Jump to content
  • 0

WARNING -- Phishing/Hacking Attempts

Yamagata 1st MRB

Asked by Yamagata 1st MRB,

 Share

Question

Yamagata 1st MRB Presidential Poster

Yamagata 1st MRB

Posted
Posted (edited)

Hello All,

It looks like SSgt. Marchese's steam account has been compromised. If you receive a message "WTF Dude?" with a link to a "screen-pictures" site, DO NOT FOLLOW IT. You will download a virus, if not some sort of keylogger or malicious software. Steam community says it steals all your trade-able DLC and resends the virus to your friends list.

omithacked_zps9d32ca43.png

I can PM the URL if anyone feels like getting hacked and/or wants to debug it! :lol:

If you did download or follow the link, run a virus scan and change your steam password ASAP!

Being in IT has taught me to be wary of unknown links from others, and to NEVER download unknown files. When I saw the link, I immediately googled the site for legitimacy and the list of warnings and infection reports on the Steam Community threw up the red flag. Please be cautious and browse safely! If anyone has issues, please post a request for help and our MSO team will help you out!

Thanks,

Lt. Col. Yamagata

Edited by Candy 1st MRB

23 answers to this question

Recommended Posts

  • 0
Marchese 1st MRB Forum Admirer

Marchese 1st MRB

Posted
Posted (edited)

Hello all. I knows it's been a while but I am quite aware of the situation and will confirm. Apparently someone from my friends list had this virus and like a dope I fell for it and I am sorry for any problems this might of caused. I have changed my password to my steam account and am running antivirus I would advise you do the same. I did run antivirus on the file before opening it and it revealed no malware so that why I launched the fake jpeg. Ya think I would know better being in IT but guess I had a brain fart.

Edited by Marchese 1st MRB
  • 0
Ultranator BAR Forum Hot-Shot

Ultranator BAR

Posted
Posted (edited)

If you get a message from someone on steam that says:

WTF Dude?

definitely do not click on that.

It would be a virus. It almost got me until the img asked me for permission to run it....

Edited by Cannon 1st MRB
Removed the link - Cannon
  • 0
Griswold Forum Scholar

Griswold

Posted
Posted (edited)

SSgt. Grant seems to have been affected by this as well. If ANYONE sends you this message DO NOT CLICK ON IT!!!!!

Also post who you get these messages from, that way we can contact them on the forum about there compromised account.

Edited by Griswold 1st MRB
  • 0
Griswold Forum Scholar

Griswold

Posted
Posted
What if you clicked the link with your phone, but it didn't open the website because its not a real website or download anything.

I would say you would be good, probably built for a different operating system. But just make you pay attention to when/if you plug your phone into your computer next time. Make sure nothing fishy starts happening.

  • 0
Barry 1st MRB Forum Blow-Up Doll

Barry 1st MRB

Posted
Posted

REMEMBER GUYS ALSO LET THE PERSON WHO IS UNDER THE VIRUS KNOW THAT THEY ARE EFFECTED

BECAUSE THEY MIGHT NOT KNOW THAT THEY ARE

AND WILL CONTINUE TO GO ABOUT THEIR BUSINESS

WITHOUT SCANNING FOR VIRUSES OR FIXING THEIR PASSWORDS

  • 0
Yamagata 1st MRB Presidential Poster

Yamagata 1st MRB

Posted
  • Author
Posted

Anti-viruses work off of databases of "known" malware, that's why you need to update your protection so often, there are set definitions of viruses. In addition, it's using steam and your browser as a means to infect your computer, these are already "green-lit" by all your anti-virus programs. If it's new, it's not going to flag it as a known threat, this is where you, the user, needs to be diligent and check the source. Before I even clicked the link, I googled screen-picture or whatever the site hosting this "wtf dude" image. That's where I hit the "unknown site certificate" and pre-existing steam community posts results.

Google is your friend!

  • 0
Yamagata 1st MRB Presidential Poster

Yamagata 1st MRB

Posted
  • Author
Posted

Smart people have already debugged the virus! In case anyone was curious:

The method form the code is thus..

Hook into steam,

steal cookies,

get auth token,

get friends list,

send all items etc as per line + (753:gift;570:rare,legendary,immortal,mythical,arcana,normal,unusual,ancient,too

l,key;440:unusual,hat,tool,key;730:tool,knife,pistol,smg,shotgun,rifle,sniper rifle,machinegun,sticker,key) ,

send message to all friends = ("WTF Dude? http://♥♥♥♥♥♥♥♥♥♥♥♥♥♥♥.com/DELETEDFORSAFTEY/")

Nothing thing else is mentioned in the code... Wanted to check to make sure it never got my password for steam..

Note* it uses the steamapi to send authenticated requests with the stolen cookies, for the trade transactions*

Well it steals the cookie which means the attacker can change the password on you in theory.

It's prudent to deauthorize your SteamGuard computers and change your password as a precaution.

  • 0
Woz 1st MRB Forum Punk

Woz 1st MRB

Posted
Posted
Smart people have already debugged the virus! In case anyone was curious:

The method form the code is thus..

