Malware Pretends To Be Starcraft II Wings of Liberty

According to fresh reports from Softpedia published on September 13, 2010, Microsoft has cautioned that cyber-criminals are again exploiting Blizzard Entertainment's video game 'Starcraft II Wings of Liberty' so they may disseminate more malicious programs.

Previously, attackers targeted Starcraft II at the time the game was introduced. malware then faked Wings of Liberty and installed harmful .exe files that victimized users.

Nonetheless, according to the latest alert, cyber-criminals are using the game in social engineering tactics through a downloader group of malware known as Harnig. Numerous other existing threats such as Koobface, FakeSpypro and Bubnix employ Harnig for installing their payload on users' PCs, the alert states. Microsoft blog published this on September 12, 2010.

State the security researchers that Harnig is a highly widespread malware that's proliferating through the Web. Statistics show that around 140,000 files were identified as Harnig.gen!P during August 2010 alone.

Microsoft, which studied one sample, found that the malware made end-users believe that Starcraft II was linked up with a distorted file, while it utilized Starcraft II's icon. Indeed, a typical instance of social engineering, this trick involves a strong lure as in the current instance, a pledge for providing Starcraft II's pirated version for free, whereas it in reality causes malware to proliferate via infected files, observe the researchers.

So when run, the malware plants twin files -activa-1.exe, which's a disguised file, and sc2.exe, which's a real duplicate of Starcraft II's executable.

Disturbingly, apart from Harnig, some other malware programs too camouflage as components of Starcraft II so they can infiltrate users' PCs. For instance, PWS:Win32/PWSteal.M that though doesn't look like the same sc2.exe file, still the idea behind it is the same.

Further, the PWSteal.M program works like an AutoIT code that's incorporated into a separate .exe file, apparently downloading and executing different software that capture users' credentials. Thus, soon as Steam account credentials along with usernames and passwords are captured from Firefox, Internet Explorer, MSN Messenger or File Zilla, the program transmits all the information back to its controller.

Hence it's advisable that users deploy an up-to-date anti-virus and avoid all dubious web-links.

Related article: Malware Authors Turn More Insidious

» SPAMfighter News - 9/22/2010