Halo: Reach Recon Armor Code Generators Infected with Malware

  Recon Armor
Gamers looking to get the Recon Armor in the latest iteration of the Halo franchise (Halo: Reach) should think twice about using “alternative” methods.

Gamers looking to get the Recon Armor in the latest iteration of the Halo franchise (Halo: Reach) should think twice about using “alternative” methods.

Microsoft is warning fans of the game to steer clear of some code generators which promise to deliver the rare armor, but instead infect their computers with malware.

This is not the first time that attackers use various incentives associated with popular products in order to make unsuspecting victims compromise their machines with malicious code.

In this specific case, the promise of the Recon Armor is used as an incentive to help spread malware. Normally, the armor is only available to the makers of Halo, Bungie, as well as to the gamers that have successfully unlocked all Vidmaster challenges in the past versions of the title.

New Halo: Reach gamers turn to code generators to help them get the in-game item that they did not earn. Attackers have been quick at noticing this trend and starting to exploit it, explained Marianne Mallen, from MMPC Dublin.

“We came across two samples, detected as PWS:Win32/Fignotok.A, named “Mod V3xD.exe” (Sha1: 1855974d848568968f4c97871a70fa42aff8fbc8) and “Halo Reach Flaming Recon.exe” (Sha1: 775c62aa8530eb616ff5444298d3dc4cff5c823e),” Mallen said.

“These both drop a file named “haloreachflamingrecon.exe” that promises to generate code for the Recon Armor but instead steals the user’s Xbox Live credentials by asking the user for logon details and sending it to a remote attacker via email.

“It also connects to a remote location, which is now inaccessible, from where it gets other configuration files.”

In addition, Worm:Win32/Rebhip.A is another piece of malicious code also designed to take advantage of the popularity of Halo: Reach in order to spread.

Offered as “Halo Reach Generator.exe” (Sha1: 7ab2f6cbacd967aa72360af76e666e3c6cbf56ec) the malware is a worm which harvests user data.

“This worm can spread via removable drives and can steal sensitive information as well,” Mallen added.

“So think twice before sprucing up that armor through code-generators, as this might lead to your account being gamed. Everyone hates cheaters, and fair play earns you those bragging rights too.”

1 Comment

By    4 Oct 2010, 11:38 GMT