Saturday, January 3, 2009

Microsoft security fix clobbers 2 million password stealers - NetworkWorld.com

Microsoft's June security updates were bad news for online felons who do their life stealing watchword information from
online gamers.

The company's Malicious Software Removal Tool -- a programme that detects and takes viruses and other bad programmes from Windows
machines -- removed game password-stealing software system from more than than 2 million PCs in the first hebdomad after it was updated to
observe these programmes on June 10. Don't Miss!

One watchword stealer, called , was detected on 700,000 computing machines in the first twenty-four hours after the update. That's twice as many infections as were spotted during
the full calendar month after Microsoft began detecting the ill-famed Storm Worm malware last September.

"These are pathetic Numbers of infections my friends, absolutely mind-boggling," wrote Flatness McCormack, a spokesman with
Microsoft's Malware Response Center, in a Related Content

Between June 10 and June 17, Microsoft removed Taterf from about 1.3 million machines, he said.

Microsoft's September sensings seriously hobbled the Storm Worm botnet, once considered a top Internet threat.

Password thiefs such as as Taterf are among the most common types of malicious software system on the Internet. That's because there's
big money to be made merchandising the practical currencies used in online games for real-world cash.

Once a criminal larns a gamer's username and password, he can log into the game and sell the victim's practical possessions
for practical gold coins. Those coins are then handed to another fictional character in the game who sells the gold for real-world dollars
at an online exchange such as as , said Greg Hoglund, chief executive officer of HBGary and a co-author of the book

"There's no manner to scrutinize that money transfer, so effectively they're doing money laundering," he said. "There's almost zero
hazard for the attackers."

The password-stealing programmes are often installed via Web-based onslaught codification that deeds flaws in multimedia system programmes such
as Adobe's Flash Player or Apple's QuickTime Player, Hoglund said.

The onslaughts are often technically sophisticated, exploiting previously unrevealed bugs in Windows software, said Roger Thompson,
main research military officer with AVG Technologies. "The 'World of Warcraft' watchword thiefs have got provided most of the innovation
over the last twelve months," he said via instantaneous message. 1

The IDG News Service is a Network World affiliate.

No comments: