12345

5/17/2011

[Warning] Identified malicious file stealing online game account information disguised as v3lite file name

1. Introduction

Recently, various type of malicious files generated to steal online game account information has been spreading in Korea these days.
Among those files, variants of “lpk.dll” are quite prevalent. This file name is masqueraded as a Korean famous anti-virus installation file. Therefore, users who try to install "v3 anti-virus" need special attention about prevalent malicious file.

In this case, it is hard to recognize that whether being infected from malicious file or not, therefore consecutive infection can occur.
Since malicious file for targeting online game account can damage financially, user need to be careful from this kind of malicious file.

2. Spreading path and symptoms of infection

This malicious file can have various spreading path. One of prevalent method is tampering website in which have a link for download with using vulnerability. Of course it can be spread via attached form in e-mail, instant messenger, shorten URL, and so on.

The most common and prevalent file for stealing online game account information is malicious file used “lpk.dll”.

To seduce user into spreading and being infected from malicious file, developers usually tries any methods that user can be succumbed to temptation.
This found malicious file changed its name as a Korean famous anti-virus’ file name to allure common user.


It just changed its name as a Korean famous anti-virus file though; file name, icon and file preference can also be disguised. User needs to careful while downloading via web site.

As soon as executing this malicious file, PC can be infected for leaking online game account. And the file name will be same as normal file “lpk.dll”.

* Generated file

- C:\Program Files\%TOOYUAMER%\66621.exe (33,629,048 bytes)
- (Windows system folder)\lpk.dll (47,250 bytes)
- (Windows system folder)\lpk32.dll (22,016 bytes) -> normal “lpk.dll” file


* (Windows system folder) is generally C:\WINDOWS\SYSTEM in Windows 95,98, and ME C:\WINNT\SYSTEM32 in Windows 2000 and NT, and C:\WINDOWS\SYSTEM32 in WindowsXP.

You can find that lpk32.dll file has been created. And this file has been changed its file name.

If infected from this malicious file, it will change the name of normal lpk.dll file to lpk32.dll and replace the file name malicious file to lpk32.dll. Following figure will help you to understand.



                      <Normal lpk.dll file>                                            <Malicious lpk.dll file>

3. How to prevent

In case of malicious file related “lpk.dll”, it can make its clone masqueraded as an Usp10.dll and spread to various folders. To find and remove whole folders including cloned file is difficult against its spreading speed.

As we described above, for malicious file developer, it’s a big trend using social engineering to easily distribute malicious files in these days. So we need to be careful while using PC to avoid security threats.

Since malicious file developers are always trying to make more sophisticated methods than generally expected, we recommend following tips "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function runs responding system 24 hours against various security threats.

13 comments:

  1. Are you searching for a good essay writing guide? Look here https://nerdymates.com/blog/how-to-write-term-paper! This is a resource for students!

    ReplyDelete
  2. Indeed there are custom religion writing service companies whose ultimate goal is to provide Religion Research Paper Services since they are aware most religion and theology part-time students lack enough time to complete their college religion and theology assignments.

    ReplyDelete
  3. Custom Social Science Writing Services is very popular for students in search for social science essay services and social science research paper services.

    ReplyDelete
  4. Quickbooks is the amazing accounting software for your business related transactions. This tool provides cloud service. You can save online backups of your data. You can transfer quickbooks data to a new pc without any loss of data.

    ReplyDelete
  5. Do not forget that you deserve praise, especially from yourself. It is praise that is one of the best motivators that gives strength and energy for new achievements. Be sure to reward yourself for even minor successes. For example, do not forget to compliment yourself for reading 20 pages of textbooks or learning 15 new English words in a day. Remember, too, that praise always comes with small rewards. They can be watching a movie, going to the movies, buying a new thing, and much more. You decide for yourself what is the reward for you. Try our essay paper

    ReplyDelete
  6. I completely read your blog post and found some very useful information, this is a great blog post.

    personal statement help

    ReplyDelete
  7. Rising at dawn to repeat your homework, then there is no time for term papers, then this site https://writingpro.org/ will help you, which will not only quickly and competently do the work

    ReplyDelete
  8. When I heard that we should write an essay I was terrified as I haven`t read the book and there were only a few days before the deadline. But, luckily, I found great site. I was suspicious at first, but when I texted my writer, I was sure it is legit. The assignment was done on time, grammar was perfect, the quality was on the highest level.

    ReplyDelete
  9. So far, I managed to go though only some of the posts you have here, but I find them very interesting and informative. Just want say thank you for the information you have shared. Aol Error 104

    ReplyDelete
  10. برج خنک کن دستگاهی جهت خنک نمودن آب در گردش می باشد.اساس کار تمام برج خنک کننده ها بر مبنای ایجاد سطح تماس بیشتر بین جریان آب گرم و هوای سرد و در نتیجه تبادل حرارتی بین این دو می باشد. عملکرد دستگاه برج خنک کن، کاهش دادن دمای آب بازگشتی چیلر، کوره های ذوب فلز می باشد. این عملکرد از طریق تبخیر در کاهش دمای آب انجام می شود. برج های خنک کننده از لحاظ مکانیزم انتقال حرارت به دو گروه برج های مرطوب (مدار باز) و برج های خشک(مداربسته)تقسیم می شوند. شما میتوانید برای خرید محصول یا کسب اطلاعات بیشتر به وب سایت تهویه رویال نوین ایرانیان مراجعه کنید.

    ReplyDelete