Fake Game Demo website
Last Updated: 2011-01-06 21:10:19 UTC
by donald smith (Version: 1)
Lee informed us today that dota2trailer.tk claims to have a video trailer for the new Dota 2 game but instead installs a keylogger to steal credentials from gamers.
The website warns that you need java script enabled so it may have some java exploits.
VirusTotal's url check didn't show any known maliciousness associated with that url.
Firefox Clean site
G-Data Clean site
Google Safebrowsing Clean site
Opera Clean site
ParetoLogic Clean site
Phishtank Clean site
Looking at the code on the site it does try to use java to download "hxxp://NoS.fileave.com/CamPlug.exe"
CamPlug.exe isn't recognized as malicious by any antivirus vendor at VirusTotal however it is detected as packed/encrypted by two of the vendors as Gen.Variant.MSILKrypt!IK which by itself doesn't make this malware however that has been used in other keyloggers and trojans so I believe it is malicious.
* Check for Pixel Server remote admin...then download it if doesn't exist:
0x0FAB0 N O P i x e l S e r v e r 0 1 T r u e D i s a b l e d N o n e c d . . 'v i k i s c a p e . n o - i p . b i z
*** vikiscape.no-ip.biz is flagged by my corporate Proxy as infected by Malware.
* Appears to enable Remote Admin:
0x10798 [S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ R u n E n a b l e d A p p D a t a a d m i n i s t r a t i o n eR e m o t e a d m i n i s t r a t i o n b r o u g h t t o y o u b y P i x e l F r a g
* ZOMG A TUTORIAL:
0x11288 Z O M G - A - T U T O R I A L
That is all for now....
Jan 6th 2011
1 decade ago
Jan 7th 2011
1 decade ago