Online gamers targeted in malware attack, exploiting old Microsoft vulnerability

China joystickSecurity researchers at ZScaler have uncovered a malware attack, seemingly targeted against the computers of Chinese game players.

Interestingly, the attack doesn’t exploit a newly discovered vulnerability – but instead takes advantage of a security hole that was patched by Microsoft almost eighteen months ago.

According to ZScaler’s investigation, a gaming website in China is serving up malware, exploiting the CVE-2012-1889 flaw in Microsoft XML Core Services, patched by Microsoft back in the middle of 2012.

Chinese site

Visiting the website on an unpatched Windows system using Internet Explorer, triggers the highly obfuscated JavaScript code, and the exploit causes the browser to crash as malware is installed onto the visiting computer.

Internet Explorer crash, malware is installed

The hackers behind the attack don’t attempt to run the malicious exploit code on other browsers, instead installing the contents of a malicious RAR file onto visiting computers.

RAR file installed by malware

However your computer becomes affected – the intent is the same: to infect the visiting computer with malware, which could potentially be spyware or a backdoor Trojan horse, or designed to recruit the PC into a botnet.

Of course, it’s possible that if the vulnerability is being used on posioned Chinese gaming websites, it could also be being exploited elsewhere on the net. So, make sure that all of your computers are properly patched with the latest security updates.

ZScaler’s research team underlines this point:

It should be noted that malware authors do not always leverage zero-days, in fact most technical attacks utilize known vulnerabilities as attackers know that a large percentage of PC users have not applied the latest patches.

The fact of the matter is that anybody who surfs the net in this day and age on a poorly-patched computer, is not only putting their own data and security at risk – they’re also being an irresponsible member of the internet community, exposing the rest of us to the consequences of their possible infection.

For more technical details of the attack, read the detailed analysis on the ZScaler Research blog.

Tags: , , , , , ,


, , , , , ,

No comments yet.

Leave a Reply

XSLT by CarLake