An espionage campaign aimed at gaming companies

An espionage campaign aimed at gaming companies

The expert group published bkasberski lab report contains detailed examination, which analyzes campaign continued the electronic spy organization known as Winnti specializes in cyber crime.

According to a report from Kaspersky Lab, Winnti attacks on group companies operating in the field of online gaming since 2009 and is still active to date. The Group aims to steal electronic certificates signed by the licensed software providers in addition to intellectual property theft, including source code for projects for online games.

It was the first incident, which drew attention to the activities of a criminal Winnti, signed in the fall of 2011, when it detected a malicious Trojan horse program on a large number of computers around the world. And the common denominator between all infected computers is that they used to play a game known auction in the Internet. Shortly after the incident, there were indications that the malicious program the computers players was part of the regular update of the official company server for electronic games. The victims were from infected computers and users are members of the pool players doubted that electronic game publisher was installed malicious software to spy on its customers. But it turned out after that malicious software had been installed on computers by accident and that players cybercriminals targeted already electronic game company.

In response, the company provided the Publisher for the game and the server's owner who posted the Trojans among its clients, a request to Kaspersky Lab for analysis of malicious software. The Trojan is a dynamic link library asset for 64-bit Windows environment and used as operator program. It was a remote administration tool, gives attackers the ability to control the victim's computer without the user's knowledge. This is an important discovery because this Trojan horse program is a malicious program for 64-bit Edition Microsoft Windows has a valid digital signature.

And Kaspersky Lab experts began analyzing campaign Winnti and found more than 30 companies operating in this area was hit by the Winnti, knowing that the majority of the companies involved in the production of electronic video games located in South East Asia. However, companies involved in gaming on the Internet and in Germany, the United States, Japan, China, Russia, Brazil, Peru and Belarus entered among the victims of a Winnti.

In addition to industrial espionage, Kaspersky Lab experts detected the 3 plans for money that may be used by Winnti to get illegal gains:

Do Forex fraud in electronic games like rune or gold used by players to transfer sums of money will default to true.

Use source code stolen from gaming servers to look for gaps within the games to promote and speed up the process of forging coin game and assembled without provoking suspicion.

Use source code stolen from well-known gaming servers in order to publish on pirated validated their servers.

Currently still active, Winnti and planning continue to Kaspersky Lab. And perseveres Kaspersky Lab experts in working with complex it security, electronic games and production sector authorities which issue certificates to detect additional infected servers while helping pull in digital certificates.

It should be noted that Kaspersky Lab products to detect and neutralize malware and copy used in the campaign Winnti, b Backdoor.Win32.Winnti, Backdoor.Win64.Winnti, Rootkit.Win32.Winnti and Rootkit.Win64.Winnti.