Microsoft reports mass cleanup of gaming password stealers

By on

The latest Microsoft Malicious Software Removal Tool (MSRT) has deleted online game password-stealing malware from some two million machines.

The latest Microsoft Malicious Software Removal Tool (MSRT) has deleted online game password-stealing malware from some two million machines, the company said.

The latest Microsoft Malicious Software Removal Tool (MSRT) has deleted online
game password-stealing malware from some two million machines, the
company said.

The threat appearing the most is a China-based worm known as Taterf, part
of the Frethog family, Matt McCormack, a spokesman in Microsoft's
Malware Response Center, wrote in a blog post Friday.

The worm steals gaming credentials either through traditional
keylogging or by injecting itself into game clients and reading memory,
McCormack said.

It is executed when an unsuspecting user views a
malicious website, and spreads by copying itself to the root of all
fixed or removable drives on the infected system.

"Once they have your details, they are sent back to a remote location
and are eventually sold to the highest bidder," McCormack said. "After that,
you may find your [virtual] gold gone...on your next login."

Jamz Yaneza, a threat researcher with anti-malware firm Trend Micro,
said password stealing worms and trojans for online games are becoming
more common because logins hold real-world value.

"There's a huge underground market for these accounts," he said.
"There's real cash being used there. You have to pay some form of
membership. And it's like getting an upgrade on an airline. You gotta
pay a few bucks to get more stuff."

Many of the attack scenarios take advantage of social engineering and uneducated users, Yaneza said.

For example, the widespread Adobe Flash exploit, uncovered last month,
was taking advantage of a previously patched vulnerability and was
delivering a trojan aimed at stealing World of Warcraft account
information.

"People never see [these password stealers] installed on their desktop, and not many people patch on time," he said. "It's not just the operating system under attack, it's now an attack on applications."

One day after the latest MSRT was released with the June 10 security
updates, it removed the Taterf worm from more than 700,000 machines. By week's
end, that number was up to 1.3 million.

"For comparison, [the Storm Worm] was removed from less than half that
in its first month," McCormack said. "These are ridiculous numbers of infections my friends, absolutely mind-boggling."

Many of the infections are occurring outside of the United States,
mainly in China, where multi-player games, such as Legend of Mir, are popular. Still, in its first week, the tool found about 215,000 machines in the United States infected with password-stealing malware.

See original article on scmagazineus.com
Copyright © SC Magazine, US edition
Tags:
gaming microsoft password security

Most Read Articles

SA Dept Premier and Cabinet sacks CIO

SA Dept Premier and Cabinet sacks CIO
Optus fibre cable cut in Melbourne

Optus fibre cable cut in Melbourne
NBN Co finally reveals satellite users who will lose ADSL

NBN Co finally reveals satellite users who will lose ADSL
Equifax's top tech execs leave 'effective immediately'

Equifax's top tech execs leave 'effective immediately'
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators
The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators
Solving IT complexity
Solving IT complexity
Optimising Enterprise Data Centres for the Cloud
Optimising Enterprise Data Centres for the Cloud
Growing companies have a growing interest in technology
Growing companies have a growing interest in technology
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
RSA NetWitness® Endpoint. Respond 3X Faster to Threats

Events

Log In

Username:
Password:
|  Forgot your password?