Online gamers targeted in malware attack, exploiting old Microsoft vulnerability

China joystickSecurity researchers at ZScaler have uncovered a malware attack, seemingly targeted against the computers of Chinese game players.

Interestingly, the attack doesn’t exploit a newly discovered vulnerability – but instead takes advantage of a security hole that was patched by Microsoft almost eighteen months ago.

According to ZScaler’s investigation, a gaming website in China is serving up malware, exploiting the CVE-2012-1889 flaw in Microsoft XML Core Services, patched by Microsoft back in the middle of 2012.

Chinese site

Sign up to our free newsletter.
Security news, advice, and tips.

Visiting the website on an unpatched Windows system using Internet Explorer, triggers the highly obfuscated JavaScript code, and the exploit causes the browser to crash as malware is installed onto the visiting computer.

Internet Explorer crash, malware is installed

The hackers behind the attack don’t attempt to run the malicious exploit code on other browsers, instead installing the contents of a malicious RAR file onto visiting computers.

RAR file installed by malware

However your computer becomes affected – the intent is the same: to infect the visiting computer with malware, which could potentially be spyware or a backdoor Trojan horse, or designed to recruit the PC into a botnet.

Of course, it’s possible that if the vulnerability is being used on posioned Chinese gaming websites, it could also be being exploited elsewhere on the net. So, make sure that all of your computers are properly patched with the latest security updates.

ZScaler’s research team underlines this point:

It should be noted that malware authors do not always leverage zero-days, in fact most technical attacks utilize known vulnerabilities as attackers know that a large percentage of PC users have not applied the latest patches.

The fact of the matter is that anybody who surfs the net in this day and age on a poorly-patched computer, is not only putting their own data and security at risk – they’re also being an irresponsible member of the internet community, exposing the rest of us to the consequences of their possible infection.

For more technical details of the attack, read the detailed analysis on the ZScaler Research blog.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.