Aug 28 2008
Chinese hacker malware infects International Space Station?
Breaking news is that the International Space Station has been infected by the W32.Gammima.AG trojan. The trojan is also referred to as the kavo.exe virus and is designed to gather information on ten online games:
ZhengTu
Wanmi Shijie or Perfect World
Dekaron Siwan Mojie
HuangYi Online
Rexue Jianghu
ROHAN
Seal Online
Maple Story
R2 (Reign of Revolution)
Talesweaver
Not familiar with all the games but most are Chinese or Korean. Chinese hackers specialize in stealing online gaming information. Symantec also offers up this bit in its writeup:
The worm ends the Matrix Password process if it finds a dialog box with the following characteristics:
Title: MatrixPasswordDlg
Message: Warning! (In Chinese characters)
Will check more into the origin of this malware later today but all indicators suggest that it could be Chinese.
