Online Game Password Stealers exploit 0-day DirectX vulnerability, Microsoft

Microsoft confirmed that malicious code designed to harvest online games account credentials had been detected bundled with exploits targeting the DirectShow vulnerability impacting Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003. “Users, upon visiting a specially constructed web page that invokes the vulnerable media plug-in, will encounter exploit shellcode, which further execute and download […]
Microsoft confirmed that malicious code designed to harvest online games account credentials had been detected bundled with exploits targeting the DirectShow vulnerability impacting Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003. “Users, upon visiting a specially constructed web page that invokes the vulnerable media plug-in, will encounter exploit shellcode, which further execute and download additional malware to the infected machines. Intending to bypass antimalware protection, malware binaries are encrypted in the download data stream. New dog, same old tricks. To wrap up the attack scene, under the cover of the new exploits are the old long-lived online-game password stealers: PWS:Win32/Wowsteal.AP (drops PWS:Win32/Wowsteal.AP.dll); TrojanDropper:Win32/Dozmot.C (drops PWS:Win32/Dozmot.C and VirTool:WinNT/Dozmot.A); and TrojanSpy:Win32/Lydra.AE. We recommend you revisit these security tips during your online and gaming adventures,” revealed.

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.