In the past few weeks, we have observed many Web sites that have been compromised to distribute browser exploits with the MPackkit. We’ve tracked many different MPack sources created with the intentof distributing different types of malicious codes. So far we’ve seenthe following malware samples installed while surfing sites compromisedby Mpack:
Recently we have seen an increase in Trojan horse programs that attempt to steal online gaming accounts. Massively multiplayer online role playing games (MMORPG), such as Lineage, Ragnarok Online, World of Warcraft, and Final Fantasy are often targeted by these Trojans. What is the purpose of the attacks? Money. Players can trade their virtual money or items used in their game of choice online, at a special market called RMT (Real Money Trading). RMT is run by third parties and is not usually permitted by the official game vendors; however, RMT has become a big market. A recent report stated that RMT has traded more than two billion USD thus far in 2006. So, if attackers can steal gaming account information from compromised computers, they can easily sell virtual money for real money in the RMT market.
Attackers use a variety of methods to install Trojans on compromised computers. One of these ways is to use a Web site. In the past, attackers used to...
The number of reports of “Downloader” has been increasing in recent years. Downloader is a small program that downloads another malware or security risk from the Internet. In order to protect your computer from these Downloader programs, we recommend using an updated antivirus product, controlling Internet access for each desktop program, and filtering entrusted domains (by URL or IP address) with a firewall. However, when users or network administrators need to determine which Internet resources are trusted or not, it can become difficult.
In many cases, Downloader will attempt to download other programs from a cheaply run (or even free) Web hosting service. Since domain registration is fairly simple to do and not that expensive, attackers will try to create an attractive Web site using their own domain name in order to gain the trust of visitors...
Over the last several months, new cases of information disclosure have been reported by the media nearly every day in Japan. These incidents are often caused by variants of the W32.Antinny worm that targets the Winny P2P file-sharing network. Once W32.Antinny infects a computer, it captures a screen shot and searches for Microsoft Office documents, email folders, and photos on the compromised computer and uploads these files to the Winny P2P network. Then, not only the author of the worm but also any other Winny users can download that information.
Winny is a P2P program that has several interesting features, one of them being anonymity. Users can search and download files from the Winny network, but noone can know who has the file or where the file is from because Winny hides this information from users. Users can only access the filenames that are available for download from the network. Another interesting feature is the way in which newly downloaded files are shared....
