Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: InfoSec Handlers Diary Blog - Fake Game Demo website InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Fake Game Demo website

Published: 2011-01-06
Last Updated: 2011-01-06 21:10:19 UTC
by donald smith (Version: 1)
2 comment(s)

Lee informed us today that claims to have a video trailer for the new Dota 2 game but instead installs a keylogger to steal credentials from gamers.

The website warns that you need java script enabled so it may have some java exploits.

VirusTotal's url check didn't show any known maliciousness associated with that url.
Firefox Clean site
G-Data Clean site
Google Safebrowsing Clean site
Opera Clean site
ParetoLogic Clean site
Phishtank Clean site

 Looking at the code on the site it does try to use java to download "hxxp://"
CamPlug.exe isn't recognized as malicious by any antivirus vendor at VirusTotal however it is detected as packed/encrypted by two of the vendors as Gen.Variant.MSILKrypt!IK which by itself doesn't make this malware however that has been used in other keyloggers and trojans so I believe it is malicious.

2 comment(s)
Diary Archives