Three Malicious Programs Found Attacking Korean Gamers

Security investigators at MMPC (Microsoft Malware Protection Center) recently found three malicious programs, which seemingly target Korean online players, especially card game players, so published softpedia.com dated December 27, 2012.

Actually according to the researchers, the developers of the programs have been perceived as seeking to filch different information items off the victims' computers, while they're utilizing a few of their tactics to also deceive the victims.

Security Researcher Marianne Mallen from Microsoft says that the cyber-criminals have created their spyware for monitoring the gaming activity within applications such as baduki.exe, highlow2.exe, LASPOKER.EXE, poker7.exe, HOOLA3.exe, duelpoker.exe, and FRN.exe, reports threatpost.com dated December 26, 2012.

One of the malicious programs, Trojan:Win32/Urelas.C has been crafted in Delphi language and it captures the targeted and infected gaming software's screenshots. Consequently, the Trojan garners user credentials along with the remaining key PC identification details following which it transmits the collected data onto its controlling server through BMP, TIFF or JPG image files.

Another malicious program, Trojan:Win32/Gupboot.A does something extra by injecting a bootkit followed with performing a repeat utilization of Urelas' code for rewriting the MBR noted as Trojan:DOS/Gupboot.A. The malware's payload is partially created for letting kernel-type hooking for concealing its process as well as its dubious operations while the user plays, thereby compromising the system.

The last malicious program, Backdoor:Win32/Blohi.B lands on the victim's system camouflaged as any widely played game like StarCraft or Plants vs. Zombies. When planted, it initiates one particular search engine for verifying if the Internet connection is on. Thereafter, it intercepts keystrokes, spies on the gaming process, as well as captures screenshots that it subsequently uploads. Here Ms. Mallen explains that the Blohi Trojan may even show false blue-screen so the user will restart his computer which will make the Trojan load more malware. Esecurityplanet.com published this dated December 26, 2012.

Ms. Mallen posts that MMPC strictly advises end-users to remain careful about files downloaded online, particularly to check whether their sources are reputable. She warns that the three malware pretending to be installers can actually be the malware writers playing the gamers' chosen games on the latter's behalf.

Related article: Three MOOP’s Scooped

» SPAMfighter News - 1/4/2013