Online gamers targeted in malware attack, exploiting old Microsoft vulnerability

China joystickSecurity researchers at ZScaler have uncovered a malware attack, seemingly targeted against the computers of Chinese game players.

Interestingly, the attack doesn't exploit a newly discovered vulnerability - but instead takes advantage of a security hole that was patched by Microsoft almost eighteen months ago.

According to ZScaler's investigation, a gaming website in China is serving up malware, exploiting the CVE-2012-1889 flaw in Microsoft XML Core Services, patched by Microsoft back in the middle of 2012.

Chinese site

Visiting the website on an unpatched Windows system using Internet Explorer, triggers the highly obfuscated JavaScript code, and the exploit causes the browser to crash as malware is installed onto the visiting computer.

Internet Explorer crash, malware is installed

The hackers behind the attack don't attempt to run the malicious exploit code on other browsers, instead installing the contents of a malicious RAR file onto visiting computers.

RAR file installed by malware

However your computer becomes affected - the intent is the same: to infect the visiting computer with malware, which could potentially be spyware or a backdoor Trojan horse, or designed to recruit the PC into a botnet.

Of course, it's possible that if the vulnerability is being used on posioned Chinese gaming websites, it could also be being exploited elsewhere on the net. So, make sure that all of your computers are properly patched with the latest security updates.

ZScaler's research team underlines this point:

It should be noted that malware authors do not always leverage zero-days, in fact most technical attacks utilize known vulnerabilities as attackers know that a large percentage of PC users have not applied the latest patches.

The fact of the matter is that anybody who surfs the net in this day and age on a poorly-patched computer, is not only putting their own data and security at risk - they're also being an irresponsible member of the internet community, exposing the rest of us to the consequences of their possible infection.

For more technical details of the attack, read the detailed analysis on the ZScaler Research blog.

Tags: , , , , , ,

Subscribe to the free GCHQ newsletter

, , , , , ,

Special offers & deals

  • Sticky Password Premium: Lifetime Subscription

    Sticky Password Premium: Lifetime Subscription

    Sticky Password protects your online identity by providing strong encrypted passwords for all your accounts, managed by a single master password known by you, and only you. Available for Mac, Windows, iOS, and Android. For a limited time, it's 80% off in our store.
  • IT Security & White Hat Hacking: CompTIA & Cisco Certifications

    IT Security & White Hat Hacking: CompTIA & Cisco Certifications

    Whether you're a beginner or mid-level professional, you'll want to take this comprehensive online course, to help you attain two industry-recognised certifications. You'll master mobile hacking, VPN technologies, penetration testing, and much more--giving you the knowledge you need to succeed in any IT workplace.

More deals...

Leave a reply

Be the first to comment!

Notify of