Left 4 Dead Steam Keyloggers

| | Comments (0)
It's been brought to my attention that over the last couple of days, people have been posting malicious links to entice gamers into running keyloggers - all of which seem to revolve around one particular game. These keyloggers will hijack your Steam account, which as you might have guessed, isn't a good thing to have happen.

One such poster (now banned from the official Steam forums) has been promoting lots of links to videogame modding tools, all focused around the game Left 4 Dead. As an example:

lfd0.jpg
Click to Enlarge

As you can see, "Xpro132" claims the mod does all sorts of cool things, but anyone downloading this file is in for a surprise. As one person put it,

"I downloaded the rar file,extracted the downloader exe,clicked exe and BOOM nothing... did I do something wrong?"

Unfortunately, you did :(

The file claims to be a "Web Downloader" for Left 4 Dead, giving you access to interesting features that the regular game doesn't have. The person responsible for the file has uploaded it to numerous free file hosting services:

hllfd4.gif

....which makes the "Downloaded: 3 times" message far too reassuring. From the looks of it, quite a few more people than that have been affected by this so far. This is what it looks like on the desktop:

hllfd5.gif

...and this is what ends up in your System32 Folder should you run the file:

hllfd6.gif

The second Win32 EXE is particularly difficult to shut down. From this point onwards, your Steam login (and potentially other logins) are vulnerable.

Interestingly, this same person is linking to many other files, some of which are hosted on reputable game modding websites. Here's another one:

hllfd1.gif
Click to Enlarge

This is yet another Left 4 Dead related program - this one is a "especial edition" (as the creator calls it) that allows you to play custom .WAV files ingame.

hllfd3.gif
Click to Enlarge

There are people complaining about it here, and the file itself is flagged by two security products on Virustotal.

Seeing as the other files this person has uploaded don't seem to be very good for your PCs health, it's advisable to give the Half-Life Sound L4d Especial Edition a wide berth too. We'll try and collect as many files related to this in the meantime, but for now, steer clear of anything posted to forums and game mod websites by the person above.

We detect the files as (amazingly enough) L4D Logger and L4D Keylogger.

Additional Research:

Chris Mannon, Senior Threat Researcher
Peter Jayaraj, Senior Threat Researcher

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on February 6, 2009 10:11 PM.

Hi, I'm Jeff. Unfortunately, I'm Also Kevin was the previous entry in this blog.

Fake Infection Warnings Interview is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.