44 Million Stolen Gaming Credentials Uncovered

Mousey

Ueber Meister Mouse
Joined
Sep 12, 2004
Location
Up$hitCreek
You do not have permission to view link Log in or register now.

Eoin Ward May 26th, 2010
Newsvine
In previous blogs, Symantec has highlighted threats that steal user data. We recently analyzed a new sample submitted to Symantec and came across a server hosting the credentials of 44 million stolen gaming accounts. What was interesting about this threat wasn’t just the sheer number of stolen accounts, but that the accounts were being validated by a Trojan distributed to compromised computers. Symantec detects this threat as Trojan.Loginck.

This particular database server we uncovered seems very much to be the heart of the operation—part of a distributed password checker aimed at Chinese gaming websites. The stolen login credentials are not just from particular online games, but also include user login accounts associated with sites that host a variety of online games. In both cases the accounts contained in the database have been obtained from other sources,....
 

same_old

Dormant account
webmeister
PABaccred
Joined
Mar 4, 2007
Location
Australia
Well there you go,

All of those posts about peoplpe doing antivirus checks and getting virus alerts for the casino software. It seems these werent false positives and could have possibly been a legit virus that is called (Trojan.Loginck).

I suggest everyone googles this and see what measures you can, do a search on your own system using the key word "Trojan.Loginck", if it comes back with anything in your system I would do a COMPLETE reinstall and not just a general clean.

Regards,

Peter
 

same_old

Dormant account
webmeister
PABaccred
Joined
Mar 4, 2007
Location
Australia
spam email messages, infected websites or file-sharing networks. If Trojan.Loginck is executed on the computer, it will connect to a remote server and downloads a list of stored passwords for online gaming websites. It will utilize the compromised computer to log-on and check if the accounts are valid.
 

zap987

Meister Member
PABnononaccred2
Joined
Jul 22, 2004
Location
Sweden
The article isn't about gambling though, it's about games like World of Warcraft. If a hacker gets your casino login details it's pretty hard for them to make any money out of it, we might hate having to send in identification documents and stuff but it does work.

It's much easier for a hacker to make money from a game account where they can sell what is on the account for in-game currency and then shuffle stuff around between accounts to hide their tracks and in the end they sell the game currency for real cash to a third party.
 

Mousey

Ueber Meister Mouse
Joined
Sep 12, 2004
Location
Up$hitCreek
Thanks Zap! I goofed. I meant to post this in The Attic.

Simmo! or Maxd or someone... could you move it please?

My point in posting that article is that whatever you're doing online... change passwords frequently, and scan frequently (preferably using more than one AV).

The article also made me wonder (again) about those folks that had money stolen from their poker room accounts. Access the victims account, dump the money to a cohort or do a quick transfer to another player (the crook himself), thief cashes out and there's Joe Blow logging in on Friday night to play some poker, only to find out his account is cleaned out.
 

jetset

RIP Brian
Joined
Feb 22, 2001
Location
Earth
I'm with Mousey on this - this incident does have relevance to online gamblers and serves as a useful reminder to be constantly on the alert.
 

P.V.

Senior Member
webmeister
Joined
Apr 17, 2010
Location
Turn around...
Online players.

I agree with the original poster and Jetset. Even if this article isn't directed to online gaming all players should use due diligence and be on constant alert as suggested. I'm amazed of the players that simply send their personal documents to any x casino or other gaming sites that requests them. Granted I understand there are many secure operations but just the fact that e-mail isn't as secure as most think and fax machines aren't either and from what I've seen no one knows by whom or when their documents are verified is a major concern. Fraud is a serious issue within the igaming industry and recently brought up within EU courts. Before this industry can become legalized completely all fraud issues must be addressed and then maybe governments will take a more serious look at the industry as a whole. Just so I'm upfront with my post, I do have an interest within igaming security and player verification documents.
 
Top