Turkey and the US Targeted by Password Stealing Trojan

Fortinet, a company specialized in providing UTM security systems, has recently published a report regarding the threats it detected in June. According to this report, attackers are once again targeting the online gaming industry, after a short downfall in May and April. The password stealing malware is spreading from China and Taiwan, the most afflicted regions, to Turkey and even the US.


Derek Manky, security researcher with Fortinet explained, "While the main activity remains in China and Taiwan, activity has risen in Turkey". The better part of online gaming Trojans affect Asia, 36.5% in China and 31.1% in Taiwan. The US have a relative small amount of just 7.4%, but Trojan activity in Turkey has risen to 15.4%.

The most active malicious software detected by Fortinet is called W32/OnlineGames!tr. It is aimed at the online gaming industry and online gamers and functions with the goal of obtaining user account data related to games such as World of Warcraft. The Trojan has been around for quite some time now (since April 2007), but it is still going strong; 7.5% of all Trojan attacks have been generated by W32/OnlineGames!tr. If successful, it will send the private log-in information it picks up to a remote server. The gamer can find himself unable to access his World of Warcraft account or will find his character stripped of all valuables.

Popular Asian games YouXiChaYuan and Perfect World are also targeted.

Not only has Fortinet issued this warning to the entire online gaming community but, at the same time, it has come up with ways to protect its customers. The security software company does not go into specifications about how the Trojan works, as Manky had only this to say: "With the online gaming market thriving with consumers, malicious activity will very likely continue for some time in this emerging sector as it forms a viable target".