The latest Microsoft Malicious Software Removal Tool (MSRT) has deleted online
game password-stealing malware from some two million machines, the
company said.
The threat appearing the most is a China-based worm known as Taterf, part
of the Frethog family, Matt McCormack, a spokesman in Microsoft's
Malware Response Center, wrote in a blog post Friday.
The worm steals gaming credentials either through traditional
keylogging or by injecting itself into game clients and reading memory,
McCormack said.
It is executed when an unsuspecting user views a
malicious website, and spreads by copying itself to the root of all
fixed or removable drives on the infected system.
"Once they have your details, they are sent back to a remote location
and are eventually sold to the highest bidder," McCormack said. "After that,
you may find your [virtual] gold gone...on your next login."
Jamz Yaneza, a threat researcher with anti-malware firm Trend Micro,
said password stealing worms and trojans for online games are becoming
more common because logins hold real-world value.
"There's a huge underground market for these accounts," he said.
"There's real cash being used there. You have to pay some form of
membership. And it's like getting an upgrade on an airline. You gotta
pay a few bucks to get more stuff."
Many of the attack scenarios take advantage of social engineering and uneducated users, Yaneza said.
For example, the widespread Adobe Flash exploit, uncovered last month,
was taking advantage of a previously patched vulnerability and was
delivering a trojan aimed at stealing World of Warcraft account
information.
"People never see [these password stealers] installed on their desktop, and not many people patch on time," he said. "It's not just the operating system under attack, it's now an attack on applications."
One day after the latest MSRT was released with the June 10 security
updates, it removed the Taterf worm from more than 700,000 machines. By week's
end, that number was up to 1.3 million.
"For comparison, [the Storm Worm] was removed from less than half that
in its first month," McCormack said. "These are ridiculous numbers of infections my friends, absolutely mind-boggling."
Many of the infections are occurring outside of the United States,
mainly in China, where multi-player games, such as Legend of Mir, are popular. Still, in its first week, the tool found about 215,000 machines in the United States infected with password-stealing malware.
See original article on scmagazineus.com