AVG finds 11 year-old creating malware to steal game passwords

Kid Canadian pwned gamers

Security firm AVG thinks it has spotted a disturbing new threat in its latest threat report - children with enough programming skills to code and distribute their own malware.

The company said it had recently reverse-engineered one piece of malware that turned out to be the handiwork of an 11 year-old Canadian boy intent on stealing passwords used to access games such as Team Fortress.

Although still exceptions to the rule, AVG is convinced this type of child coder is a real phenomenon, able to wield simple programming languages such as C# (C Sharp) and Visual Basic to carry out mostly attacks aimed at stealing game logins for major platforms such as Steam or manipulating individual games.

Others just want to steal logins in order to exact revenge through an enemy's Facebook account.

"The code usually takes the form of a basic Trojan written using the .NET framework, which is easy to learn for beginners and simple to deploy via a link in an email or posted on a social media page," commented AVG CTO, Yuval Ben-Itzhak.

"We believe these junior programmers are motivated mainly by the thrill of outwitting their peers, rather than financial gain, but it is nevertheless a disturbing and increasing trend," he said.

"It is also logical to assume that at least some of those responsible will be tempted to experiment with much more serious cyber-crimes."

The 11 year old reported by AVG did make some nave mistakes such as including the exact email address used by him to receive stolen addresses inside his code and even that he'd recently been given an iPhone by his parents.

The phrase 'script kiddies' has been around for years, an insulting moniker for teen nuisance hackers working from the bedroom, and then there is LulzSec, a high percentage of whom turned out to be teenage or thereabouts.

The idea that children could be a real menace is stretching this into new territory, but not surprising. If youngsters are using more and more complex games, and basic programming interfaces now exist then it would be more surprising if youngsters weren't tempted to try some Black Hatting.

Meanwhile, the Blackhole Exploit Kit was everywhere in the recent quarter, accounting for 40 percent of all online threats detected by AVG over whole of the year. Other toolkits are chasing it hard as criminals look to make money from the software that serves the malware business, including we now know, children too.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal TechAVGsecurity

More about FacebookSharp

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place