Skip to main content
SpringerLink
Log in
Book cover

International Conference on Risks and Security of Internet and Systems

CRiSIS 2014: Risks and Security of Internet and Systems pp 180–195Cite as

Practical Attacks on Virtual Worlds

  • Conference paper
  • First Online:

  • 984 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 8924))

Abstract

Virtual Worlds (VWs) are immensely popular online environments, where users interact in real-time via digital beings (avatars). However, a number of security issues affect VWs, and they are vulnerable to a range of attacks on their infrastructure and communications channels. Their powerful architecture can also be used to mount attacks against live Real World servers, by using malicious VW objects. Researching these attacks in commercial VWs would not be acceptable, as it would be contrary to the terms of conditions which govern acceptable behaviour in a particular VW. So in this paper, attacks were conducted/analysed in a laboratory-based test bed VW implementation developed specifically for the research, with custom built attack and analysis tools: commercial VWs were used for data gathering only. Results of these experiments are presented, and appropriate countermeasures proposed which could reduce the likelihood of the attacks succeeding in live VWs.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Aurora-SIM: A new Vision of OpenSim (2014). http://aurora-sim.org

  2. Cheat Engine (2014). http://www.cheatengine.org/

  3. Kali linux (2014). http://www.kali.org/

  4. LUA (2014). http://www.lua.org/

  5. OllyDbg (2014). http://www.ollydbg.de/

  6. Scapy (2014). http://www.secdev.org/projects/scapy/

  7. Second Life source code (2014). http://wiki.http://secondlife.com/wiki/Get_source_and_compile

  8. Virtual Box (2014). https://www.virtualbox.org/

  9. Watch 4 Folder 2.3 (2014). http://leelusoft.blogspot.it/2011/10/watch-4-folder-23.html

  10. Blizzard Entertainment Inc.: Battle.net authenticator (2014). https://www.eu.battle.net/support/en/article/battlenet-authenticator

  11. Blizzard Entertainment Inc.: Warden (software) (2014). http://www.wowwiki.com/Warden_software

  12. Blizzard Entertainment Inc.: World of Warcraft (2014). http://eu.battle.net/wow/en//

  13. Combs, G.: Wireshark (2014). http://www.wireshark.org/

  14. ENISA: Position Paper: Virtual Worlds, Real Money, November 2008. http://www.enisa.europa.eu/publications/archive/security-and-privacy-in-virtual-worlds-and-gaming

  15. Even Balance Inc.: Punkbuster (2014). http://www.punkbuster.com/

  16. Fernandes, S., Antonello, R., Moreira, J., Sadok, D., Kamienski, C.: Traffic analysis beyond this world: the case of second life. In: Proceedings of the 17th International Workshop on Network and Operating Systems Support for Digital Audio & Video (NOSSDAV) (2007)

    Google Scholar 

  17. Funkhouser, T.A.: Ring: a client-server system for multi-user virtual environments. In: Proceedings of the 1995 Symposium on Interactive 3D Graphics, I3D 1995, pp. 85–92. ACM, New York (1995)

    Google Scholar 

  18. Hoglund, G., McGraw, G.: Exploiting Online Games: Cheating Massively Distributed Systems. Addison-Wesley Professional, Reading (2007)

    Google Scholar 

  19. Katz, N., Cook, T., Smart, R.: Extending web browsers with a unity 3D-based virtual worlds viewer. IEEE Internet Comput. 15(5), 15–21 (2011)

    Article  Google Scholar 

  20. Kyrillidis, L., Hili, G., Cobourne, S., Mayes, K., Markantonakis, K.: Virtual world authentication using the smart card web server. In: Thampi, S.M., Atrey, P.K., Fan, C.-I., Perez, G.M. (eds.) SSCC 2013. CCIS, vol. 377, pp. 30–41. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  21. Linden Research Inc.: Second Life (2014). http://secondlife.com/

  22. Muttick, I.: Securing virtual worlds against real attacks -the challenges of online game development. Technical report, McAfee, Inc. (2008). https://www.info-point-security.com/open_downloads/2008/McAfee_wp_online_gaming_0808.pdf

  23. OWASP: Top Ten Project (2013). https://www.owasp.org

  24. Russinovich, M.: Process explorer (2014). http://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx

  25. Russinovich, M., Cogswell, B.: Process Monitor v3.1, March 2014. http://technet.microsoft.com/en-us/sysinternals/bb896645

  26. Sweetscape Software Inc.: 010 Editor (2014). http://www.sweetscape.com/010editor/

  27. Thumann, M.: Hacking SecondLife. In: Black Hat Briefings and Training (2008). https://www.blackhat.com/presentations/bh-europe-08/Thumann/Presentation/bh-eu-08-thumann.pdf

Download references

Author information

Authors and Affiliations

  1. Smart Card Centre, Information Security Group (SCC-ISG), Royal Holloway, University of London, Egham, Surrey, TW20 0EX, UK

    Graham Hili, Sheila Cobourne, Keith Mayes & Konstantinos Markantonakis

Authors
  1. Graham Hili
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sheila Cobourne
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Keith Mayes
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Konstantinos Markantonakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Graham Hili .

Editor information

Editors and Affiliations

  1. University of Málaga, Malaga, Spain

    Javier Lopez

  2. Colorado State University, Fort Collins, Colorado, USA

    Indrajit Ray

  3. University of Trento, Trento, Italy

    Bruno Crispo

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Hili, G., Cobourne, S., Mayes, K., Markantonakis, K. (2015). Practical Attacks on Virtual Worlds. In: Lopez, J., Ray, I., Crispo, B. (eds) Risks and Security of Internet and Systems. CRiSIS 2014. Lecture Notes in Computer Science(), vol 8924. Springer, Cham. https://doi.org/10.1007/978-3-319-17127-2_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-17127-2_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-17126-5

  • Online ISBN: 978-3-319-17127-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation