Comment has been collapsed.
More like : https://www.youtube.com/watch?v=VQH-Za6jhsI
Comment has been collapsed.
I'm really tempted...I love boobies but don't want hax..halp :c
Comment has been collapsed.
Assuming we're using google chrome. I use Opera (with WebOfTrust added), but my NOD32 antivirus blocked it before WOT even had to warn me about the reliability of the site. Apparently it automatically tried to do some kind of weird stealth download of a file pretending to be an old screensaver file (.scr) when it was blocked. I didn't even get any prompts when it was intercepted, so I'm not entirely sure how it would react across different browsers.
Comment has been collapsed.
I really don't have any idea. The browser I opened it in was Opera (not the newest version), but it was my antivirus (Eset Nod32) that halted it. The page itself was just blank.
I'm pretty sure most browsers would have the same problem, given my version of Opera never automatically downloads things without a prompt unless it's part of a website itself. If you have adequate security it shouldn't be too much of a big problem, but I suppose it's down to what you use. Sorry I can't be much help.
Just be on the look out for the message : "WTF????? [linkhere].jpg"
Comment has been collapsed.
Wow, okay, my previous comment was deleted.
Basically, do not open file. Simple.
Unfortunately, Chrome opened it automatically (although I'm not really sure, as my antivirus has revealed nothing) but I haven't seen any problems yet.
Comment has been collapsed.
Yeah, I was just replying to it.
Basically you don't even need to see or open the file. My antivirus halted me from entering the site and blocked it's attempt at auto-downloading before I even got a prompt. That might suggest that it sneaks in without any input needed from you. In my case, it was an .SCR file, which screensavers are packaged into. Or at least, they were, back when I used to download that kind of thing.
If you have opened that link, just because you haven't seen anything doesn't mean you haven't been 'had'. Message your friends and ask them to confirm if you sent them a weird link, and then either way, scan your computer and change your password. Don't risk your account's safety. Also : tell the person who sent you the message too, they might not even be aware they've been infected.
Comment has been collapsed.
I have already changed my account and I have an antivirus going right now. See, I'm feeling a bit safe because someone else made a thread a while ago about this and opened it up in a decryption program and it's coded to do an auto-trade to an account once opened. I never actually opened anything but I may or may not be just naive. I'm checking my files now but, hah, thanks anyways.
Comment has been collapsed.
Anyways, yeah, the program supposedly just raids your steam inventory anyways so... I don't have much to steal. Probably 15 cents worth. Joke's on the hacker.
Comment has been collapsed.
You're right, let me just remove them all so my previous comment stays valid. It's not like I even talk to them anyway, they'll never know I disappeared.
Comment has been collapsed.
This has been commented on this forum and everywhere on the net for a month. At this point you should have been warned.
Search on the forum the words virus phishing or scam.
If the photo link you posted is a link the bot provided you should remove it from here.
Comment has been collapsed.
Well, not everybody spends a great deal of time on forums or random videogaming news sites. I checked the top two pages of threads and didn't find anything on it, so I figured I'd post something given it was currently doing a number on people I knew.
If it's still an active thing in circulation that people aren't 100% informed on then there is still good cause to have the information bumped. Nobody in my friends list seemed to have been aware of this particular shade of malware, so it served it's purpose, thanks <3
Comment has been collapsed.
I'm new to the site and don't read forums. I also don't click on random links sent to me but didn't know about this one specifically.
So thanks for the info, OP. Amazing that people get criticized for trying to be helpful. If you already knew about it or don't care, just move along?
Comment has been collapsed.
Don't be so rude, I didn't say him to not write. Perhaps he could stack his experience/info to the other threads, with the bump you may also read it, and seen the other messages and more info about how it propagates and what it does. You can find it if you're interested.
If I'm not wrong steamgifts group was one of the hundreds groups doing an anouncement about this problem.
Comment has been collapsed.
No, but there is no search feature for the forums here, and I already looked several pages down through the list, so there was nothing immediately apparent for bumping.
