Giant Realm is an online ad network and portal of popular gaming websites such as:

diii.net, incgamers.com, vgchartz.com, mangahelpers.com, and shacknews.com.

Beginning in late December, visitors to those portal gaming sites have been plagued by malicious ads originating from *.v8dc.com.

On July 6th, malware ads originating from ads.v8dc.com began employing the Microsoft zero day vulnerability CVE-2008-0015.

Successful exploit leads to the installation of a password stealing trojan.

A typical request sequence:

starcraft.incgamers.com/blog/comments/starcraft-2-release-date-officially-sl
ated-late-2009/?
ads.v8dc.com/ad/incgamers/adinx.htm?
ads.v8dc.com/ad/incgamers/ajax.htm?
ads.v8dc.com/ad/incgamers/ajax.js?
ads.v8dc.com/ad/incgamers/logo.gif? (CVE-2008-0015)

Additional (non-zero-day) exploits include:

ads.v8dc.com/ad/incgamers/wm.html?
ads.v8dc.com/ad/incgamers/ad01.htm?

Malware binary:

http://ads.v8dc.com/win/win.exe

The malicious binary drops two files to the Windows system folder (usually
C:\Windows\System32):

scvhost.exe 56,832 bytes B6EBDB9C3E24EF845AF65A8EA5D09540
wowhlp.dll 213,062 bytes 01E15B2969CB86C2CA6F19B2B60D67F7

(Note the spelling of scvhost.exe)

The scvhost.exe is loaded as a process and the registry is modified to reload a copy each time Windows is started:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
load = "%system%\scvhost.exe"

The malware attempts to steal usernames and passwords associated with popular games such as World of Warcraft and Diablo.