Many of these have been around for a while and spread through interesting means. I believe these often come by way thumb drives (auto-run stuff) and are frequently found in Asia. The last time I checked on one of these they targeted credentials for specific games that I had never heard of, however, these could be updated for all I know. These URLs are what the trojan pulls for updates.
hxxp://www.om7890.com/fm4/help.exe
hxxp://www.om7890.com/fm4/help.rar
hxxp://www.hg7890.com/hg2/ll.exe
hxxp://www.hg7890.com/hg2/ll.rar
hxxp://www.gamesrb.com/rbv/uu.exe
hxxp://www.gamesrb.com/rbv/uu.rar
hxxp://www.microsoftmg.com/gut/mgg.exe
hxxp://www.microsoftmg.com/mfx/vap.exe
Domains/IPs:
om7890.com [60.169.1.92]
hg7890.com [60.169.2.226]
gamesrb.com [60.169.2.226]
microsoftmg.com [60.169.2.240]
Topic: Chinese Gaming Trojans (Read 3294 times)
