Results tagged “Steam” from SpywareGuide Greynets Blog

The Valve Verification Center

By
Christopher Boyd
on June 17, 2009 7:54 PM |
Here we have yet another Steam Phish, this one involving some forum based scammery. Our phishing friend sets up a forum account on the official Steam forums, then sends random people a "scary" message like this:

stvvc09.jpg
Click to Enlarge

Assuming the victim is suitably terrified by dire warnings of account hackings, they'll promptly jump over to

valve-ipfix.tk

which is a redirection URL hiding the "real" URL at

steampowerness1.awardspace.us

...and the victim will then enter their Steam login credentials to the phisher.

Here it is in all its phishy glory:

stvvc10.jpg
Click to Enlarge

Avoid.

Tags:

Counter Strike / Steam Phish

By
Christopher Boyd
on April 20, 2009 3:41 PM |
There's a site doing the rounds that promises "two years free" for a popular Counter Strike Mod:

csmod1.jpg
Click to Enlarge

Of course, they want you to enter your Steam login details to access the game.

the link to avoid is

conterstrike15.fr.gd

Tags:

Steamy Phishing

By
Christopher Boyd
on March 28, 2009 5:10 PM |
We're seeing a wave of Steam related phish scams at the moment. Most (if not all) look something like this:

stegiveaway1.jpg
Click to Enlarge

Ah, the promise of free games. When have you ever let a phisher down?

The domains being used in this scam are:

steampoweredgifts.my3gb.com
steamscommunity.co.cc
gift-steampowered.co.cc
steam-acitvation.co.cc
steamrecommunity.co.cc
mysteamcommunity.co.cc
wtmail.free.fr/steam
games4steam.tk

If / when we come across others, we'll add them to the above list. Quite a few have gone offline already, only to come back to life so it might be a while before all of the above are completely DOA...

Tags:

Crackallsteamgames.tk - Gone Phishing!

By
Christopher Boyd
on March 26, 2009 6:50 AM |
casg1.jpg
Click to Enlarge

Not much more to add here, other than "avoid".

Tags:

Some More Steam Account Stealers

By
Christopher Boyd
on March 11, 2009 1:04 PM |
There are a couple of Steam account stealers currently in circulation. How do I know they're account stealers? Well, a couple of clues coming up - but first, the obligatory "picture of the file on the desktop", because I know you love them as much as I do.

steamhax1.jpg

Wow.

Anyway, fire the program up and you'll see this:

steamhax4.jpg

Seems great, doesn't it? Simply enter your Steam ID and Password, and you can choose to have either Counter Strike or "All Games" for free. I'm not sure why people would choose Counter Strike when they could get it with all the others via the first option, but then logic never plays into it where these kinds of programs are concerned.

Bonus points for the creator though, because they made a slightly snazzier version of the original program:

steamhax5.jpg

This one lets you pick from a wide variety of individual programs, just to give things a little more credibility.

Unfortunately that credibility is about to fly out the window. Shall we take a look inside the code?

steamhax2.jpg

Whoops. I wonder why EMail addresses are in there. Could it be your logins are sent back to base when you hit the "Get free games" button?

You bet. I wonder if this guy left his name in the code, too....

steamhax3.jpg

Marias Aas of Norway, I have a hunch you're about to become extremely popular. Looking at his Youtube profile, I'd be surprised if he wasn't already...

steamhax6.jpg

Tags:

Left 4 Dead Steam Keyloggers

By
Christopher Boyd
on February 6, 2009 10:11 PM |
It's been brought to my attention that over the last couple of days, people have been posting malicious links to entice gamers into running keyloggers - all of which seem to revolve around one particular game. These keyloggers will hijack your Steam account, which as you might have guessed, isn't a good thing to have happen.

One such poster (now banned from the official Steam forums) has been promoting lots of links to videogame modding tools, all focused around the game Left 4 Dead. As an example:

lfd0.jpg
Click to Enlarge

As you can see, "Xpro132" claims the mod does all sorts of cool things, but anyone downloading this file is in for a surprise. As one person put it,

"I downloaded the rar file,extracted the downloader exe,clicked exe and BOOM nothing... did I do something wrong?"

Unfortunately, you did :(

The file claims to be a "Web Downloader" for Left 4 Dead, giving you access to interesting features that the regular game doesn't have. The person responsible for the file has uploaded it to numerous free file hosting services:

hllfd4.gif

....which makes the "Downloaded: 3 times" message far too reassuring. From the looks of it, quite a few more people than that have been affected by this so far. This is what it looks like on the desktop:

hllfd5.gif

...and this is what ends up in your System32 Folder should you run the file:

hllfd6.gif

The second Win32 EXE is particularly difficult to shut down. From this point onwards, your Steam login (and potentially other logins) are vulnerable.

Interestingly, this same person is linking to many other files, some of which are hosted on reputable game modding websites. Here's another one:

hllfd1.gif
Click to Enlarge

This is yet another Left 4 Dead related program - this one is a "especial edition" (as the creator calls it) that allows you to play custom .WAV files ingame.

hllfd3.gif
Click to Enlarge

There are people complaining about it here, and the file itself is flagged by two security products on Virustotal.

Seeing as the other files this person has uploaded don't seem to be very good for your PCs health, it's advisable to give the Half-Life Sound L4d Especial Edition a wide berth too. We'll try and collect as many files related to this in the meantime, but for now, steer clear of anything posted to forums and game mod websites by the person above.

We detect the files as (amazingly enough) L4D Logger and L4D Keylogger.

Additional Research:

Chris Mannon, Senior Threat Researcher
Peter Jayaraj, Senior Threat Researcher

Tags: