Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

New Trojan Poses Threat to Online Gamers

According to the Webroot security researchers, a newly found Trojan named - Trojan-PWS-Cashcab - is attacking computer gamers and steals passwords. The Trojan has probably originated in China.

According to them, the Trojan modifies at least one of the basic DirectX files such as DirectDraw, Direct3D or DirectSound. Consequently, the Trojan installs when Windows runs the modified Dx (DirectX) driver. Since Dx is normally utilized when online games are played, it implies that this dangerous Trojan becomes active when players download a computer game, and when the game is terminated, it deactivates itself.

Webroot discloses that the installer plants one or more keylogger component randomly named DLL (Dynamic-link Library) in c:\windows\system. After the installation of keylogger, it modifies at least one DirectX file. Every changed DirectX file is utilized for installing a single keylogger payload. This implies that in case the installer plants 4 keyloggers, it will change 4 DirectX files as well.

In addition to stealing keystrokes, the Trojan captures screenshots of everything on the computer-screen. During this time, when the Trojan is active, it packages all the things in a .cab folder and subsequently uploaded to a remote server. After the analysis of the components of the Cashcab keylogger, it can be said that the Trojan targets various popular Massively Multiplayer Online (MMO) games like World-of-Warcraft of Blizzard and Aion of NCSoft, the researchers note.

However, despite no anti-virus software installed on the PC of a player, it is still possible to detect the infection on the system, said the researchers.

Consequently, Webroot explains that users can easily identify whether this horrible malware is residing inside their systems or not by executing Microsoft's Dx Diagnostics software, packaged with Windows. During the execution, it is necessary to input information inside a tiny checkbox placed downwards. If the line, which suggests the absence of a driver alternatively the digital signature of Microsoft, is there, it will imply that the user has the Trojan virus on his computer.

Nevertheless, it can be removed with the user just loading up-to-date DirectX version replacing the one contaminated, following which the offensive malware will disappear.

Related article: New Zealand Releases Code To Reduce Spam

ยป SPAMfighter News - 6/2/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next