High profile hacking

I’ve never played the popular online game “The Legend of Mir”. According to some of my friends – who are big fans – I’m really missing out. Yet, I may soon have to take a look, see it for myself. To understand what is driving the hundred of thousand players to desperate measures, even going so far as to kill each other, in real life, for virtual property connected with the game.

All popular places and flourishing economies attract the attention of the bad guys. So it’s no surprise that online gaming sites, which sometimes receive as many as a hundred thousand visits a day, make excellent vectors to deliver malware.

During the past month, at least two high profile Korean websites, www.msn.co.kr and www.koreabaseball.or.kr have been hacked and turned into malware distribution points.

Earlier today, our Korean colleagues from Geot informed us that the trend is continuing. Worse, attacks directed at turning popular websites into malware distribution points are on the rise. A couple of websites which act as portals for the players of the online games Lineage, Hangame and Pmang have been hacked and turned into malware distribution points. The malware in question is Trojan-PSW.Win32.Turtle.a and Backdoor.Win32.GrayBird.bs. Both of them were being deployed through a set of scripts which attempted to exploit various Internet Explorer vulnerabilities – a standard approach.

For the time being, the websites have been cleaned and properly secured against future attacks, however, we are expecting more attacks directed at online gaming portals, especially in Korea but also worldwide.

If you are the administrator of a popular website, keep this in mind: the amount of attention you receive from the bad guys will be directly in proportion to the number of visitors to your site.