China’s Famous Online Game Channel Compromised

As per a recent warning issued by security vendor Websense, the game channel of a famous information and entertainment website of China, Mop.com, has been hijacked, which has made online gamers' accounts vulnerable to theft, as per the news published by ZDNet on June 1, 2010.

Websense noted in its blog post that the website has over 50 Million registered users and it records more than 200 Million pageviews a day. It stated that the game website is particularly famous among the aficionados of the World of Warcraft. According to Alexa's list, the website ranks No. 274 among the most heavily visited websites across the world.

The security firm said that cyber crooks injected malicious code into the game website by means of modifying a Javascript file called "ajax.js" which is referenced by the website. This deploys a technique typically used by blackhat SEO attackers that the malicious code is served to the users only when they open the webpage through the search results from baidu.com, which is a very well-known search engine in China.

The malevolent code then performs another check to know if the famous Chinese anti-virus solution 360 Safeguard is in place or not. In case it is not found, the malicious code keeps on exploiting the computer, which is then redirected to the two malware-containing URLs.

The shellcode, at this stage, will run through a zero-day vulnerability in Internet Explorer 6 and 7. To address the vulnerability, software giant Microsoft issued an out-of-brand update, known as MS10-18, on March 30, 2010. The update fixes one publicly revealed and nine privately reported vulnerabilities in Internet Explorer. It is notable that the most critical security vulnerabilities could facilitate hackers to remotely execute exploit code on a system if a user visits a specifically-designed webpage through Internet Explorer.

The security vendor discovered that the shellcode used in this exploit will enable the executable remote file, known as 55.exe, to get downloaded. The file, as per Websense, has extremely low anti-virus detection. The shellcode then decodes the file. After the file is decoded, it is identified as an Internet game information stealer.

In the meantime, other security vendors, including Symantec and Fortinet, have advised users to remain cautious as cyber crooks are getting increasingly attracted towards online game assets and identities.

Related article: China’s Best Initiatives To Deal With Spam

» SPAMfighter News - 6/8/2010