If you think an attack against online gaming programs is only a problem for those who play them, think again. More than ever, the bad guys are finding ways to parlay gaming exploits into a real corporate IT threat.
So says Gary McGraw, CTO of Dulles, Va.-based security firm Cigital Inc. He has written a book about the threat called “Exploiting Online Games,” and he recently sat down with me to discuss it.
“IT people need to be worried about what their users are doing. If your users are spending all day playing these games, that’s bad,” he said. “More importantly, if your users play these games on their computers off hours or play them on their laptops on the weekends, these games actually install monitoring software deep in the kernel that keeps track of what is happening on that PC. ”
He said the software reports back all sorts of information about what that user is doing that may have nothing at all to do with the game itself. For example, World of Warcraft has a process called the Warden that keeps an eye on your PC. Some might call that an invasion of privacy. From an IT perspective, what’s happening is that the user is changing the PC so programs that do nefarious spyware-like activities are installed on the box — often without their knowledge.
“That’s a real headache for IT guys,” McGraw said.
You can download my podcast interview with McGraw here.