By
updated 8/21/2013 10:48:53 AM ET 2013-08-21T14:48:53

Massively multiplayer online role-playing games (MMORPGs) such as "World of Warcraft" or "EVE Online" are a lot of fun, but beware: The games can also be great distribution platforms for malicious code makers.

After all, what better way is there to get someone to download your malware than by disguising it as a new weapon or a fancy addition for your avatar's home?

While big games like "WOW" and "Second Life" get a fair bit of the attention and have some built-in protections, smaller games and free games are more likely targets for code with bad intentions.

What are your chances of getting infected through an online role-playing game? And what can users do to keep themselves from becoming victims of malicious code?

Fantasy world with real-life dangers

"Online games carry the same risks of all online software we use: browsers, Java plug-ins, Flash, document viewers," said Chris Wysopal, co-founder and chief technology officer of Boston-based security company Veracode.

"These attacks mirror the everyday attacks we see, [in which] users are tricked into opening a corrupted Excel spreadsheet sent as an attachment, or to click on a link that launches a Java exploit," Wysopal said.

For that reason, make sure you have robust, up-to-date anti-virus software running on your system. Scan every new file or application after it's downloaded, and before you open or run it.

Make sure your anti-virus product has real-time scanning and anti-phishing capabilities, because the attacks can get fairly sophisticated.

"When software is online, it receives input over the network. Attackers can manipulate that input to exploit vulnerabilities in the code," Wysopal said. "This manipulation can take different approaches. If the gamer is on Wi-Fi, the network connection could be subject to a man-in-the-middle attack that could modify the input."

MORE: Do You Really Need an Amazon Android Game Console?

Before you start playing a new MMORPG, check to see if it's had any security problems. Plug the name of the game into a search engine along with the words "malware" or "virus," and see what comes up. Try the search with the word "scam" as well.

If a game has more than a few negative search results, you may want to steer clear of it and find another game to play with your friends.

Once you get the game up and running, make sure to download and install only official updates from the game publisher.

Digital candy from strangers

Does another player in a chat room offer you an awesome patch that gives you infinite gold? Be very careful — it could be a Trojan horse secretly packed with malware.

"If gamers are allowed to exchange objects with each other, one gamer could pass a corrupted object as an attack payload to another gamer," Wysopal said. "The game servers that communicate with the game clients could be compromised and then send attack payloads to the game clients."

Your best bet is to follow the advice you would give to a child: Don’t take gifts from people you don’t know.

The same might be said about a person you've been gaming with for years. Be wary about someone you have just met, or someone you don’t know, giving you items.

In fact, the desire for more points and higher levels only increases the chances of being deceived into downloading malware.

"Almost all of these fraud techniques promise something for nothing," said Andrew Brandt, director of threat research at Solera Networks in South Jordan, Utah. They "present the user [with] either a tool to download — a malicious Trojan — or direct the user to a login screen dressed up to look like the game's own login dialog box," he said.

"It's the user's own greed that typically drives him or her to follow the instructions that, eventually, lead to their game credentials becoming compromised," Brandt added.

Such greed makes the user easy pickings for social engineering, or online deception.

" Phishing is probably more common than malware among the less sophisticated hacking groups or individuals, because it has a low technical-skill threshold of entry," Brandt said. "Social engineering is just the act of putting very nice lipstick on the pig."

Follow us @tomsguide, on Facebook and on Google+.

© 2012 TechNewsDaily

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments