All your WoW gold belong to us!
Posted by: Jacques Erasmus
In the last day or so we have had a massive influx of users coming to us because they are infected with a file called Chenzi.exe. After analyzing a sample in the lab here, all I can say is, this is pretty insane!
We started off with a clean machine with 56 running processes, after 10 minutes of running, we had ... 318 running processes. I tried to make a video of it, but the machine just couldn’t handle it. This file is a downloader for many things at once, one being a password stealer for various online games. We've added detections for the entire cluster of files downloaded from all the downloader’s we could get, so it would be worth a go trying to clean this up with Prevx CSI. I’d love to hear some feedback from anyone that’s had this infection. Some signs of this infection is constant popups asking you to install Chinese language packs, various Chinese websites popups, and your entire right click menu changing from English to Chinese.
The main goal of this Trojan however is based around stealing WoW accounts, let us know if you have any more info, or have been affected by this threat as it seems rather prevalent at the moment.
In the meantime I'll try and get some video footage up of this infection.
3 comments so far
- sarah weston on 02/01/2009 19:17:05
me and my partner had our wow accounts hacked into last weekend they stole everything change all our passwords ......it is terrible quite scarey to be honest hacking into ur account we had to change email addreses etc even details on things where we have our bank details terrible ....hope we can catch the a**holes........
really not good
Strange. I have noticed a few more than usual complaints in-game about hacked accounts lately. I'll be sure to let people know.