Thursday, August 30, 2007

Massive Online Games Malware Attack

Despite Storm Worm's worldwide media coverage, there're many other malware campaigns currently active in the wild, again exploiting outdated browser vulnerabilities such as this one aiming to steal passwords for MMORPGs. The folks at the SANS ISC recently assessed yet another malicious URL following a lead from the recently breached site of Leuven, a city in Belgium. Apparently, the Chinese domain that's naturally exploiting an already patched vulnerability has been embedded within many other sites as well. MMORPGs password stealing malware is nothing new especially in Asia where online games dominate the vast majority of Internet activity for local netizens. Creative typosquatting domain scams are still filling different domain niches left at the phisher's disposal.

VBS/Psyme.CB detection rate :
Result: 10/32 (31.25%)
File size: 9857 bytes
MD5: 2a5eff5381cec4a7d5478b989aeb2ada
SHA1: e08cdb74965c31b70ab24d82761b652035283a87

Trojan-PSW.Win32.WOW.sp detection rate :
Result: 19/32 (59.38%)
File size: 52170 bytes
MD5: f37a18d2e991ef5cd7ea7a4dfcb6e3f5
SHA1: c1cbee89ba1033b8e739067eab086f70b476c5aa

What's also worth mentioning is that the campaign has a built-in freely available counter compared to the typical campaigns who tend to use malware kits for C&C and detailed statistics of the infected population.

No comments:

Post a Comment