MSN Korea hack targeted online gamers

By Joris Evers, CNET News.com
Monday, June 06, 2005 09:37 AM

Details emerged Friday about an attempt to steal information from users of Microsoft's MSN Korea Web site.

Malicious code planted on the site, and originally discovered Sunday, tried to steal user login data for Lineage, a popular online game in Asia, security experts said.

The attackers attempted to steal the confidential information by adding an invisible frame, a so-called iframe, to the front page of the news section of MSN Korea, according to security company Websense. Anyone who visited the site with a vulnerable Web browser would be infected without any notice, Websense said.

Websense discovered on Sunday that the MSN Korea site had been hacked and contacted Microsoft, said Dan Hubbard, a senior director at the San Diego, Calif., company. Earlier this week, Microsoft said it fixed the site Tuesday and called in law enforcement to investigate the attack.

Though the site was hacked for at least several days, Microsoft said Thursday that it has no evidence users actually fell victim to the attack. Websense advises anyone who recently visited the MSN Korea news site to scan his or her computer for infections.

The code installed on the MSN site attempted to exploit multiple software vulnerabilities to install a Trojan horse, Websense said. The Trojan is detected by some antivirus products as Trojan-PSW.Win32.Lineage.ez and PWS-Lineage.dll, Websense said in an advisory.

The Trojan is designed to steal keystrokes from users of Lineage, Websense said. Lineage is an online medieval role-playing game popular in South Korea that boasts more than 4 million users.

Broadband and mobile Internet usage is popular in South Korea. The market is important to Microsoft's MSN group, which has trialed new services in the country.

Microsoft is confident that its other MSN Web sites are not vulnerable to the same type of attack. The Korean site, unlike the one in the U.S. and most other international MSN sites, was not hosted by Microsoft but by a partner. That partner likely did not completely secure the servers, Microsoft has said.


See also:  Hacking, Gamer
WORTHWHILE?

0

0 votes
Blog

Talkback 0 comments

There are currently no comments for this post.


Tech Jobs Now!

Search for your ideal tech job:

News from Countries/Region

Common ways IT wastes money on development

Web Development

Examples include using developers as support staff and failing to calculate a project's ROI before giving it the go-ahead.


Read more »



  • Enterprise 2.0

    Vince Casarez, vice president of product management at Oracle, explains how Web 2.0 technologies, such as tags, wikis, and mash-ups, can be applied within an organization.
    Play video


  • Nehalem Architecture

    What makes next-generation Intel® Microarchitecture (Nehalem) such a superior successor?
    Play video

 
Free the untapped potential of your IT infrastructure
Reduce bottlenecks to drive the efficiency and productivity of Business IT.
» Ultimate virtualization blade
» Scalable SAN solution
» Accelerate service delivery
On demand CRM goes strategic
CRM technology has come of age, and is now able to align with your customer strategy and grow in step with your business.

» Learn more about Oracle’s CRM Solutions



Could this be the most critical budget for India?

Blog thumbnail

For business journalists in India, budget time is excitement time. It's like sports journos covering the Olympics. As a newspaper correspondent, I too had my fill of budget-time excitement. But..... by Swati Prasad

Read more »

Tags

  1. attack
  2. bank
  3. blog
  4. data security
  5. e - mail
  6. hacking
  7. internet
  8. malware
  9. microsoft corp.
  10. network
  11. network security
  12. pc security
  13. researcher
  14. security
  15. security management
  16. software
  17. spam and phishing
  18. u.s.
  19. viruses and worms
  20. web