RSS Alerts
An excellent example of why cheating never pays off

Share

More services

Related Links

Related Stories

  • December VIPRE Report suggests that old phishing tactics are best
    GFI, provider of the VIPRE anti-malware product, is warning that phishing is and will increasingly be one of the internet’s most prevalent security threats. This is revealed by its internal analysis of December threat statistics.
  • GFI researcher spots Bing and Yahoo adverts serving up malware
    Despite security safeguards being installed by advertising aggregation firms over the last 12 months, it looks as though the old problem of third-party adverts serving up malware infections is back again, as a GFI Software security researcher claims that the Microsoft Bing and Yahoo search engines are now directing users to malicious content.
  • Windows XP is operating system of choice for rootkit infections
    Although it may be two steps behind in terms of Windows releases, a study by AVAST Software indicates that Windows XP is still the main vector for rootkit infections.
  • Online survey scam spreading on Twitter
    Reports are coming in that a scam is circulating on Twitter, claiming to be a simple survey, but potentially dropping a range of rogue applications on to users' PCs, as well as spreading virally to other users of the service.
  • Webroot buys Prevx
    Internet security firm Webroot has acquired Derby, UK-based anti-malware cloud provider Prevx.

Top 5 Stories

News

Game cheat keys can be dangerous: this one is a rootkit

11 January 2012

A malicious link on a YouTube account (and other websites providing embedded videos) offers game players a crack code for the PES 2012 soccer game. Instead, it delivers a rootkit.

The scam, discovered by GFI, works by playing on game players’ often relaxed attitude toward the internet, and the ready desire of many players to seek cheat codes (by their nature not easy or obvious to find) in order to enhance their gaming experience.

The YouTube account points users to MediaFire, one of the internet’s leading file hosting services. From here users can download a compressed file that guides the user through to the eventual covert installation of the ZeroAccess rootkit. A compressed file is provided containing an HTML file, a text file and the key generator application. The text file contains a shortened (and therefore disguised) URL that must be visited in order to obtain the necessary password.

Here, a short survey is displayed. “To obtain the password we need you to take just a moment to complete these steps.” It appears like a valid marketing offer: accept free coupons or a free sample and you can have what you want. Once the user has done this, a 'Show Password' button purports to deliver the key.

What it really does is install the ZeroAccess rootkit that overwrites critical OS files. According to GFI, most AV products currently detect ZeroAccess, but a Prevx analysis considers it capable of evolving into something more dangerous. Prevx says that the disk filtering engine implemented by ZeroAccess is not as advanced as other rootkits, making it relatively easy to detect and remove. “Sadly”, it adds, “this is a minor problem that could be easily improved by the ZeroAccess authors.”

Gaming enthusiasts who don’t have AV installed are already at risk.

This article is featured in:
Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012