Gamer’s Security: Trojan wreaks havoc by stealing information

July 21, 2008

FORT LAUDERDALE, Fla. – May 31, 2007 – BitDefender® Labs issued a warning today that an attacker has added an instruction to download an executable to a bit of previously innocuous Java Script which handles font resizing – one which exists in every public-facing page of the TCSDaily news website.
The number of systems exposed to the attack suddenly spiked when a post linking to an article hosted on the compromised TCSDaily website appeared on the social news aggregator site Reddit.

The malicious Java Script makes the user’s browser download and execute a Trojan – detected by BitDefender as Trojan.Downloader.Small.BIB – which is hosted on a Chinese website, which is probably also compromised.

“It’s a pretty simple piece of malware, but it’s obfuscated, so most antivirus programs could not detect it,” said Marius Tivadar, BitDefender antivirus researcher. “A drive-by download is like that – one often gets infected at first with something that is nearly innocuous and really stealthy, the kind of thing antivirus software is most likely to just ignore, but once your system is infected, all bets are off.”

The Trojan downloader itself downloads, from the same Chinese website, four other bits of malware, namely a backdoor, a bit of adware, a password stealer and another Trojan, by the names of, respectively Backdoor.Poisonivy.M, Adware.Bho.WOX, Trojan.Pws.OnlineGames.AUD and Trojan.Agent.ADL.

Trojan.Agent.ADL also downloads yet more malware (detected by BitDefender as Backdoor.Hupigon.YEO) from yet another website.

“We were hot on the trail and finding new malware everywhere as the analysis proceeded,” BitDefender antivirus researcher Mihai Calota, who had been tasked with charting out the threat. “It’s like diving into caves – there’s always this new nook which turns out to be a passage to a new room.”

P.S To those people who are using “Cabal Rider” Software, scan your PCs asap. Information that I have gathered points out that the trojan was being mass distributed by the usage of this program. Please have your PCs scanned asap.

For total safety precautions and malware/trojan prevention, I suggest using BitDefender 2008 AV Software
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: