Backdoor.Winnti

Winnti may refer to either Winnti malware, a nickname for a backdoor Trojan that is used in gaming company-targeted attacks, or Winnti, the group of criminals that is responsible for these attacks. Attacks linked to Winnti appear to be targeting both the source codes of gaming applications and related digital certificates. Winnti backdoor Trojans and related PC threats, like Trojan.Win32.KillWin.sp, may be protected by inaccurate digital signatures, and SpywareRemove.com malware researchers warn that Winnti Trojans are capable of granting criminals a high-level of access to, as well as control over, any infected PC. With dozens of gaming companies already compromised by Winnti attacks, the remainder of those yet unvictimized should exercise suitable PC security protocols and use anti-malware software whenever necessary to block and remove Winnti-related PC threats.

Winnti: the Professional Malware Campaign that Got to the Customers by Accident

Winnti malware like Trojan.Win32.KillWin.sp (a combination of spyware and hard drive wiper) is directed at the PCs of various gaming companies, with the distribution handled through a combination of website-based Flash exploits, as well as spyware-based attacks that compromise the login data of any easily-accessible computers. As a serious PC security footnote, SpywareRemove.com malware experts stress that the Winnti team – while energetic and willing to compromise large numbers of computers from a wide range of targets – also appear to be deterred by sufficiently robust security features that prevent their backdoor attacks from accessing related PCs easily.

In spite of preferring professional industry targets, the Winnti malware achieved especially widespread interest after Winnti accidentally attacked and infected the PCs of a gaming company's customer base (through a compromised update package). These customers were subjected to the Winnti attacks that are similar to those that target gaming company-owned computers:

• Backdoor vulnerabilities that enable the Winnti team to control a computer directly, issuing commands, changing settings and opening/terminating programs at will.
• The theft of your personal information, such as Windows login data, gaming application source codes and data related to digital certificates.

Countries around the world have been subjected to Winnti's attacks. SpywareRemove.com malware research team specifically notes the presence of South Korea, the United States, Germany and Brazil in Winnti's list of targets – all of which are populous countries with a significant presence in the online gaming industry.

Stopping Your Computer from Being the Next Link in the Chain of Winnti Infections

For both Windows 32-bit and 64-bit systems, backdoor Trojans associated with Winnti have a high usage rate of 'legitimate' digital signatures – which, in most cases, are revoked as soon as their exploitation has been identified. While such defenses may fool some PC users and very basic security software, appropriate anti-malware scanners still shouldn't have any problems in detecting Winnti-based PC threats.

Of course, deleting Winnti malware of any type always should use suitable anti-malware tools. If you're using a PC with a non-standard file system (such as a Mac), you may even be more interested than a normal Windows PC users in blocking possible Winnti infection vectors: SpywareRemove.com malware experts have confirmed that some PC threats linked to Winnti actually will wipe out any hard drive data based on non-Windows file structures. Flash vulnerabilities like Exploit.SWF.CVE-2013-0634.a usually are the initial origin of Winnti Trojans onto a network, but once a single computer on a network has been compromised, further attacks may use other means of compromised any associated systems.

Technical Details