Hackers looking to steal passwords used in popular online games have infected more than 10,000 Web pages in recent days. The Web attack, which appears to be a coordinated effort run out of servers in China, was first noticed by McAfee researchers on Wednesday morning. Within hours, the security company had tracked more than 10,000 Web pages infected on hundreds of Web sites.
McAfee isn't sure how so many sites have been hacked, but "given how quickly some of these attacks have come on, it does seem like some automation has gone on," said Craig Schmugar, a researcher with McAfee's Avert Labs. In the past, attackers have used search engines to scour the Internet for vulnerable Web sites and then written automated tools to flood them with attacks, which ultimately let criminals use legitimate sites to serve up their malicious code.
The attack code takes advantage of bugs that have already been patched, so users whose software is up-to-date are not at risk. However, McAfee warns that some of the exploits are for obscure programs such as ActiveX controls for online games, which users may not think to patch.
If the code is successful, it then installs a password-stealing program on the victim's computer that looks for passwords for a number of online games, including the Lord of the Rings Online.
Hacker, Passwords, Online Games, Web Pages