Practical Attacks on Virtual Worlds

  • Graham Hili
  • Sheila Cobourne
  • Keith Mayes
  • Konstantinos Markantonakis
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8924)


Virtual Worlds (VWs) are immensely popular online environments, where users interact in real-time via digital beings (avatars). However, a number of security issues affect VWs, and they are vulnerable to a range of attacks on their infrastructure and communications channels. Their powerful architecture can also be used to mount attacks against live Real World servers, by using malicious VW objects. Researching these attacks in commercial VWs would not be acceptable, as it would be contrary to the terms of conditions which govern acceptable behaviour in a particular VW. So in this paper, attacks were conducted/analysed in a laboratory-based test bed VW implementation developed specifically for the research, with custom built attack and analysis tools: commercial VWs were used for data gathering only. Results of these experiments are presented, and appropriate countermeasures proposed which could reduce the likelihood of the attacks succeeding in live VWs.


Virtual World Open Source Project Test Framework Second Life Malicious Host 


  1. 1.
    Aurora-SIM: A new Vision of OpenSim (2014).
  2. 2.
    Cheat Engine (2014).
  3. 3.
    Kali linux (2014).
  4. 4.
    LUA (2014).
  5. 5.
    OllyDbg (2014).
  6. 6.
  7. 7.
  8. 8.
    Virtual Box (2014).
  9. 9.
  10. 10.
    Blizzard Entertainment Inc.: authenticator (2014).
  11. 11.
    Blizzard Entertainment Inc.: Warden (software) (2014).
  12. 12.
    Blizzard Entertainment Inc.: World of Warcraft (2014).
  13. 13.
    Combs, G.: Wireshark (2014).
  14. 14.
    ENISA: Position Paper: Virtual Worlds, Real Money, November 2008.
  15. 15.
    Even Balance Inc.: Punkbuster (2014).
  16. 16.
    Fernandes, S., Antonello, R., Moreira, J., Sadok, D., Kamienski, C.: Traffic analysis beyond this world: the case of second life. In: Proceedings of the 17th International Workshop on Network and Operating Systems Support for Digital Audio & Video (NOSSDAV) (2007)Google Scholar
  17. 17.
    Funkhouser, T.A.: Ring: a client-server system for multi-user virtual environments. In: Proceedings of the 1995 Symposium on Interactive 3D Graphics, I3D 1995, pp. 85–92. ACM, New York (1995)Google Scholar
  18. 18.
    Hoglund, G., McGraw, G.: Exploiting Online Games: Cheating Massively Distributed Systems. Addison-Wesley Professional, Reading (2007)Google Scholar
  19. 19.
    Katz, N., Cook, T., Smart, R.: Extending web browsers with a unity 3D-based virtual worlds viewer. IEEE Internet Comput. 15(5), 15–21 (2011)CrossRefGoogle Scholar
  20. 20.
    Kyrillidis, L., Hili, G., Cobourne, S., Mayes, K., Markantonakis, K.: Virtual world authentication using the smart card web server. In: Thampi, S.M., Atrey, P.K., Fan, C.-I., Perez, G.M. (eds.) SSCC 2013. CCIS, vol. 377, pp. 30–41. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  21. 21.
    Linden Research Inc.: Second Life (2014).
  22. 22.
    Muttick, I.: Securing virtual worlds against real attacks -the challenges of online game development. Technical report, McAfee, Inc. (2008).
  23. 23.
    OWASP: Top Ten Project (2013).
  24. 24.
    Russinovich, M.: Process explorer (2014).
  25. 25.
    Russinovich, M., Cogswell, B.: Process Monitor v3.1, March 2014.
  26. 26.
    Sweetscape Software Inc.: 010 Editor (2014).
  27. 27.
    Thumann, M.: Hacking SecondLife. In: Black Hat Briefings and Training (2008).

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Graham Hili
    • 1
  • Sheila Cobourne
    • 1
  • Keith Mayes
    • 1
  • Konstantinos Markantonakis
    • 1
  1. 1.Smart Card Centre, Information Security Group (SCC-ISG)Royal Holloway, University of LondonEghamUK

Personalised recommendations