Norton Gaming Articles

In 2008, Symantec identified 808,000 unique Web domains that tried to infect website visitors with viruses , worms, spyware , bots, and more. These attacks came from mainstream, reputable websites, including those that cover ews, travel, retail, games, real estate, and government. How did cybercriminals corrupt legitimate websites? Can you be infected, too?

It is not uncommon for a Web page today to deliver content pulled from 10 or 20 different domains, including sources that are not controlled by the owner of that page (advertising is an excellent example of this, as is syndicated content). Gaming websites are particularly innovative when it comes to leveraging a multitude of sources and technologies in order to deliver a smorgasbord of content.

Gamers both benefit and suffer from the innovative approach to site development that dominates the gaming Web world. For good or ill, any Web surfing gamer faces a significantly higher risk simply because of the environment they navigate—whether it is a hack applied to their favorite gaming site, a malicious ad, or a scam offered up in an otherwise reputable gaming forum.

How you can catch an infection from a hacked website

There are two common ways your computer can be infected from websites:

1. Drive-by downloads that you catch just by browsing
   This is the sneakiest method of infection and it is very common. All you have to do is browse a site with executable content that is automatically downloaded to your computer. You don’t have to do anything but visit the wrong site—or even the right site at the wrong time. Often the executable content that triggers the download isn’t even on the website you think you’re visiting. Rather, a link is inserted into the site you are purposefully visiting (see more on how this is done below) and this link then leads your browser to receive content from that malicious website without your knowledge or participation.
   
2. Tricking you into downloading something
   Faking a legitimate software download is a very effective way for the bad guys to infect your computer, even if you have otherwise effective antivirus protection in place. They simply misrepresent a piece of software as something else in order to convince you to download it.

Here are three fake-out tactics that often target gamers:

1. A pop-up appears telling you that you need to download an updated version of some browser plug-in or video player in order to view some multimedia content on a website.
2. A new cheat, hack, or other game-enhancing executable is offered in a gamer forum post, chat room, or peer-to-peer network.
3. An advertisement shows up on a Web search result page or in an ad network that offers a free copy of a newly released game or a game enhancement. Sometimes these offers are even bold enough to charge you for the privilege of downloading their software.

How criminals corrupt an otherwise legitimate website

Two popular methods for hacking legitimate websites so that they infect site visitors are:

1. Hack the database that delivers the content to the website.
   The cybercriminal finds a vulnerable Web input form on the website and uses it to insert some SQL instructions into the back-end database. They then collect information on the database so they can add content to it that the system will think is legitimate. This new content is then delivered to the website as part of the normal content-publishing system. Unfortunately, the content typically delivered involves links to malicious script or Web pages, which means that visitors to these pages are exposed to malware attacks from sites that they don’t even know they are visiting.
   
2. Insert malicious advertisements where sheer volume makes them hard to spot We may not like it, but revenue from advertisements is critically important for keeping most of our favorite websites in business. Most sites get their ads from one of the large automated online ad networks—unless they happen to be one of those enormous sites that can generate their own ads.
   Malicious ads usually include a silent redirect to a malicious Web page that will deliver a drive-by download to the unwary visitor. The ad networks do try to police the ads delivered through their network and they are mostly successful in keeping the bad ads out of circulation, but the enormous volume of ads on the network is such that malicious ones do occasionally slip in. Once a malicious ad is distributed, it is difficult to identify. The Norton Community Watch and similar groups in the industry do identify and report attacks as they occur, but when the attack comes from a malicious ad it is very difficult to pinpoint the culprit. In these cases, the website being visited is identified as initiating an attack for one user but not for the next user, because the attack is not on the hosting website—it is in an ad that may only be delivered to a small number of visitors depending on ad rotation.

Conclusion: Stay up to date and be suspicious.

Make sure your antivirus and spyware protection is up to date, but that may not even be enough. It’s really tough for your antivirus to protect you against an infection you get from purposely downloading malicious software that has tricked you into thinking it is something you want. So be very careful about what you choose to download. If you think something looks odd or your antivirus warns you that you are downloading something malicious, even if you think it is probably okay, you may want to stop and wait to download that item another time or from another source.

For more detailed information on Web based attacks, please see the white paper entitled “Web Based Attacks”, published in February 2009 by Symantec.