Kisswow: the OnlineGames gang presented at Virus Bulletin 2010

by Josh Murray (iSight Partners),

Tags: Security


Summary : "
In February 2007, a Chinese hacking group made headlines by compromising the Dolphin Stadium homepage and inserting
malicious code to infect visitors. The website was the home of the upcoming Super Bowl and the group made similar
compromises of numerous other high-profile websites during the same timeframe, at one point employing a zero-day ANI
exploit as part of the campaign. The attacks were as high-profile as they get and were surprisingly centered on
monetizing stolen credentials for online games such as World of Warcraft (WoW). During the winter of 2007/2008, several
more mass website compromises were reported with similar characteristics. These website compromises were from SQL
injection-based attacks. Careful analysis of these attacks over time began to reveal a discrete entity behind them.
This group has continued to operate to this day with a (sometimes) high-profile and ever evolving series of attacks. While
the group's activity has frequently attracted media attention and at times composed some of the most prolific drive-by
exploitation, little has been said about the group itself. This paper is intended to establish the profile of a unified
group and document its methods. "