Hook into steam,

steal cookies,

get auth token,

get friends list,

send all items etc as per line + (753:gift;570:rare,legendary,immortal,mythical,arcana,normal,unusual,ancient,too

l,key;440:unusual,hat,tool,key;730:tool,knife,pistol,smg,shotgun,rifle,sniper rifle,machinegun,sticker,key) ,

send message to all friends = ("WTF Dude? http://♥♥♥♥♥♥♥♥♥♥♥♥♥♥♥.com/DELETEDFORSAFTEY/")

Nothing thing else is mentioned in the code... Wanted to check to make sure it never got my password for steam..

Note* it uses the steamapi to send authenticated requests with the stolen cookies, for the trade transactions*

Well it steals the cookie which means the attacker can change the password on you in theory.

It's prudent to deauthorize your SteamGuard computers and change your password as a precaution.

I was going to ask if someone could pm me the file url (or dropbox the file to me if the site has already been taken down) so that I could run it through IDA, but it looks like someone on the steam forums has already decompiled and analyzed it. I would still be interested in looking at it anyways, so if someone could hook me up with the file, that would be awesome.

  • 0
Sanborne Forum Expert

Sanborne

Posted
Posted

Today i recieved a PM from a friend of mine, While i neglected to take a screenshot it read as "Hey, I want to trade with you! Check My trade inventory @ *Link Removed*" then he logged out" I wont post the link, But research done on it says its not a trusted site and is most likely a scam / Phisher link.

  • 0
Griswold Forum Scholar

Griswold

Posted
Posted

Tifrobond has seemed to have come down with this virus, if anyone has him on there friends list check your recent messages with him. If you opened any link from him, SCAN YOUR COMPUTER NOW!!!!

  • 0
Griswold Forum Scholar

Griswold

Posted
Posted
Why do people suck so bad?

Real question should be why did it take so long for someone to look for a way to do this to someone? Steam for a long time had been a really good platform, why steal someones digital shit?

Steam is just like any other digital platform, why did it take so long for viruses that specifically target Steam to come out?

  • 0
Arsenault 1st MRB Forum Seeker

Arsenault 1st MRB

Posted
Posted
Why do people suck so bad?

Real question should be why did it take so long for someone to look for a way to do this to someone? Steam for a long time had been a really good platform, why steal someones digital shit?

Steam is just like any other digital platform, why did it take so long for viruses that specifically target Steam to come out?

Hats.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Recent Posts

    • Belcher 1st MRB
      Unban Request :: T/5 A. Sheffer |8th ID|

      By Belcher 1st MRB · Posted

      So, to address this concerning issue for a 3rd time now. We have previously told you we DO NOT tolerate the behavior you have disgustingly displayed within our server. I will however state I'm absolutely THRILLED to hear you've learned your lesson and now know that acting the way you did was indeed wrong in every aspect. Thats great but unfortunately isn't a factor that will change my mind on the matter as you were told before. If you don't remember what was said to you previously that's A-OKAY!! Because I have graciously provided you with the response you were given previously by our MP chief at the time of your last unban request. I want to say it takes a man to admit he's wrong but unfortunately, we both know this situation should've never have happened to begin with. So, with that being said I am hereby stating your ban will stay as a PERMANENT ban and will not change in the seeable future by any means. Thank you for reaching out to us and know I'm happy as ever to hear you've learned your lesson but as I stated above that doesn't clear you of your actions nor does it make me forget on how YOU chose to act that day as a guest within our servers.  Perma Ban stays in full effect. Sorry for any inconvenience this may cause for you. We thank you again for reaching out to us once again. Signed, 2ndLt. S. Belcher 1-A/CO Platoon Commander   Unban Request __ Pfc. A. Sheffer _8th ID_ - Day of Defeat_ Source - 1st Marine Raiders.html
    • Sheffer
      Unban Request :: T/5 A. Sheffer |8th ID|

      By Sheffer · Posted

      Bump :(
    • gOOse GaGGLeR BAR
      Ban Report :: Germ-E-Nader [Germinator]

      By gOOse GaGGLeR BAR · Posted

      Name: Germ-E-Nader [Germinator]   Steam I.D: STEAM_0:0:520043914   Duration of Ban: Permanent   Reasons for the Ban: Racism   Demo Provided?: N   Comments: Started into a political, racist rant in chat. He was warned by Keebler, DapperxDuck, and myself of the consequences of continuing. He didn't listen.
    • Samuels 1st MRB
      Unban Request :: Azilla

      By Samuels 1st MRB · Posted

      This is under deliberation by our MP staff.  We will notify you of a decision when one is made.
    • Furgeson 1st MRB
      [Approved Discord - HLL030] Enlistment Application B. Calypso

      By Furgeson 1st MRB · Posted

      Welcome to the 1st Marine Raider Battalion! Now that you have been accepted don't forget to: 1. Check in at the Recruit Depot 2. Read the Marine Raider Handbook (you are expected to know everything in it) 3. Change your steam friends Avatar 4. Download, install and log into Discord NOTE: Please be aware that you will not have access to the above links until an officer has given you full access to the forum. Access to the forum should be given to you within the next day.
×
×
  • Create New...