2. Spreading path and symptoms of infection
On connecting that tampered famous social commerce Web site, additional malicious files will be downloaded through vulnerabilities in Flash files which can work at some versions Flash player. Downloaded malicious files 095.exe, 95.exe, 122.exe through this process can infect “Lpk.dll”, normal system file, which can hijack specific online game account or behave other malicious behavior.
* Download malicious following tampered social commerce web site
If you access this social commerce web site, downloading and execution additional malicious file through pre-injected malicious URL is possible.
In addition, the same way as above, some of malicious scripts can work on certain version like as following image.
The following image is for URL parsing needed downloading and checking browser versions on executing SWF file.
* Adobe Flash Player versions influenced Flash exploit vulnerability
- All versions need update except latest versions (10.3.181.26)
* Tampering with normal system file(lpk.dll)
Downloaded malicious files like 095.exe, 95.exe, and 122.exe changes normal system file lpk.dll to lpk32.dll then it renames malicious file to lpk.dll which can steal online game account. Therefore, in case of uninfected or infected system, lpk.dll exists in both systems. The best way to check being infected is scanning with latest Anti-Virus product.
3. How to prevent
As above, in case of spreading malicious file via famous and various social-commerce sites, the range of infected can be widened considerably and, a huge financial loss, damage can be followed.
Especially, in this case of using normal site tampering and applications vulnerability, general user may not be recognized being infected or not.
To keep safe from this kind of malicious file, the most important thing is updating and maintaining latest security patch, and we recommend user obey the safety precautions as following :.
INCA Internet (Security response center / response team) provides diagnosis/treatment function such as malicious file stated above and runs responding system against various security threats.
* Malicious application diagnosis name added nProtect Anti-virus product family