Game Password Stealers Exploit 0-day DirectX Vulnerability
It is nothing short of ironic that game password stealing malware is being associated with an exploit designed to target a vulnerability in DirectX. But Microsoft officially confirmed that malicious code designed to harvest account credentials for online games had been detected bundled with exploits targeting the DirectShow vulnerability impacting Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003.
The flaw is Critical, the company warned in May 2009, when it revealed that users executing malicious QuickTime media files were at risk of remote code execution.
“Users, upon visiting a specially constructed web page that invokes the vulnerable media plug-in, will encounter exploit shellcode, which further execute and download additional malware to the infected machines. Intending to bypass antimalware protection, malware binaries are encrypted in the download data stream. New dog, same old tricks. To wrap up the attack scene, under the cover of the new exploits are the old long-lived online-game password stealers: PWS:Win32/Wowsteal.AP (drops PWS:Win32/Wowsteal.AP.dll); TrojanDropper:Win32/Dozmot.C (drops PWS:Win32/Dozmot.C and VirTool:WinNT/Dozmot.A); and TrojanSpy:Win32/Lydra.AE,†revealed Microsoft’s Lena Lin, Cristian Craioveanu, Josh Phillips and Patrick Nolan. Read More»
Loading ...
