|07 Apr 2010||#1|
Internet Café, DirectX, and Online Games.
Last February, our colleague Chun blogged about trojanDownloader:Win32/Chekafe.A, which checks if the system is in an Internet Cafe and if so, downloads password-stealing trojans related to MMORPG online games. Now, we look deeper into one of the downloaded trojans, which is PWS:Win32/OnLineGames.GP (example SHA1: 935c02f86ed1212237a6a78801f41eb4a43d9ade).
PWS:Win32/OnLineGames.GP, just like other password-stealing trojans, monitors certain processes related to MMORPG online games in order to steal account information, the account password, character status and gold count. From way back, we've seen the transformation of these password-stealing trojans from logging keystrokes to monitoring window names and even adding worm capabilities. Lately we have observed that aside from the abovementioned arsenal,
PWS:Win32/OnLineGames.GP patches specific DLL files. What do we mean when we say patch? Patched files in this case are files to which a tiny piece of malicious code has been inserted. For the case of PWS:Win32/OnLineGames.GP, it patches a DLL file including but not limited to the following:
|My System Specs|
|Similar help and support threads for2: Internet Café, DirectX, and Online Games.|
|Internet Cafe Network||Network & Sharing|
|Directx 9.0c crashes games||Gaming|
|Internet cafe wants computers to revert to virgin at midnight||Backup and Restore|
|Windows 7 Tweaks for Internet Cafe.||General Discussion|
|DirectX is installed. Games say it's not. :|||Chillout Room|
|Internet speeds seem fine but cant play online games :S||Network & Sharing|
|Problem with Directx when trying to open games..||Gaming|
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd
All times are GMT -5. The time now is 01:20.