Security Bytes

Apr 11 2007   12:13PM GMT

Why gaming attacks are an IT problem



Posted by: Leigha
Tags:
Information Security Threats

If you think an attack against online gaming programs is only a problem for those who play them, think again. More than ever, the bad guys are finding ways to parlay gaming exploits into a real corporate IT threat.

So says Gary McGraw, CTO of Dulles, Va.-based security firm Cigital Inc. He has written a book about the threat called “Exploiting Online Games,” and he recently sat down with me to discuss it.

“IT people need to be worried about what their users are doing. If your users are spending all day playing these games, that’s bad,” he said. “More importantly, if your users play these games on their computers off hours or play them on their laptops on the weekends, these games actually install monitoring software deep in the kernel that keeps track of what is happening on that PC. ”

He said the software reports back all sorts of information about what that user is doing that may have nothing at all to do with the game itself. For example, World of Warcraft has a process called the Warden that keeps an eye on your PC. Some might call that an invasion of privacy. From an IT perspective, what’s happening is that the user is changing the PC so programs that do nefarious spyware-like activities are installed on the box — often without their knowledge.

“That’s a real headache for IT guys,” McGraw said.

You can download my podcast interview with McGraw here.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: