Massively multiplayer online role-playing games (MMORPGs) are immensely popular.
Tibia was established in 1997 and is an MMORPG with 250 thousand players. It's a free game that includes the option to pay for a premium account — which provides special in-game benefits. It's developed by Cipsoft GmbH.
The basic idea is to play for free and those that pay get extra stuff.
A mobile version called TibiaME also exists using the same pricing model.
The majority of Tibia's players are from Brazil, Poland and Sweden that are distributed between servers located in Germany and the United States.
With success often come those that wish harm for one reason or another. Tibia's servers in the United States have experienced problems due to repeated and ongoing DDoS attacks. Cipsoft's Marketing Manager Mercutio Mercado's blog has more details.
According to Mercado's interview:
Most of the attacks concentrate on a few servers, so we think we are dealing with a personal vendetta, which is used to take revenge over in-game issues.
Personal Vendetta? Moving an online grudge into the offline world? This shouldn't be surprising to anyone familiar with the social interactions of MMORPGs…
Some people prefer to create their own reality and play unofficial versions of Tibia using "Open Tibia". There are numerous OT Servers available with many in Brazil and Poland. OT players use an official Tibia software client to connect to unofficial open source back-ends.
Open Tibia players use a tool called an IP Switcher to configure the server that they play.
Part two of this post will examine a Trojan-Spy that uses such an IP Switcher as bait. It appears to have been written by a Brazilian. Perhaps it was authored by someone with an online grudge?