Anti-virus software maker Symantec recently uncovered and analysed a cache of stolen online accounts - many from games like World of Warcraft and Aion - an impressive collection of 44 million swiped virtual credentials. What does Symantec find so interesting about this?
It's not the volume. Sure, it's 17 gigabytes worth of compromised user data, but Symantec's investigation into the database revealed that those accounts were being verified by a Trojan that's chipping away at that 44 million long list. The Trojan is distributed to multiple computers, getting around IP blocking measures, and updates the database if one of the stolen log ins check out.
Symantec software identifies that program as Trojan.Loginck.
A big slice of those stolen accounts appear to come from Chinese online game distributor Wayi Entertainment. Hundreds of thousands are compromised World of Warcraft, Aion and NCsoft game accounts, which could be sold (if verified) to other users via account selling services online. It's an impressive way to make a buck.
Check out Symantec's blog on Trojan.Loginck for more details. And maybe update your WoW password while you're at it.