Security Response has discovered a threat that is being talked about among some members of certain discussion groups in Japan. The threat, named Infostealer.Kenzero, teaches yet another lesson to those using file-sharing networks not to download illegal games. Infostealer.Kenzero primarily arrives in the guise of setup.exe, which in this case is a fake installation file for Japanese pornographic games that are circulating around the file-sharing network “Share.” Several pornographic games have been reported to include this malicious setup.exe file.
Once the setup.exe file is executed it attempts to download image files (.bmp) from a predetermined website. Using these images, the threat brings up a form that asks the user to enter personal information, including his or her full name, password for the game, email address, postal code, residential address, gender, company name, and telephone number. Users who desperately want to play the games may hurriedly complete the form without realizing that this dangerous online practice will come back and haunt them. They will soon find out that the information they have provided is to be made available on a public website, along with system information and screenshots of their desktop.
We have come across several similar cases before. However, those uploaded desktop pictures and private information do not seem to be punishment enough. As a security company we are always looking out for the users, but if you are navigating a dodgy and deceitful place, you must pay extra attention—just like you would in the real world.
What is the moral of this story? Always use legal and legitimate software.