• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Vulnerabilities   »   Targeted Attack Against Chinese Gamers in New Zero-Day Exploit

Targeted Attack Against Chinese Gamers in New Zero-Day Exploit

  • Posted on:February 5, 2008 at 9:49 pm
  • Posted in:Vulnerabilities
  • Author:
    Macky Cruz (Technical Communications)
0

It seems that cyber criminals are hoping to take advantage of the Chinese New Year.

A few hours ago, Trend Micro researchers were alerted to malicious URLs that were supposedly exploiting a certain Chinese gaming application. Research Project Manager Ivan Macalintal was later on able to confirm that these URLs indeed carried lines of code attempting to exploit popular Chinese gaming platform Lianzong.

Thankfully, Trend Micro Web Threat Protection proactively detects this as EXPL_EXECOD.A, and so Trend Micro users have, in fact, already been protected against this threat at the onset.

This exploit resides in a line of code which references an exploitable DLL file. This code downloads a Trojan downloader (TROJ_DLOADER.DUY) from a certain URL, which in turn downloads a configuration file from another URL. The said URL contains links to several malicious executables hosted in other domains known to house malware. Said executables are mostly MMORPG password stealers such as the following:

  • TSPY_ONLINEG.LPE
  • TSPY_ONLINEG.MGU
  • TSPY_ONLINEG.OCN
  • TSPY_ONLINEG.OMQ
  • TSPY_ONLINEG.OMR
  • TSPY_ONLINEG.OMS
  • TSPY_ONLINEG.OMT
  • TSPY_ONLINEG.OMU
  • TSPY_ONLINEG.OMV
  • TSPY_ONLINEG.OMW
  • TSPY_ONLINEG.OMX
  • TSPY_ONLINEG.OMY
  • TSPY_ONLINEG.ONB
  • TSPY_ONLINEG.ONC
  • TSPY_ONLINEG.OND
  • TSPY_ONLINEG.ONE
  • TSPY_ONLINEG.ONF
  • TSPY_ONLINEG.ONG
  • TSPY_ONLINEG.WN

This attack is evidence of the increasing interest by cyber criminals to home in on certain user groups by taking advantage of the vulnerabilities of local but widely used applications.

As of this writing, no patch has been given by the vendor yet. Meanwhile, users, especially those in China, should practice safe browsing. Users should also install patches once they are made available; these should be found at the vendor’s Web site here.

More information about this attack here.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: Chinese gamersExploitslianzongVulnerabilities

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.