Malicious programs targeting online games and virtual worlds grew...

used to steal virtual money from players’ accounts and exchange it for real money, ENISA said in a report. With almost 1 billion registered users of MMO/VWs, and global real-money sales of virtual objects estimated at nearly $2 billion last year, “this is a serious issue,” ENISA said. Failure to protect the real-money value of this economical “grey zone” is sparking more attacks on online games and virtual worlds, it said. Another area of risk is disclosure of personal data, it said. Users’ false sense of security about their avatars leads them to reveal private data such as location and personal characteristics, the agency said. Risks include avatar theft and identity fraud, intellectual property breaches, harassment, cheating and security issues, credit card fraud and MMO/VW spam, it said. ENISA urged the European Commission and national governments to take steps including supporting creation of an industry forum for online game providers to share best practices on security vulnerabilities, and to fund legal work on questions such as the status of intellectual property and personal data in MMO/VWs. Game providers should balance security measures aimed at detecting and responding to malware and those needed for prevention, the agency said, calling detection and response often a better way to address security problems. Privacy policies should state clearly which information providers collect for anti-cheating measures and data available to other users, the agency said. It called for more research and education.