Apr 22nd

All your WoW gold belong to us!

Posted by: Jacques Erasmus

Bookmark Now

In the last day or so we have had a massive influx of users coming to us because they are infected with a file called Chenzi.exe. After analyzing a sample in the lab here, all I can say is, this is pretty insane!

We started off with a clean machine with 56 running processes, after 10 minutes of running, we had ... 318 running processes. I tried to make a video of it, but the machine just couldn’t handle it. This file is a downloader for many things at once, one being a password stealer for various online games. We've added detections for the entire cluster of files downloaded from all the downloader’s we could get, so it would be worth a go trying to clean this up with Prevx CSI. I’d love to hear some feedback from anyone that’s had this infection. Some signs of this infection is constant popups asking you to install Chinese language packs, various Chinese websites popups, and your entire right click menu changing from English to Chinese.

The main goal of this Trojan however is based around stealing WoW accounts, let us know if you have any more info, or have been affected by this threat as it seems rather prevalent at the moment.

In the meantime I'll try and get some video footage up of this infection.

image

2 comments so far

  1. Mark on 24/04/2008 15:22:26

    2. Strange. I have noticed a few more than usual complaints in-game about hacked accounts lately. I'll be sure to let people know.

  2. Jacques Erasmus on 15/05/2008 04:58:05

    3. Yeah, indeed this seems to be a massive problem. Where there is money to be made, people will find ways to make it...

Leave a reply






« Prevx Blog Home

Monthly Archives

Yearly Archives

Stay Updated

Blog Roll