Criminals have found a way of stealing millions of pounds with no risk of getting caught by police. That's the claim made by senior analysts from the Russian security firm Kaspersky Lab, who spoke to PC Plus magazine at a recent security conference in Moscow.
Sergey Golovanov and Alex Gostev of Kaspersky described the fraud as "the perfect crime". The criminals' target isn't however the banking system but online gamers.
The crime is as bizarre as it is lucrative and has its historic roots in China and Korea. There online adventure games like Legend of Mir built up a fanatical following. In such games, players invest huge amounts of time developing their in-game characters and accruing artefacts like swords and shields.
Such was the fervour surrounding the games, a well developed character could fetch hundreds of dollars on the black market.
Examples of Chinese criminals using key logger malware to steal gamers' passwords and pilfer their characters were recorded as far back as 1998. By 2002 the number of people playing the games in China and Korea had ballooned, and specially targeted malware was being developed to steal online gaming characters.
By 2003, Kaspersky Lab calculates, hackers had developed 700 Trojans with the sole aim of stealing gamers' accounts.
Today, online gaming is a global phenomenon, thanks in no small part to games such as Everquest and World of Warcraft, a game launched in 2005 which attracted over 4 million players in its first few weeks. Such is the fervour that surrounds World of Warcraft and games of its ilk, Kaspersky analysts believe some players will pay $1,000 for a good character. Deals are done in online forums and even on eBay, with payment electronic.
The crime is growing in attractiveness because the criminals face little or no chance of capture.
Golovanov and Gostev joked that a player reporting such a crime would likely meet with confusion from the police and an officer telling the victim to "get a girlfriend". It could also be argued that no crime has been committed because many games' terms and conditions decree that all characters and artefacts are, and remain, the sole property of the game makers themselves, not the players.
Such is the growing scale of the problem, Golovanov and Gostev warned game makers that they face losing players if they don't address the problem. Game makers, they argued, should build systems into their game clients that check a PC's memory for key logger Trojans.
Expanding on how trends in cyber crime have changed, Kaspersky Lab's founder and CEO Eugene Kaspersky pointed to the I Love You worm - an indiscriminate, virulent piece of code which, back in 2000, infected billions of PCs around the world.
"I Love You was the best worm and [used] the best social engineering," Kaspersky explained, but things have moved on. Criminals now work in a more focused way, targeting specific PCs, networks or user groups, and they go after one thing: money.
To do their dirty work, criminals commonly use variants of existing malware, tweaking the code to make it attack a desired group of users and steal one particular piece of information. The trend shows up as an explosion in the number of malware samples arriving at Kaspersky's servers for analysis.
In 2004 the firm saw under 100,000 pieces of malware; in 2007 it analysed upwards of 1,200,000, or a new sample every two minutes. To make these variants, criminals are embracing automatic code generation and machine made Trojans.