Threat Research & Response Blog
I had the privilege of presenting a couple of weeks ago at Gamefest 2008—a Microsoft sponsored technical conference targeted at the games industry. I spoke about game password stealers- what they do, which games are targeted by which families and the behaviors of those families, prevalence, number of variants and so on. This is a completely different type of audience than the security folks to whom I usually present and it was a very refreshing change of pace. These were sharp, savvy technologists who are committed to a great experience for their customers and pushing the limits every day. In other words, these are my kind of folks.
As we've talked about these before in this blog I thought I'd provide some updated numbers. Thanks to inclusion in the Malicious Software Removal Tool we have been able to remove more than 7.6 million game password stealers. These trojans target an array of games and game related sites including Lineage, World of Warcraft, Legend of Mir, MapleStory, ZhengTu, Perfect World, QQ and many others. Some of these don't stop with game credentials but also target various web sites. This is not all of the malware families which steal passwords but, even so, we see a significant amount of activity in this space- even more so than the threats which tend to become news.
What's also interesting is the geographic distribution. Looking at Win32/Frethog and Win32/Taterf as examples we see the largest majority of the infections in Chinese locales where gaming is often done at Internet cafes or on other public terminals. Remember, if you can't trust the machine, you probably shouldn't input any credentials you aren't willing to lose. This is not to suggest that public terminals are to blame for password stealers, they merely represent an opportunity for an attacker to compromise many accounts. Folks who run these terminals should ensure that they are always up to date with security updates and that they are running up to date antivirus software and have a firewall in place and active. It would also be a best practice to prevent customers from installing software or, if that is not practical for the business, to revert to a known clean state at the end of each session through the use of virtualized images. If you do use virtualized images as a method of maintaining a known state make sure to keep those images up to date on security updates as well as anti-virus definitions as part of your ongoing maintenance.
English (United States)
Spanish (Spain, Modern Sort)
Arabic (Saudi Arabia)
Chinese (Hong Kong SAR, PRC)
English (United Kingdom)
Spanish (Spain, Traditional Sort)
Greetings, As you probably figured out from Matt McCormack’s post , and Jeff William's post ; there are
<<本文章转译自 Microsoft Malware Protection Center 博客文章 " MSRT Observations – Online Game Password Stealers