Criminal cyber organization "WinNT" endangers Systems Company for computer games, stealing intellectual property and digital certificates for malicious use.
Tim Company Kaspersky Lab has published a detailed research report cyber espionage campaign that was carried out by cyber-criminals organization known as "WINNT".
According to the report, the company Kaspersky Lab, a group WinNT attacked the company in the online gaming industry has since 2009 year and these attacks continue. The objectives of the group are stealing digital certificates created by legitimate software vendors, as well as the theft of intellectual property, including source code projects online games.
The first incident that drew attention to the malicious activities WinNT group occurred during the fall 2011th, when the malicious Trojan detected in a large number of user computers around the world. What is common to all infected computers is that they used to play popular online games.
Shortly after the incident, the details found that malicious software that has infected the computers of users actually came as part of the regular updating game sends official server company to which it belongs. Infected users and members of the association online players suspected that contractors installed the virus in order to spy on their users. However, it was later clarified that the malicious program accidentally installed on the computers of users that are actually cyber-criminals have a target right company for computer games.
In response, vendors for computer games, which owns the servers that are transmitted virus Trojan to its customers, they asked the company Kaspersky Lab to analyze the malicious program. It turns out that this Trojans DLL library files intended for 64-bit Windows environment and the proper use original malicious drives.
It was a fully functional tool Administration Tool (RAT), which allowed attackers to control victim computers without their knowledge. The most important discovery is that this Trojan first malicious program on a 64-bit version of Microsoft Windows 7, which possesses valid digital signature (digital signature).
Company experts Kaspersky started to analyze campaign WinNT groups and concluded that more than 30 companies in the industry for online games were infected by the WinNT groups, with the majority of them were for software development companies that produce online games in Southeast Asia . However, companies that produce online games in Germany, the United States, Japan, China, Russia, Brazil, Peru and Belarus were also victims WinNT group.
In addition to industrial espionage, experts company Kaspersky Lab identified three key monetization schemes that could benefit WinNT group to achieve illegal profits:
- The accumulation of means of payment in the game manipulation, such as "runes" or "coins" that players use, and converting the accumulated virtual money into real money.
- Use of stolen source code from the server popular online games in order to found a vulnerability in the game and zoom in and accelerate the accumulation of means of payment, not causing suspicion;
- Use of stolen source code from the server of popular online games to run their pirated server
WinNT group is still active, a research company Kaspersky Lab and continues. A team of experts dedicated to the company cooperates with the IT security community, the Gaming industry and the relevant authorities in order to identify infected servers, while helping to return stolen digital certificates.
EmoticonEmoticon