Surely you can appreciate that certain degrees of "This is old, no need to post it again" is in fact a mentality that implies "Shut up, I have personally heard about this so it wasn't needed". Without a search function, lifting the old threads can be hard/tedious after all. The words "Phishing" and "Scam" imply a different kind of malware that are more likely to be skipped over by the average reader, as it is a stock subject much like the "Why isn't my CV over $30?".
Comment has been collapsed.
Top right corner (in the nav bar), grayed inside a thread, but still visible. On the forum it's white and allows to search anything. With virus you still find results regarding this. It also works to find giveaways. And no, it's not a new feature, it's here before me being a user.
Alternatively you can use the url: http://www.steamgifts.com/forum/search/THINGTOSEARCH
That's your personal interpretation.
Comment has been collapsed.
Huh. Never figured that bar was actually sensitive to the page you were in. Thanks.
And it's not really just my singular personal interpretation. You took a moment to point out that we "should have been warned" and how apparently widespread the warnings were. I don't see how that can really suggest anything other than how obsolete you mistakenly thought the thread was.
Comment has been collapsed.
Unluckily it's not obsolete, today one of the persons on my friends list sent me one of those random messages with a link to "an image". I get one each week and one random bot add or message to attempt to scam or phish every two days.
I think it's time that valve does something to eradicate or minimize all that crap.
We are bumping this so more people read it :)
Comment has been collapsed.
Or alternatively they may have missed them, because even people who regularly read forums aren't likely to spend the entire day scanning them for new subjects. It's quite easy for any given thread to sink off to the third page without replies, after all.
Given people are responding saying they didn't know, as I said, the thread is serving it's purpose.
Comment has been collapsed.
For some time now, a lot of fag scammers been trying to add me and post comments on my profile. Trade "knifes", click this pic and see if you're interested and so on.
Lost count on how many profiles I blocked and reported for phishing.
Comment has been collapsed.
lol! They still don't know, that not all people are english :D Most of my friends (who I talk with, and not just there because of a previous trade) are hungarian, so it would be obvious, if one of them send me a phishing link. Once a guy added me, because a "friend of mine" asked him to do on Facebook. Problem is, that I only have hungarian friends on Facebook, so gg wp, they should learn :D
Comment has been collapsed.
it tries to stealth-download something into your computer
If you set your browser to not promptwithout giving the user any prompts on where to download to
See aboveand immediately infects you
Only if you run it...
So, if you specifically choose to download this file (Which ends in a .scr extension), then manually choose to run it - You will get infected.
Hardly anything new...
Comment has been collapsed.
Right. Right. Because all malware require you to actively, manually download and run something. It's not like there have been 'quiet' invasions of computers since way back in the days of hclean32.
For example, my browser never automatically downloads anything unless it is part of the website itself. This is a common tactic for malware, having it's harmful items masked as part of the site itself. I mean, those little advertisements you see along the sides of some sites have served as a vector for infection before, even on high-profile, legitimate sites that simply had adbars. Not every form of infection comes in a handy little email called "FREE IPOD" with a file called "NOT A VIRUS.xls" that you have to run before it does anything bad. :P
Granted, I can't say a great deal about this individual thing because the site itself was halted from even opening (and I wouldn't have opted to save and run a totally unrelated, unidentified file when linked to a jpg), but your idea of how infections spread is a little outdated.
Comment has been collapsed.
Yeah, one of the reasons it actually hit my friend when he clicked the link was because he had disabled his AV for an hour to try increase his download speeds or something. Perhaps this isn't quite the dangerous malware I'm making it out to be, but when a friend gets hit when they aren't technologically illiterate, it makes me flinch, y'know?
Comment has been collapsed.
You know, the topic title could have been better worded. You gave the impression that it was some issue on Steam's end. Steam isn't sending those messages, scammers are doing it.
