Cybercriminals are targeting online virtual worlds like Second Life and World of Warcraft to steal personal data and launder money, according to Internet security firm McAfee.
In a whitepaper, Igor Muttik, senior architect for McAfee Avert Labs, says the virtual communities, or "metaverses" that support multi-player online role-playing games are providing fertile territory for online criminals.
Metaverses have their own economies, with virtual currencies that are often converted into real money and back, providing an opportunity for cybercriminals.
Mcafee says that over the last year there has been an explosion in virtual world data theft through the deployment of Trojans via in-game messaging and dedicated forums. The Trojans are used to hack gamers' accounts, where thieves steal virtual objects like weapons and property and convert them into virtual currency before changing it into real world cash.
Says the whitepaper: "Virtual objects are traded in two connected markets - fully virtual and real. The intertwining of real and virtual markets is growing, and there are now real shops in virtual worlds (where you can buy real goods for virtual money). Both of these markets attract criminal elements."
Predictably, phishers are also targeting gamers, sending spam messages promising free games in a bid to trick them into visiting malicious sites.
"It should come as no surprise that phishing has been used to relieve gullible players of their virtual assets," says Mcafee.
Muttik urges the creators of virtual worlds to beef up their security by allowing users to tie their accounts to specific IP ranges or media access control addresses and introducing physical authentication devices like tokens.
He also suggests charging for in-game messaging in order to make spamming uneconomical for phishers.
Says Muttik: "There are no good reasons why virtual characters should suffer from the same troubles - spam, phishing, adware, spyware, Trojans, viruses, worms, and other malware - that currently plague our real day-to-day lives."
Read the whitepaper here