Security vendor hacked in attack on gamers
A SQL injection hack this week has affected 20,000 Web sites, according to tracking reports by McAfee. Among those hit with the malicious code is international security firm Trend Micro.
Japanese newspaper Yomiuri Shimbun says the company's site was hacked at around 9:00 pm Sunday, local time and identified the malicious file as JS_DLOADER.TZE. It affected an approximated 32 Trend Micro pages, most of which were in the site's malware encyclopedia. Users who accessed any of the hacked pages would have been at risk of infection.
Last January, the French security firm FrSIRT reported multiple simultaneous risks for SQL injection vulnerabilities in Oracle databases including XML DB. Though the identity of Trend Micro's database provider has not been revealed, the similarities in the injection's profiles and the nearness of the timing of their revelation are worth noting.
In the attack, infected sites have a script injected into the code of the otherwise valid Web page, which includes a reference in either the body or title section to a malicious .JS file. This file then uses a script to write an <IFRAME> element that targets several vulnerabilities. All of the targets have been addressed and patched in the past, and include ActiveX Control vulnerabilities in: RealPlayer, Baofeng Storm, Xunlei Thunder DapPlayer, and Ourgame GLWorld GlobalLink Chat.
If the code finds a hole, it installs a password capture program which appears to be aimed at online games. Threat researcher Craig Schmugar said that the McAfee has designated the malware as: Downloader-BGX, Exploit-RealPlay, JS/Exploit-BO.gen, and VBS/PSyme.
One of the games targeted in the password collection is MMORPG Lord of the Rings Online.