And IMs being used for sending viruses is not exactly anything new. Always be wary of a picture link being sent out of the blue with zero context. A friend would typically tell you something about any links they are sending to you before doing so. If it's someone you know well, message them back asking about it before clicking. If you haven't talked to them before in a message, don't click and block.
Comment has been collapsed.
Fine, changed it.
Although what a friend would typically do is entirely down to what kinds of company you keep. It's not too unusual to receive an image link with little context from some of my friends, as saying too much often gives the humour away.
Comment has been collapsed.
And yet you're forgetting that people only tend to look up things like Spybot S+D or Malwarebytes in response to having encountered something malicious. Even if you have a strong sense of safety precaution on the internet, you're still eventually going to walk face-first into a first encounter of your own. Saying "it's their own fault" for having thought an antivirus/firewall would be enough is pretty blinkered thinking really.
And since when is an image link from a friend considered "shady"?
Maybe you don't realise, but a lot of online friends share links with each other FAR more suspect than a direct link to a hosted image, dude. Normally, an image file isn't the first suspect when it comes to malware. We're not talking .EXE, .JS or .XLS here, man. In the case of this one, you don't even get to know it's an .SCR file unless your antivirus detects and stops it, giving you a pop-up for action (or info on what it did to the file).
If you actually read what was said, nobody is opening random .SCR files.
Comment has been collapsed.
Any link that suddenly comes from someone in an instant messenger or E-mail should bring up alarm bells. It is a many years old thing. My mom knew, and she basically just reads the newspapers.
Many run into these face-first because there is no training or warning. Ahem, Microsoft. Ahem, every antivirus. Tell your users that you aren't always enough.
Comment has been collapsed.
Again, not really.
If somebody I talk to frequently sends me a link to an image on a known image hosting site, it's a safe bet that it's just an image. Hearing alarm bells towards such a thing hints at being more than a little bit paranoid. See, if there are telltale signs to suggest otherwise, then certainly the person should err on the side of caution, but you can hardly say that linking a friend to an image file is something immediately suspect that requires a digital equivalent of a bomb disposal crew.
Perhaps if you never link to funny stuff or image macros, then yeah you would probably expect some context in the message and that would serve as your hint that something doesn't smell right. However, a lot of people prefer not to spoil the content of an image by prefacing it with anything, or merely a vague or cryptic summary of their response.
A link to a locally-executed file or random website is different to a direct link to a hosted image file, hence why this trojan is so successful compared to normal trojans that relies on basic inexperience of the user.
Comment has been collapsed.
The more inexperienced and young you are, the less you know what types of links or buttons can be harmful (save for .exe, possibly). That leaves the smart, but not enlightened, user looking at context alone.
Yes, the alarm bells for this case won't ring if you have a friend who sends images sometimes and without a conversation before it.
Comment has been collapsed.
When I got that message from a friend (I always click to check because I have to confirm every download anyway; you get an .scr file, which is the extension used instead of .exe for Windows screensavers - it is still a perfectly ordinary .exe, though), I told him he was infected. He immediately changed his name to $name DON'T OPEN ANY LINKS FROM ME. Should be warning enough.
Comment has been collapsed.
Obligatory bump 'cause I was stupid enough to click it. Don't be stupid. Be awesome like me instead. Even though I was stupid.
Well not anymore.
Comment has been collapsed.
TL;DR: "Interweb noobs, be careful of falling for Trojan spreading through Steam Friends!"
Comment has been collapsed.
Nah, SnipahShot was being a touch douchey about it and forgot to give a vital detail.
Basically it's a trojan that isn't nearly as obvious as the usual blatant ones. This one spreads through steam friends lists and rather than transmitting an obvious infected file, it's an IMAGE LINK. It sends you to a normal uploaded image-file, but I believe it's the site that hosts it that carries the trojan.
Comment has been collapsed.
I never understood people who fall for that crap.. There are things that will never look real..
Like a friend once sent me a message saying he took my picture in a game or some crap like that and sent a link to the Google drive, I have no idea how stupid people have to be to click on that..
