Not A Counter Strike WallHacks
July 2, 2009 11:11 AM
“Fire in the hole!”
“The bomb has been planted”
“Taking fire, need assistance!”
“(Counter) terrorists win”
And many more…These are radio messages quotes that we frequently hear in Counter Strike Game. Some player’s needs to cheat in order to win the game, they used these typical cheats:
- Wallhacks, which allow the player to see through walls.
- Speedhacks
- No recoil
- No spread
- Aimbots
- ESP
- Barrel hack
- Anti-flash and anti-smoke
We came across a file named “Css_wallhack.exe” with a filesize of 1,111,040 bytes. Upon execution, it shows this CS Wallhack window.
User’s who use this program will be fooled by the above window. They will not notice that there’s also a malware being executed upon running this file. What really happens is this: It will drop and execute the following files:
1337CR~1.EXE -> CS Wallhack
crack.exe -> Trojan
The Trojan will get the following information:
Instant Messenger Passwords
Email Passwords
IE Browser Passwords
Mozilla Firefox Web browser Passwords
Password stored in Dial-up Entries
Google Chrome Web browser Passwords
LAN/Wireless Network Passwords/Keys
And then it stores the gathered information in the attacker’s FTP server (“diakonie.kilu.de”) with the following filename:
[ComputerName]_[Username].txt
Here’s the screenshot of the stolen passwords under the Attacker’s FTP.
We detect the file “crack.exe” as W32/CSHack.A. This file may arrive in the system as downloaded in the File Sharing Site.
Just remember to play fair, play safe, so don’t use Cheats in order to win the game. Real men don’t need Cheats, “GO GO GO!” 