Bogus ‘XBox Live’ Software Disseminating Trojan
Researchers at security firm Sunbelt cautioned Xbox gamers to watch out for fake websites pushing XBox Live software, as reported by PC1news.com on April 12, 2010.
The researchers said that a Do-It-Yourself (DIY) toolkit was being circulated online with which attackers could design fake websites. Subsequently, they could implant malicious code on these websites to infect users' PCs with malware.
The malicious DIY toolkit contains six files, including one PNG image, one JAR file, two GIF and two Firefox documents.
When any user accesses the DIY kit crafted website, he's likely to find an empty page containing a Java notification along with a bogus Softpedia file visible at the end of the screen. This empty Web-page is activated with the help of just two HTML pages, a Java file and a bogus image.
After a couple of seconds, the screen gets slightly more active as a splash Web-page appears proclaiming that XBox software is being loaded. Besides, each of these actions merely pretends that tricks the end-user into accepting the digital signature of the software.
Accordingly, a permission screen of the Java Application Digital Signature appears that states that no trustworthy source can verify the signature; therefore, the user must run it only when he trusts the application's source.
Moreover, the researchers stated that the malicious attackers have used Microsoft's name as the publisher. Consequently, it is always relatively easy to get potential victims into clicking for activation, as reported by SunbeltBLOG on April 8, 2010.
So, when the user clicks on for activation, a file is downloaded that's designed to capture certain things and then execute them. With this, everything gets terribly wrong for each and every person concerned except the individual making the bogus software page.
Moreover, when the specially designed file is executed, an executable named "Crypted.exe" appears inside the user's Temp folder. This .exe file is in fact a Trojan named Trojan-PWS.Win32.Fignotok.A, which steals passwords for software like Steam, DynDNS, Firefox, and different IM clients.
It's therefore advisable that the users remain careful of unfamiliar software asking their participation. Additionally, they must update their anti-viruses and install all the OS security patches that Microsoft issues from time-to-time.
Related article: Bugs Swell In Browsers in 2006
» SPAMfighter News - 23-04-2010