Microsoft says password stealers pose biggest threat

Powered by SC Magazine
 

The top two threat families on Microsoft's detection and removal list this month are online game password stealers (PWS).

The top two threat families on Microsoft's detection and removal list this month are online game password stealers (PWS).

These threats are now predominantly occurring in the United States -- a shift from last June when they mostly were detected in China.

In one week, Microsoft's free Malicious Software Removal Tool (MSRT) cleaned more than 980,000 machines from the Taterf worm -- the top threat family this month, Scott Wu, a spokesman in Microsoft's Malware Response Center, wrote in a blog post. The worm steals gaming credentials either through keylogging or by injecting itself into game clients and reading memory.

The MSRT, released on the second Tuesday of each month, checks computers running Windows Vista, XP, 2000 and Windows Server 2003 for infections by prevalent malware and helps remove infections.

The second most detected and removed malware family this month is Frethog, another PWS, which MSRT cleaned off 316,971 machines in one week, Wu said.

Jamz Yaneza, a threat researcher with anti-malware firm Trend Micro, told SCMagazineUS.com that the motivation behind these threats is financial. Many online games have in-game currency or "game gold." Portals to convert these various game currencies into real world cash have been available for some time.

Stolen game login credentials are similar to stolen banking passwords, since game currency can be turned into real cash, Yaneza said.

For several years, China and Korea have been the predominant locations where these threats have cropped up because games such as "Legends of Mir" and "Lineage" have large user bases there. But as of this month, the United States is the most prevalent region for PWS threats, with the most infected systems identified here.

Yaneza said this is because the rest of the world has caught up to the quality of online games produced in Asia in terms of graphics and story lines, which has prompted United States and Europe-based servers to be installed and development to increase to cater to these growing markets.

Taterf and Frethog were added to the MSRT detection list last June. Since then, Taterf has remained in the top five every month and Frethog only dropped off the list during November and December, Wu said.

Because of this, PWS threats appear to be more resilient than other threat families -- including rogue security software. The Win32/FakeSecSen rogue security software topped the MSRT list in November, then dropped in the rankings to number 20 the next month. Another threat in the rogue security software family,Win32/FakeXPA, hit number one in December then fell to number nine the following month, Wu said.

"Malware authors are busy updating Taterf and Frethog to make these threats highly polymorphic and to distribute variations of the same codebase to multiple criminal groups," Wu said. "This month we still saw 17,070 different Taterf and 26,420 different Frethog files."

Copyright © SC Magazine, US edition


 
 
 
Top Stories
AGL restructure sees CIO depart
Owen Coppage to leave after ten years.
 
Data: Advertising's best frenemy
STW Group's Tom Ceglarek faces a digital conundrum: he must feed his client's demand for performance insights while his industry is being undermined by data analysis.
 
Inside Telstra's multi-faceted cloud strategy
An overview of its own cloud and deals with Cisco, VMware, IBM and NextDC.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Small business win in a budget with 'fair' savings: Abbott
Apr 17, 2015
Tony Abbott has reaffirmed that the government’s aim is “always to get taxes ...
Xero now includes an inventory function built-in
Mar 26, 2015
Xero has added inventory and other major new features to the latest release of its cloud ...
Apple reveals its new MacBook
Mar 13, 2015
Replacing the MacBook Air as Apple's thinnest laptop, the new MacBook comes packed with features.
Xero has released a new version of its app for the iPad
Mar 6, 2015
iPad-wielding Xero users can now take advantage of a new version of the iOS app for the cloud ...
Microsoft is offering Azure for Disaster Recovery to Australian SMBs
Feb 10, 2015
If you haven't talked to your IT provider about disaster recovery, it might be worth discussing ...
Latest Comments
Polls
Do you support the Government's data retention scheme?

   |   View results
Yes
  11%
 
No
  89%
TOTAL VOTES: 2126

Vote