Not A Counter Strike WallHacks

July 2, 2009 11:11 AM

Counter Strike

“Fire in the hole!”

“The bomb has been planted”

“Taking fire, need assistance!”

“(Counter) terrorists win”

And many more…These are radio messages quotes that we frequently hear in Counter Strike Game. Some player’s needs to cheat in order to win the game, they used these typical cheats:

  • Wallhacks, which allow the player to see through walls.
  • Speedhacks
  • No recoil
  • No spread
  • Aimbots
  • ESP
  • Barrel hack
  • Anti-flash and anti-smoke

We came across a file named “Css_wallhack.exe” with a filesize of 1,111,040 bytes. Upon execution, it shows this CS Wallhack window.

WallCackCheats

User’s who use this program will be fooled by the above window. They will not notice that there’s also a malware being executed upon running this file. What really happens is this: It will drop and execute the following files:

1337CR~1.EXE -> CS Wallhack

crack.exe -> Trojan

The Trojan will get the following information:

Instant Messenger Passwords

Email Passwords

IE Browser Passwords

Mozilla Firefox Web browser Passwords

Password stored in Dial-up Entries

Google Chrome Web browser Passwords

LAN/Wireless Network Passwords/Keys

And then it stores the gathered information in the attacker’s FTP server (“diakonie.kilu.de”) with the following filename:

[ComputerName]_[Username].txt

Here’s the screenshot of the stolen passwords under the Attacker’s FTP.

accounts_stolen_snapshot

We detect the file “crack.exe” as W32/CSHack.A. This file may arrive in the system as downloaded in the File Sharing Site.

Just remember to play fair, play safe, so don’t use Cheats in order to win the game. Real men don’t need Cheats, “GO GO GO!” :)