Despite Storm Worm's worldwide media coverage, there're many other malware campaigns currently active in the wild, again exploiting outdated browser vulnerabilities such as this one aiming to steal passwords for MMORPGs. The folks at the SANS ISC recently assessed yet another malicious URL following a lead from the recently breached site of Leuven, a city in Belgium. Apparently, the Chinese domain that's naturally exploiting an already patched vulnerability has been embedded within many other sites as well. MMORPGs password stealing malware is nothing new especially in Asia where online games dominate the vast majority of Internet activity for local netizens. Creative typosquatting domain scams are still filling different domain niches left at the phisher's disposal.
VBS/Psyme.CB detection rate :
Result: 10/32 (31.25%)
File size: 9857 bytes
MD5: 2a5eff5381cec4a7d5478b989aeb2ada
SHA1: e08cdb74965c31b70ab24d82761b652035283a87
Trojan-PSW.Win32.WOW.sp detection rate :
Result: 19/32 (59.38%)
File size: 52170 bytes
MD5: f37a18d2e991ef5cd7ea7a4dfcb6e3f5
SHA1: c1cbee89ba1033b8e739067eab086f70b476c5aa
What's also worth mentioning is that the campaign has a built-in freely available counter compared to the typical campaigns who tend to use malware kits for C&C and detailed statistics of the infected population.
Independent Contractor. Bitcoin: 15Zvie1j8CjSR52doVSZSjctCDSx3pDjKZ Email: dancho.danchev@hush.com OMEMO: ddanchev@conversations.im | OTR: danchodanchev@xmpp.jp | TOX ID: 2E6FCA35A18AA76B2CCE33B55404A796F077CADA56F38922A1988AA381AE617A15D3D3E3E6F1
Thursday, August 30, 2007
Massive Online Games Malware Attack
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment