Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • About Us

    It seems that cyber criminals are hoping to take advantage of the Chinese New Year.

    A few hours ago, Trend Micro researchers were alerted to malicious URLs that were supposedly exploiting a certain Chinese gaming application. Research Project Manager Ivan Macalintal was later on able to confirm that these URLs indeed carried lines of code attempting to exploit popular Chinese gaming platform Lianzong.

    Thankfully, Trend Micro Web Threat Protection proactively detects this as EXPL_EXECOD.A, and so Trend Micro users have, in fact, already been protected against this threat at the onset.

    This exploit resides in a line of code which references an exploitable DLL file. This code downloads a Trojan downloader (TROJ_DLOADER.DUY) from a certain URL, which in turn downloads a configuration file from another URL. The said URL contains links to several malicious executables hosted in other domains known to house malware. Said executables are mostly MMORPG password stealers such as the following:

    • TSPY_ONLINEG.LPE
    • TSPY_ONLINEG.MGU
    • TSPY_ONLINEG.OCN
    • TSPY_ONLINEG.OMQ
    • TSPY_ONLINEG.OMR
    • TSPY_ONLINEG.OMS
    • TSPY_ONLINEG.OMT
    • TSPY_ONLINEG.OMU
    • TSPY_ONLINEG.OMV
    • TSPY_ONLINEG.OMW
    • TSPY_ONLINEG.OMX
    • TSPY_ONLINEG.OMY
    • TSPY_ONLINEG.ONB
    • TSPY_ONLINEG.ONC
    • TSPY_ONLINEG.OND
    • TSPY_ONLINEG.ONE
    • TSPY_ONLINEG.ONF
    • TSPY_ONLINEG.ONG
    • TSPY_ONLINEG.WN

    This attack is evidence of the increasing interest by cyber criminals to home in on certain user groups by taking advantage of the vulnerabilities of local but widely used applications.

    As of this writing, no patch has been given by the vendor yet. Meanwhile, users, especially those in China, should practice safe browsing. Users should also install patches once they are made available; these should be found at the vendor’s Web site here.

    More information about this attack here.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice