Infostealer.Onlinegame is a Trojan that aims to collect online game credentials like user name and password from an infected computer. The threat will send gathered account to a remote attacker using compromised system’s own email client. It may also download and run additional malware from a remote server.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
When Trojan is run on the computer, it will create a couple of files and place them under Windows folder. It also alters the registry and input a line of entry and subkey. Both of these items are critical to Trojan’s activity.
To execute the infection, Infostealer.Onlinegame will inject malicious codes onto Explorer.Exe Process. When Explorer starts, the Trojan separately accomplishes its tasks discreetly.
Infostealer.Onlinegame monitors the computer for presence of online games including Yahoo, MSN Games, World of Warcraft and Maple Story. When the Trojan sense that any of the program is running, it tries to steal user name and password of victim. Next, it sends the stolen data to a remote attacker using victim’s own email setup. It can also use an HTTP protocol to send the data to a specified web address also owns by the same attacker.
This Trojan also attempts to connect to a distant server download more malware.
Infostealer.Onlinegame may arrive on the computer as a batch (.BAT) file coming from a contracted web site. There are also instances that this virus is sent out as spam email messages containing malicious links pointing to web address that hosts the Trojan. Other sources of infection can be compromised web sites, file-sharing networks, Warez downloads, and malicious links from instant messaging software.