Hackers Infect 10,000 Web Pages to Steal Gamers’ Passwords

As per reports PCWorld published on March 12, 2008, hackers seeking to capture passwords for popular Internet games have caused infection in over 10,000 Web pages during the early days of March 2008.

According to McAfee, which reported these attacks on March 12, 2008, the assaults seem to be an organized operation out of several servers situated in China.

As reported earlier, malware and trojans have been found in equipment from China recently. Another similar Trojan for stealing password was detected in USB picture frames that were shipped in the US in January 2008. The high-tech program used the 'autorun' function to implant itself on a target computer and changed the registry component to block viewing of concealed files. It also turned off the security features like antivirus and other software.

Security Researcher Craig Schmugar with McAfee's Avert Labs said that it is not clear to McAfee how such a large number of sites can be hacked, but since the attacks came quite fast, it seems some automation is behind the process. PCWorld reported this in news on March 12, 2008.

McAfee said that the reprogrammed pages are likely to be target of an automated assault that scanned the Net for non-secured servers and implanted a malicious JavaScript that redirected visitors to a China-based site delivering the malware.

There is also a possibility that the combination of malicious codes tried to exploit bugs in RealPlayer, Windows and other programs to hack into computers. A backdoor too subsequently allowed the installation of more malware.

Like before, attackers in this case have taken the help of search engines in an effort to hunt the Web for weakly secured Websites and then automated applications to inundate them with malicious attacks. This ultimately allowed criminals to use genuine sites to deliver their malware.

Reports suggest that this same tactic was employed in 2007, when hackers infected the Dolphins Stadium and Miami Dolphins Websites in precedence to the 2007 Super Bowl XLI football league.

According to McAfee researchers, if the malware code succeeds, then it loads a password-stealing malware on the computer of the victim to look for online game passwords.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 3/21/2008