Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 27th, 2010

Another Crime Server Discovered, Contained 44 Million Stolen Game Accounts

Anti-virus company Symantec has discovered a server hosting the credentials of 44 million user accounts stolen from at least 18 different online games.

Symantec, best known as the maker of the Norton software line, stumbled on the server while analyzing a user-submitted sample of code. What apparently got the company’s attention wasn’t the sheer size of the database but the creative way in which it went about validating each account.

“What was interesting about this threat wasn’t just the sheer number of stolen accounts, but that the accounts were being validated by a Trojan distributed to compromised computers. Symantec detects this threat as Trojan.Loginck,” researcher Eoin Ward wrote on Symantec Connect. “By taking advantage of the distributed processing… you can complete the task more quickly and help mitigate the multiple-login failure problems by spreading the task over more IP addresses. This is what Trojan.Loginck’s creators have done.”

“If the Trojan succeeds in its task of logging in, it will update the database with the time it logged in and any user credentials (such as current game level, etc.) before moving to the next user name and password,” he continued. “The attackers can then log on to the database and search for the valid user name and password combinations.”

The database holds approximately 17GB of “flat file data” from at least 18 different games, including roughly 60,000 Aion accounts, 210,000 World of Warcraft accounts, two million NCsoft accounts (shared across multiple games like Lineage 2, Guild Wars and City of Heroes) and 16 million Wayi Entertainment accounts. Determining the value of the data is “extremely difficult,” Ward wrote, because each account may have only a single, first-level character “whose only weapon is a rusty old spoon,” or multiple high-level characters with maxed-out equipment.

“This particular database server we uncovered seems very much to be the heart of the operation – part of a distributed password checker aimed at Chinese gaming websites,” Ward wrote. “The stolen login credentials are not just from particular online games, but also include user login accounts associated with sites that host a variety of online games.”


Share this item with others:

More on CyberInsecure:
  • Sega Confirms Customer Service System Breach, 1.3 Million Records Stolen
  • Malware In Online Game For Mobile Phones Launders Money
  • University Of Utah Hospitals & Clinics Stolen Backup Tape Contained 2.2 Million Billing Records
  • Student Loan Records Stolen From Non-Profit Company, 3.3 Million Identities Compromised
  • Leaked EVE Online Code Posted To Torrents

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Another Crime Server Discovered, Contained 44 Million Stolen Game Accounts

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.