In the online gaming world, MMORPGs (Massively Multiplayer Online Role-playing Games) are the most popular worldwide, exceeding 15 million users in 2006 and earning billions of dollars in revenue to date. It’s a booming business, no doubt. This is why a lot of MMORPG sites that offer various services to help players boost their character abilities have been mushrooming in every corner of the Web world. This is also why these sites have been a favorite target by malicious users.

Such is the case for Gameige.com. This Web site offers power leveling services (such as upgrade of a player’s game character, skills, level and etc…) for popular online games such as World of Warcraft (WoW), Lord of the Rings, Lineage2, EverQuest.

Earlier today, Trend Micro Threat Analyst Jonell Baltazar reports that Gameige.com has been compromised to contain several malicious iFrames leading to the download of several Trojans and spyware programs.

When the said MMPORGP site is accessed, it opens the following Web pages:

• http://www.{BLOCKED}g.org/download/text/1.htm
• http://www.{BLOCKED}g.org/download/text/2.htm
• http://www.{BLOCKED}g.org/download/text/3.htm
• http://www.{BLOCKED}cx.cn/wm.htm?id=823
• http://www.{BLOCKED}anyu.net/noopxp/oo/ico.gif?1717

These Web pages house a bunch of exploit codes, which in turn downloads various malware, such as the following, among other generic packers and information-stealers:

• TSPY_ONLINEG.IRZ
• TSPY_ONLINEG.ISZ
• TSPY_ONLINEG.LKC
• TROJ_UPACK.AG
• PE_LOOKED.GEN
• WORM_DLOADER.TCG

Note that as of this writing, the Web sites may still be active. The exploit takes advantage of the Microsoft Data Access Components (MS06-014) and BaoFeng Storm ActiveX Controls Multiple Remote Buffer Overflow vulnerabilities in order to download these malicious programs.