Can playing WoW and posting on Facebook give you viruses and trojans?
Last week, the 8th annual Safer Internet Day was celebrated on 8th of Feb, primarily in Europe. The focus this time was on security threats from playing MMOs and via social networking sites. Fortinet Inc. is a worldwide leader in providing network security hardware solutions, and we got a chance to interview Mr. Guillaume Lovet, head of Fortinet’s FortiGuard security research team in EMEA.
Can you comment on some of the security aspects of mobile devices vs pc as many people are playing games and accessing social networking sites from their iPhones & Android devices?
Smartphones have basically the same capabilities as PCs, but they embed an additional one, very appealing to cybercriminals: an integrated payment system (premium numbers).
Henceforth, infected Smartphones are way easier to monetize than infected PCs, which require setting up more or less complex business models to be milked (ClickFraud, spam relaying, pay-per-install of adware, banking credentials interception, traffic of stolen identities, etc…)
What is one of the most common ways for people to get their PCs compromised via playing MMOs or on Social Networking sites?
The dangers of online gaming mostly do not lie in the game itself, but rather in small cracks and patches that are easily found on the Internet and are used to enable or modify games. Cybercriminals know players are craving those, and as a consequence, P2P networks are infested with rogue patches and cracks, which are in fact Trojan horses or worms. They may be banking Trojans going straight after the user’s online banking credentials, or bots used to relay spam, host illegal content or launch distributed denial of service (DDoS) attacks. Or they may be specialized gaming Trojans.
Gaming Trojans go after the player’s gaming accounts, stealing the credentials at login. Once the credentials are obtained, the cybercriminals may transfer (in-game or not) valuable items and characters sitting in the stolen account. Those are then sold on eBay
and the like. For instance, a high-level World of Warcraft character can sell for more than $500.
As for social Networking, the Koobface worm has been scouring Facebook for a long time, and has been spotted on Twitter as well. Infection is achieved via social engineering, as users are mostly misled into clicking on malicious links embedded within personal messages impersonating a friend (typically the page will then ask you to update your video codec with a patch that’s in fact a copy of the virus).
Is there a specific age group that is more prone to falling into this trap of getting a trojan/virus?
The probability of falling into this trap doesn’t really have to deal with age per se. Nor even intelligence, as a matter of fact. It merely has to deal with awareness. Some youngsters are very computer savvy, some others are total newbies, and same goes for older people.
What are some of the common ways to secure oneself against said security risks?
In order to defend against these threats, users should exercise caution when a message sounds odd (especially if enticing you to watch a video). Never install codecs when a site prompts you to: popular online streaming video sites such as YouTube use Flash, you don’t need video codecs. As for privacy and site security, one may harden her assets (enable HTTPS connections, use plugins such as NoScript), but generally speaking, it’s good advice to consider that all the information you put on social sites is public. Thus, for instance, a potential recruiter or cybercriminal, etc., may be looking at it.
Apple prides itself on being “less vulnerable” to security risks; since Mac users also play MMOs, are they also prone to such risks?
Apple products are not “less vulnerable”, they are simply “less targeted” by cybercriminals. The reason being, Apple’s market share is too marginal vs the one held by Windows PCs. Thus when shooting in the dark with millions of spammed malware pieces, obviously, most will encounter Windows System. Therefore it’s more profitable if those malware pieces run on MS Windows rather than MacOS.
That said, malware for MacOS does exist. It’s just a lot less prevalent.
Can you comment on which country has had the most security attacks? And where (if possible) most of these attacks originated from?
According to our latest monthly stats report, the USA is the most targeted country, accounting for 38.30% of all malware activity as seen by our appliances.