Still Winnti Attack Game Industry Indonesia (MFJENC7F866R) | Ini Blog ku - Hacking News
Ini Blog Ku - Hacking News

Apr 16, 2013

Still Winnti Attack Game Industry Indonesia (MFJENC7F866R)

Kaspersky Lab published a report analyzing the detailed study of cyber espionage that is still running and is done by cyber criminals Winnti organization. Some affected countries Winnti is South Korea, China, Russia, Belarus, Germany, USA, Brazil, Peru, Thailand, Vietnam, Taiwan, Japan, and Indonesia.
Jesmond Chang, Corporate Communications Division Kaspersky Lab, Southeast Asia, said the company has struck Winnti in the online gaming industry since 2009 and is still active in operation to this day. The purpose of this group that has stolen digital certificate signature legitimate software vendors, as well as the stealing of intellectual property including source code (source code) of the online game projects.

The first incident that draw attention to dangerous activities Winnti group occurred in the fall of 2011 (September-December) when a malicious Trojan detected infiltrating a large number of computers around the world. Infected computers are computers that are used to play the popular game online. Then there is a bright spot that malicious programs that infect computers that are part of the regular update of the company's official game servers.

The users whose computers are infected and suspicious of the gaming community gaming companies that install malware to spy on their customers. However, it was later proven that a malicious program that infects a user's computer is unintentional. »What is a target for cyber criminals is actually a gaming company," Chang said in a release received by Tempo, Monday, April 16, 2013.

From the analysis of Kaspersky Lab, the Trojans turned DLL library is compiled for 64-bit Windows environment and using dangerous drive-written (signed) well. Trojan is a Remote Administration Tool (RAT) that works well, which makes the attacker is able to control the victim's computer without their knowledge. »This is an important finding because this Trojan is the first malicious program on Microsoft Windows 7 64-bit version that has a valid digital signature," said Chang.

In addition to industrial spying, Kaspersky Lab identified three main monetization scheme that can be used Winnti groups, namely the accumulation of currency manipulation in the game (in-game); using stolen source code from an online game server to find vulnerabilities in the last game improve and speed up the manipulation of in-game currency and collection without arousing suspicion, as well as use the stolen source code of popular games online servers to run their own servers pirated

Artikel Terkait


Post a Comment