Zero-Day Exploit for Lianzong Game Platform
Symantec has discovered a zero-day exploit for a popular Chinese gaming platformthat is currently active in the wild. The exploit targets twovulnerable methods in the file HanGamePluginCn18.dll (referenced byCLSID:61F5C358-60FB-4A23-A312-D2B556620F20), causing a buffer overflowcondition.
The exploit attempts to download a malicious file from mm[dot]sqmnoopt[dot]com, which is detected as Downloader.Additionally, a configuration file is downloaded fromcnxz[dot]kv8[dot]info, which contains links to 27 malicious executablesdownloaded from 444[dot]sqmnoopt[dot]com and 2[dot]kv8[dot]info. Thesefiles are detected as Infostealer.Gampass
The vendor has been contacted, and Symantec is performing deeperanalysis of this exploit, with addition information to be posted as itbecomes available.
About Security Response Blog
Our security research centers around the world provide unparalleled analysis of and protection from malware, security risks, vulnerabilities, and spam.
Filter by:
Recently on Twitter
- Strange Case of W32.Xpaj.B as Patient Zero http://t.co/8872Zu17 #virus24 May 2012
- A legitimate digitally signed file is misused in order to load #malware on to a computer: http://t.co/wZjNKKCh24 May 2012
- ZTE Score: Privilege of Escalation in a Nutshell http://t.co/Svj5T57F23 May 2012
- #Worm Posts on SNS Sites and Wipes out Rivals http://t.co/RWRIZdzU18 May 2012
- Beware #419 scams taking advantage of the #Facebook IPO: http://t.co/7TPOvR8w18 May 2012