This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Reducing the Attack Surface in Massively Multiplayer Online Role-Playing Games
May/June 2009 (vol. 7 no. 3)
pp. 13-19
Stephen Bono, Independent Security Evaluators
Dan Caselden, Independent Security Evaluators
Gabriel Landau, Independent Security Evaluators
Charlie Miller, Independent Security Evaluators
As online games become increasingly complex and continue to gain popularity, malware authors will be compelled to target these virtual worlds for launching attacks. Online games' large attack surfaces are an unfortunate consequence of the technological progression and the nature of these applications. In providing features, MMORPGs often include third-party add-ons, support for numerous file formats, and allow various methods for interaction between players. Game developers and players must learn to minimize the risks that these technologies introduce to protect themselves from the next generation of online attacks. The authors categorize several problem areas for MMORPGs in which vulnerabilities are likely to exist and illustrate through two case studies how attackers can leverage various features of online games to take over players' computers.

1. G. Hoglund and G. McGraw, Exploiting Software: How to Break Code, Addison-Wesley Professional, 2004.
2. G. Hoglund and G. McGraw, Exploiting Online Games, Addison-Wesley Professional, 2008.
3. I. Muttick, Securing Virtual Worlds against Real Attacks, McAfee, 2008.
4. J. Reimer, "Virtual Plague Spreading like Wildfire in World of Warcraft," Ars Technica,21 Sept. 2005; http://arstechnica.com/news.ars/post20050921-5337.html .
5. R. McMillan, "Mac Hack Contest Bug Had Been Public for a Year," PC World,21 Apr. 2008; www.pcworld.com/businesscenter/article/144921 mac_hack_contest_bug_had_been_public_for_a_year.html .
6. M. Daniel, J. Honoroff, and C. Miller, "Exploiting Android," Independent Security Evaluators, 25 Oct. 2008; http://securityevaluators.comandroid/.
7. C. Miller, "Virtual Worlds, Real Exploits," Network Security Newsletter, Apr. 2008.
8. "Writing ia32 Alphanumeric Shellcodes," Phrack, vol. 0x0b, no. 0x39,Phile #0x0f of 0x12.

Index Terms:
Securing Online Games, software development, Massively Multiplayer Online Role-Playing Games, MMORG
Citation:
Stephen Bono, Dan Caselden, Gabriel Landau, Charlie Miller, "Reducing the Attack Surface in Massively Multiplayer Online Role-Playing Games," IEEE Security & Privacy, vol. 7, no. 3, pp. 13-19, May-June 2009, doi:10.1109/MSP.2009.75
Usage of this product signifies your acceptance of the Terms of Use.