1 min read

Gaming meets a revived opponent: Trojan.PWS.Onlinegames.KDCI

Loredana BOTEZATU

January 12, 2010

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Gaming meets a revived opponent: Trojan.PWS.Onlinegames.KDCI

Once on the
computer, Trojan.PWS.Onlinegames.KDCI
follows a smart and precise routine. Firstly, it makes sure that it is not affected
by a system restart by creating autorun.inf files that automatically launch
copies of itself.

Secondly, this
piece of malware chooses as locations the root of the local drives and the
temporary folder of the current user to create copies of itself. In the latter
location, it drops a .dll file able to intercept passwords related to
Maplestory, The Lord of the Rings Online, Knight Online, Dekaron and other
online games. At the system start-up, the copy is registered by a new entry
under HKCUSoftWareMicrosoftWindowsCurrentVersionRun and the original
Trojandestroys itself, leaving behind no trace of its existence.

Thirdly, the .dll
file injects itself into the memory space of the explorer.exe process where it is
being executed from, stealing passwords and creating an autorun.inf file in the
root folder of all local partitions, every two minutes in order to replicate
itself.

Please remember that online gaming
is not one of the safest medium on Internet and a security solution regularly
updated equipped with antimalware, anti-phishing and anti-spam modules might
come in handy.

Information in this article is
available courtesy of BitDefender virus
researcher Marius Vanta.

tags


Author


Loredana BOTEZATU

A blend of product manager and journalist with a pinch of e-threat analysis, Loredana writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair.

View all posts

You might also like

Bookmarks


loader