12345

5/17/2011

[Warning] Identified malicious file stealing online game account information disguised as v3lite file name

1. Introduction

Recently, various type of malicious files generated to steal online game account information has been spreading in Korea these days.
Among those files, variants of “lpk.dll” are quite prevalent. This file name is masqueraded as a Korean famous anti-virus installation file. Therefore, users who try to install "v3 anti-virus" need special attention about prevalent malicious file.

In this case, it is hard to recognize that whether being infected from malicious file or not, therefore consecutive infection can occur.
Since malicious file for targeting online game account can damage financially, user need to be careful from this kind of malicious file.

2. Spreading path and symptoms of infection

This malicious file can have various spreading path. One of prevalent method is tampering website in which have a link for download with using vulnerability. Of course it can be spread via attached form in e-mail, instant messenger, shorten URL, and so on.

The most common and prevalent file for stealing online game account information is malicious file used “lpk.dll”.

To seduce user into spreading and being infected from malicious file, developers usually tries any methods that user can be succumbed to temptation.
This found malicious file changed its name as a Korean famous anti-virus’ file name to allure common user.


It just changed its name as a Korean famous anti-virus file though; file name, icon and file preference can also be disguised. User needs to careful while downloading via web site.

As soon as executing this malicious file, PC can be infected for leaking online game account. And the file name will be same as normal file “lpk.dll”.

* Generated file

- C:\Program Files\%TOOYUAMER%\66621.exe (33,629,048 bytes)
- (Windows system folder)\lpk.dll (47,250 bytes)
- (Windows system folder)\lpk32.dll (22,016 bytes) -> normal “lpk.dll” file


* (Windows system folder) is generally C:\WINDOWS\SYSTEM in Windows 95,98, and ME C:\WINNT\SYSTEM32 in Windows 2000 and NT, and C:\WINDOWS\SYSTEM32 in WindowsXP.

You can find that lpk32.dll file has been created. And this file has been changed its file name.

If infected from this malicious file, it will change the name of normal lpk.dll file to lpk32.dll and replace the file name malicious file to lpk32.dll. Following figure will help you to understand.



                      <Normal lpk.dll file>                                            <Malicious lpk.dll file>

3. How to prevent

In case of malicious file related “lpk.dll”, it can make its clone masqueraded as an Usp10.dll and spread to various folders. To find and remove whole folders including cloned file is difficult against its spreading speed.

As we described above, for malicious file developer, it’s a big trend using social engineering to easily distribute malicious files in these days. So we need to be careful while using PC to avoid security threats.

Since malicious file developers are always trying to make more sophisticated methods than generally expected, we recommend following tips "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function runs responding system 24 hours against various security threats.

8 comments:

  1. Are you searching for a good essay writing guide? Look here https://nerdymates.com/blog/how-to-write-term-paper! This is a resource for students!

    ReplyDelete
  2. Indeed there are custom religion writing service companies whose ultimate goal is to provide Religion Research Paper Services since they are aware most religion and theology part-time students lack enough time to complete their college religion and theology assignments.

    ReplyDelete
  3. Custom Social Science Writing Services is very popular for students in search for social science essay services and social science research paper services.

    ReplyDelete
  4. Quickbooks is the amazing accounting software for your business related transactions. This tool provides cloud service. You can save online backups of your data. You can transfer quickbooks data to a new pc without any loss of data.

    ReplyDelete
  5. Do not forget that you deserve praise, especially from yourself. It is praise that is one of the best motivators that gives strength and energy for new achievements. Be sure to reward yourself for even minor successes. For example, do not forget to compliment yourself for reading 20 pages of textbooks or learning 15 new English words in a day. Remember, too, that praise always comes with small rewards. They can be watching a movie, going to the movies, buying a new thing, and much more. You decide for yourself what is the reward for you. Try our essay paper

    ReplyDelete