The Community for Technology Leaders
RSS Icon
Issue No.03 - May/June (2009 vol.7)
pp: 13-19
Stephen Bono , Independent Security Evaluators
Dan Caselden , Independent Security Evaluators
Gabriel Landau , Independent Security Evaluators
Charlie Miller , Independent Security Evaluators
As online games become increasingly complex and continue to gain popularity, malware authors will be compelled to target these virtual worlds for launching attacks. Online games' large attack surfaces are an unfortunate consequence of the technological progression and the nature of these applications. In providing features, MMORPGs often include third-party add-ons, support for numerous file formats, and allow various methods for interaction between players. Game developers and players must learn to minimize the risks that these technologies introduce to protect themselves from the next generation of online attacks. The authors categorize several problem areas for MMORPGs in which vulnerabilities are likely to exist and illustrate through two case studies how attackers can leverage various features of online games to take over players' computers.
Securing Online Games, software development, Massively Multiplayer Online Role-Playing Games, MMORG
Stephen Bono, Dan Caselden, Gabriel Landau, Charlie Miller, "Reducing the Attack Surface in Massively Multiplayer Online Role-Playing Games", IEEE Security & Privacy, vol.7, no. 3, pp. 13-19, May/June 2009, doi:10.1109/MSP.2009.75
1. G. Hoglund and G. McGraw, Exploiting Software: How to Break Code, Addison-Wesley Professional, 2004.
2. G. Hoglund and G. McGraw, Exploiting Online Games, Addison-Wesley Professional, 2008.
3. I. Muttick, Securing Virtual Worlds against Real Attacks, McAfee, 2008.
4. J. Reimer, "Virtual Plague Spreading like Wildfire in World of Warcraft," Ars Technica,21 Sept. 2005; .
5. R. McMillan, "Mac Hack Contest Bug Had Been Public for a Year," PC World,21 Apr. 2008; mac_hack_contest_bug_had_been_public_for_a_year.html .
6. M. Daniel, J. Honoroff, and C. Miller, "Exploiting Android," Independent Security Evaluators, 25 Oct. 2008; http://securityevaluators.comandroid/.
7. C. Miller, "Virtual Worlds, Real Exploits," Network Security Newsletter, Apr. 2008.
8. "Writing ia32 Alphanumeric Shellcodes," Phrack, vol. 0x0b, no. 0x39,Phile #0x0f of 0x12.
35 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool