Microsoft says password stealers pose biggest threat

Powered by SC Magazine
 

The top two threat families on Microsoft's detection and removal list this month are online game password stealers (PWS).

The top two threat families on Microsoft's detection and removal list this month are online game password stealers (PWS).

These threats are now predominantly occurring in the United States -- a shift from last June when they mostly were detected in China.

In one week, Microsoft's free Malicious Software Removal Tool (MSRT) cleaned more than 980,000 machines from the Taterf worm -- the top threat family this month, Scott Wu, a spokesman in Microsoft's Malware Response Center, wrote in a blog post. The worm steals gaming credentials either through keylogging or by injecting itself into game clients and reading memory.

The MSRT, released on the second Tuesday of each month, checks computers running Windows Vista, XP, 2000 and Windows Server 2003 for infections by prevalent malware and helps remove infections.

The second most detected and removed malware family this month is Frethog, another PWS, which MSRT cleaned off 316,971 machines in one week, Wu said.

Jamz Yaneza, a threat researcher with anti-malware firm Trend Micro, told SCMagazineUS.com that the motivation behind these threats is financial. Many online games have in-game currency or "game gold." Portals to convert these various game currencies into real world cash have been available for some time.

Stolen game login credentials are similar to stolen banking passwords, since game currency can be turned into real cash, Yaneza said.

For several years, China and Korea have been the predominant locations where these threats have cropped up because games such as "Legends of Mir" and "Lineage" have large user bases there. But as of this month, the United States is the most prevalent region for PWS threats, with the most infected systems identified here.

Yaneza said this is because the rest of the world has caught up to the quality of online games produced in Asia in terms of graphics and story lines, which has prompted United States and Europe-based servers to be installed and development to increase to cater to these growing markets.

Taterf and Frethog were added to the MSRT detection list last June. Since then, Taterf has remained in the top five every month and Frethog only dropped off the list during November and December, Wu said.

Because of this, PWS threats appear to be more resilient than other threat families -- including rogue security software. The Win32/FakeSecSen rogue security software topped the MSRT list in November, then dropped in the rankings to number 20 the next month. Another threat in the rogue security software family,Win32/FakeXPA, hit number one in December then fell to number nine the following month, Wu said.

"Malware authors are busy updating Taterf and Frethog to make these threats highly polymorphic and to distribute variations of the same codebase to multiple criminal groups," Wu said. "This month we still saw 17,070 different Taterf and 26,420 different Frethog files."

Copyright © SC Magazine, US edition


 
 
 
Top Stories
ATO shaves $4m off IT contractor panel
Reform cuts admin burden, introduces KPIs.
 
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Do you direct debit customers? Read this
Oct 10, 2014
Authorities have been targeting direct debit practices with iiNet and Dodo receiving formal ...
Optus expands 4G coverage
Oct 10, 2014
If you rely on an Optus phone for work you might be interested to know that there are now 200 ...
Microsoft Office is now free for some charities
Oct 10, 2014
Microsoft has announced that eligible Australian non-profit organisations and charities can now ...
Vodafone lights up 4G in Adelaide
Oct 9, 2014
Live and work in Adelaide? Vodafone has switched on its 4G network in the city and suburbs.
Next year tradies will be able to take payments using ingogo
Oct 3, 2014
Ingogo is going to provide a card payment service for Xero users.
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  13%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  25%
TOTAL VOTES: 438

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  54%
 
No
  46%
TOTAL VOTES: 210

Vote