14 DAY TRIAL // Since the highly expected games Defense of the Ancients (DotA) 2 and Diablo III beta versions were released for testers, cybercriminals began posting fake game variants and cracks that carefully masquerade malicious backdoor Trojans which give them access to infected computers.
Microsoft Malware Protection Center (MMPC) researchers stumbled upon a couple of files on torrent and file-sharing sites that hide some relatively new pieces of malware.
A file called dota 2 Betakeys.txt.exe was found to carry a backdoor identified as Backdoor:MSIL/Pontoeb.J which once executed, begins to gather sensitive information from the infected device, sending it back to its master.
With the use of a WMI query, Pontoeb, discovered on December 22, 2011, retrieves data such as SerialNumber, SystemDrive, operating system and processor architecture.
However, this is not its ultimate goal. Its main purpose is to morph the infected system into a zombie by installing a backdoor which allows an attacker to control the device and execute certain commands.
The second sample is a file called diablo3-crack.exe which hides a backdoor, first discovered in February 2011, identified as Backdoor:Win32/Fynloski.A.
Fynloski gains access to all the resources and information on a computer, logging key strokes, downloading and executing arbitrary files, and even disabling security services.
Users are advised to download demo and beta versions of games only from the vendor’s site or from other trusted locations to avoid ending up with some nasty piece of malware that steals everything from email credentials to bank account details.
Cybercriminals rely on the fact that many gamers are anxious to play the latest games and often place rogue files on torrent and file-sharing websites to spread their malicious operations.
Also, a good, up-to-date, antivirus solution can protect you from Trojans, viruses and other malware that may hide behind a file that looks legitimate.