Among those files, variants of “lpk.dll” are quite prevalent. This file name is masqueraded as a Korean famous anti-virus installation file. Therefore, users who try to install "v3 anti-virus" need special attention about prevalent malicious file.
2. Spreading path and symptoms of infection
This malicious file can have various spreading path. One of prevalent method is tampering website in which have a link for download with using vulnerability. Of course it can be spread via attached form in e-mail, instant messenger, shorten URL, and so on.
The most common and prevalent file for stealing online game account information is malicious file used “lpk.dll”.
To seduce user into spreading and being infected from malicious file, developers usually tries any methods that user can be succumbed to temptation.
This found malicious file changed its name as a Korean famous anti-virus’ file name to allure common user.
It just changed its name as a Korean famous anti-virus file though; file name, icon and file preference can also be disguised. User needs to careful while downloading via web site.
As soon as executing this malicious file, PC can be infected for leaking online game account. And the file name will be same as normal file “lpk.dll”.
You can find that lpk32.dll file has been created. And this file has been changed its file name.
If infected from this malicious file, it will change the name of normal lpk.dll file to lpk32.dll and replace the file name malicious file to lpk32.dll. Following figure will help you to understand.
<Normal lpk.dll file> <Malicious lpk.dll file>
3. How to prevent
In case of malicious file related “lpk.dll”, it can make its clone masqueraded as an Usp10.dll and spread to various folders. To find and remove whole folders including cloned file is difficult against its spreading speed.
As we described above, for malicious file developer, it’s a big trend using social engineering to easily distribute malicious files in these days. So we need to be careful while using PC to avoid security threats.
Since malicious file developers are always trying to make more sophisticated methods than generally expected, we recommend following tips "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function runs responding system 24 hours against various security threats.