esearchers from Microsoft’s Malware Protection Center have analyzed three pieces of malware that appear to be utilized to target gamers from Korea, particularly users who play card games.
Experts believe that the malware authors are utilizing their creations to steal various pieces of information from their victims, but some of the techniques might also be utilized to cheat.
Trojan:Win32/Urelas.C, a malware developed in Delphi, takes screenshots of the victim’s gaming activity. These screenshots are sent to a remote server in various image formats, including JPEG, TIFF and BMP.
Besides making screenshots – which could be utilized by the cybercriminals to observe the gaming behavior of the victims or to cheat –, Urelas.C also collects valuable information from the infected computers.
Trojan:Win32/Gupboot.A is the second piece of malware that’s currently targeting Korean players. This one’s more sophisticated since it contains a bootkit component and code from Urelas to overwrite the master boot records (MBR).
“Part of this malware’s payload is to allow kernel-mode hooking to hide the malware process and its suspicious activities from the user, making the system run in a compromised state. Like most malware that overwrites the MBR, the main intent is to use the malware’s 16-bit loader to execute the payload,” Marianne Mallen of MMPC explains.
read more....http://news.softpedia.com/news/Three-Pieces-of-Malware-Found-to-Target-Korean-Gamers-317178.shtml?utm_source=dlvr.it&utm_medium=twitter