Statistics Total number of malicious programs targeting online game passwords Malicious programs targeting Lineage 2 and World of Warcraft passwords, 2006 EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Source: http://www.viruslist.com/
  • 33. Best Practices for Secure Online GamingGaming Steps for protecting Online GamingSteps for protecting Online Gaming from risks are: • Use antivirus and antispyware programs • Be cautious about opening files attached to email messages or instant messages Verify the authenticity and security of• Verify the authenticity and security of downloaded files and new software • Configure your web browsers securely • Use a firewallUse a e a • Identify and back-up your personal or financial data • Create and use strong passwords h d d li i f EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited • Patch and update your application software
  • 34. Summary Online games are played over a computer network (the Internet) and come in varied forms ranging from simple text based games to games incorporating complex graphics d i l ldand virtual worlds Cheating Massively Distributed Systems, discover the various attacks and hacking techniques to target the vulnerabilities found in online games After the theft, malicious users can demand money for stolen items from the users. All online game users are made target by cyber criminals M li i l t th hi h th i ti i t ll l iMalicious user log on to the machine where the victim is actually playing. With online games fast growth and popularity, cheating online games has become a regular incident in current game play on the Internetg g p y Cyber criminals steal only the user name and passwords of victim users, and not the address of server where the user is actually playing the game. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Game Servers comes with system services, programs and databases designed to support on line games
  • 35. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 36. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited