Abstract
Virtual Worlds (VWs) are immensely popular online environments, where users interact in real-time via digital beings (avatars). However, a number of security issues affect VWs, and they are vulnerable to a range of attacks on their infrastructure and communications channels. Their powerful architecture can also be used to mount attacks against live Real World servers, by using malicious VW objects. Researching these attacks in commercial VWs would not be acceptable, as it would be contrary to the terms of conditions which govern acceptable behaviour in a particular VW. So in this paper, attacks were conducted/analysed in a laboratory-based test bed VW implementation developed specifically for the research, with custom built attack and analysis tools: commercial VWs were used for data gathering only. Results of these experiments are presented, and appropriate countermeasures proposed which could reduce the likelihood of the attacks succeeding in live VWs.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Aurora-SIM: A new Vision of OpenSim (2014). http://aurora-sim.org
Cheat Engine (2014). http://www.cheatengine.org/
Kali linux (2014). http://www.kali.org/
LUA (2014). http://www.lua.org/
OllyDbg (2014). http://www.ollydbg.de/
Scapy (2014). http://www.secdev.org/projects/scapy/
Second Life source code (2014). http://wiki.http://secondlife.com/wiki/Get_source_and_compile
Virtual Box (2014). https://www.virtualbox.org/
Watch 4 Folder 2.3 (2014). http://leelusoft.blogspot.it/2011/10/watch-4-folder-23.html
Blizzard Entertainment Inc.: Battle.net authenticator (2014). https://www.eu.battle.net/support/en/article/battlenet-authenticator
Blizzard Entertainment Inc.: Warden (software) (2014). http://www.wowwiki.com/Warden_software
Blizzard Entertainment Inc.: World of Warcraft (2014). http://eu.battle.net/wow/en//
Combs, G.: Wireshark (2014). http://www.wireshark.org/
ENISA: Position Paper: Virtual Worlds, Real Money, November 2008. http://www.enisa.europa.eu/publications/archive/security-and-privacy-in-virtual-worlds-and-gaming
Even Balance Inc.: Punkbuster (2014). http://www.punkbuster.com/
Fernandes, S., Antonello, R., Moreira, J., Sadok, D., Kamienski, C.: Traffic analysis beyond this world: the case of second life. In: Proceedings of the 17th International Workshop on Network and Operating Systems Support for Digital Audio & Video (NOSSDAV) (2007)
Funkhouser, T.A.: Ring: a client-server system for multi-user virtual environments. In: Proceedings of the 1995 Symposium on Interactive 3D Graphics, I3D 1995, pp. 85–92. ACM, New York (1995)
Hoglund, G., McGraw, G.: Exploiting Online Games: Cheating Massively Distributed Systems. Addison-Wesley Professional, Reading (2007)
Katz, N., Cook, T., Smart, R.: Extending web browsers with a unity 3D-based virtual worlds viewer. IEEE Internet Comput. 15(5), 15–21 (2011)
Kyrillidis, L., Hili, G., Cobourne, S., Mayes, K., Markantonakis, K.: Virtual world authentication using the smart card web server. In: Thampi, S.M., Atrey, P.K., Fan, C.-I., Perez, G.M. (eds.) SSCC 2013. CCIS, vol. 377, pp. 30–41. Springer, Heidelberg (2013)
Linden Research Inc.: Second Life (2014). http://secondlife.com/
Muttick, I.: Securing virtual worlds against real attacks -the challenges of online game development. Technical report, McAfee, Inc. (2008). https://www.info-point-security.com/open_downloads/2008/McAfee_wp_online_gaming_0808.pdf
OWASP: Top Ten Project (2013). https://www.owasp.org
Russinovich, M.: Process explorer (2014). http://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx
Russinovich, M., Cogswell, B.: Process Monitor v3.1, March 2014. http://technet.microsoft.com/en-us/sysinternals/bb896645
Sweetscape Software Inc.: 010 Editor (2014). http://www.sweetscape.com/010editor/
Thumann, M.: Hacking SecondLife. In: Black Hat Briefings and Training (2008). https://www.blackhat.com/presentations/bh-europe-08/Thumann/Presentation/bh-eu-08-thumann.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Hili, G., Cobourne, S., Mayes, K., Markantonakis, K. (2015). Practical Attacks on Virtual Worlds. In: Lopez, J., Ray, I., Crispo, B. (eds) Risks and Security of Internet and Systems. CRiSIS 2014. Lecture Notes in Computer Science(), vol 8924. Springer, Cham. https://doi.org/10.1007/978-3-319-17127-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-17127-2_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17126-5
Online ISBN: 978-3-319-17127-2
eBook Packages: Computer ScienceComputer Science (R0)