First of all, ask which game it is in or look if you even played with that friend once in your life.. I have never gotten hacked or scammed and I intend to keep it this way.
Comment has been collapsed.
"There are things that will never look real"
So every time a steam friend gives you an image link, you quiz them about it to make sure that it was really them who sent it? It primarily occurs when the friend is online, and if you're in the habit of discussing random online humour / news then it doesn't immediately ring any alarm bells unless there are specific signs. I only managed to avoid it because I hadn't talked to the guy in about a year. Had it been anyone else I would have probably opened it.
Plus you and other people who keep implying it's a mere matter of intelligence forget about how a normal opening message from a friend goes down : http://i59.tinypic.com/2mg2uth.jpg
Hell it can even happen mid-conversation, which makes it even more confusing (though more likely they will notice something is wrong). Again, consider the nature of the trojan itself. Sometimes the type of disguise is what gets people.
Comment has been collapsed.
What you don't understand is that there is a huge difference between tinypic link and Google drive link which is what was going around, and yes I received that message x3 also.. Tinypic url or any other image sharing website does not download anything to your computer because they are stored else where and only show you the image.
Comment has been collapsed.
360 Comments - Last post 16 minutes ago by StarPONY
729 Comments - Last post 3 hours ago by IAMERROR404
13 Comments - Last post 3 hours ago by looseangel
1,289 Comments - Last post 3 hours ago by stlpaul
304 Comments - Last post 4 hours ago by RobbyRatpoison
2,047 Comments - Last post 4 hours ago by WaxWorm
70 Comments - Last post 5 hours ago by devotee
79 Comments - Last post 2 minutes ago by Gargobot
19 Comments - Last post 4 minutes ago by HappierParsley
78 Comments - Last post 9 minutes ago by HappierParsley
218 Comments - Last post 1 hour ago by nbaman2410
1 Comments - Last post 1 hour ago by adam1224
40 Comments - Last post 1 hour ago by LFPG
20 Comments - Last post 1 hour ago by Lubiii
Edit : The latest mutation appears to be targetting profile comments, claiming to be an inventory screenshot of someone who wants to set up a trade, but still operates in the same way. Be careful!
~~
There is a recent trojan with a little twist going around like wildfire at the moment.
Instead of the usual dumb link to an obvious malware site or infected file, this trojan instead travels through your steam friends lists, and appears as a direct link to an image file on a normal image hosting site. Now, think about this for a moment, if a close friend of yours sent you a message saying "Wow, some people : http://photo-wrangler.net/12513.JPG" you probably wouldn't think twice about clicking it, would you?
When you try to access the site, it attempts to stealth-download something (usually an .scr) into your computer without giving the user any prompts such as the usual "save to" dialog box, immediately infecting you and relaying the same message to everyone on your steam friends list. People have said that this trojan is designed to get access to your steam inventory and gift your gear away to a bot, but I cannot confirm that. I would be more worried about it leaving keyloggers or taking your account password. If you have a good antivirus or anti-malware installed, you will probably get an interrupt-alert that prevents it if you try to visit in a browser window external to steam, but I would still be careful because these kinds of things tend to try adapt over time.
For reference, the message itself (at this point) appears to be : "WTF?????? [evil link].JPG"
If you got this message, don't click it, alert the sender that they're infected, and advise them to scan for malware / look for keyloggers in their active processes, and then to change their password.
.
TL;DR VERSION :
There is a trojan going around the steam friends lists that is using a direct image link instead of a suspicious file. It is literally a link to a .JPG file that looks like a random piece of humour/news.
Here's a quick summary image I made myself of what to look out for : http://i59.tinypic.com/2mg2uth.jpg
Seriously. Yes. It is that easy to get caught by it. No, it isn't a joke. That image I just posted is a reminder that if you think your shit doesn't stink just because you don't open random .XLS and .EXE files, consider how the average steam conversation goes, and how innocent image links can seem and slip by your guard.
Comment has been collapsed.