McAfee Avert Labs received several worms implemented in a scripting language called ‘Lua’ (see http://www.lua.org/). It is a free scripting language first version of which was released in 1994!

There are two things that make this an interesting development. Firstly, this language is widely used for online gaming (”World of Warcraft”, “Garry’s Mod”, “Illarion”, “Escape From Monkey Island”, “Daimonin” MMORPG and many others). The list of games using ‘Lua’ is quite long (see full list of projects at http://www.lua.org/uses.html).

Secondly - two of the recently discovered worms were written to find and remove other ‘Lua’ worms! We have seen W32/Netsky and W32/Bagle families fighting each other in 2004 but we really hope that the history would not repeat itself with worm-wars in online gaming.

Some of the games execute ‘Lua’ scripts on the server side which can potentially compromise the security of the server that thousands of users are currently connected to. Servers used for gaming are nearly always trusted to install and run programs on the client computers (game extensions and updates) thus paving a way to a rapid deployment of malware should a server becomes infected.

Detection of all currently known ‘Lua’ worms is included in the latest DAT update. Avert Lab’s recommendation is to use updated AV, properly configure permissions and introduce file change-control which is particularly important for all user-facing server systems.