[QUOTE]For awhile now, many Steam users have fallen victim to a rash outbreak of malware. Simply put, the malware's function is to steal your inventory of targeted items by exploiting the Steam Trading system. All a victim has to do is execute a file, one disguised as a .scr, and blammo - goodbye CS:GO or Dota 2 items. Inside sources say that these phishers create "thousands of bots" a day to help seed the malware.
Steam Trading did not have much of an authentication safeguard in place, so it was pretty easy for phishers to steal items. Well, today, Valve has implemented a new safeguard.
trade_captcha.png ​
Trade offers now require that both users pass a CAPTCHA test before committing to a trade deal.
"We’re updating trading to include a captcha as part of confirmation process," John C. from Valve said today. "This is to prevent malware on users’ machines making trades on their behalf. We know it’s a bit of a hassle, and we don’t like making trading harder for users, but we do expect it to significantly help customers who are tricked into downloading and running malware from losing their items."
Is this a good idea? It should help to curb some of the cases of victims of this malware, easing the load on Valve's already strained Customer Support. But is this just making the trade experience more of a nuisance? Also, Google says that there are bots out there that can solve nearly 100% of all CAPTCHA tests. Google has developed their own system, called reCAPTCHA, which claims no bot can crack and is a more streamlined process for users. Should Valve implement reCAPTCHA instead?[/QUOTE]
SOURCE: [url]http://www.valvetime.net/threads/steam-trading-implements-captcha-to-curb-outbreak-of-malware.245671/[/url]
This is going to stop trade bots for maybe a day or two. Really bad decision.
[editline]12th January 2015[/editline]
No clue how this is going to affect malware.
Really silly as there are services out there where a human will solve the captcha in less then 15 seconds, it's slow but it gets there.
This really doesn't stop anything.
Yes this solves malware doing trades in the background.
Atleast makes it way more difficult.
valve is literally being a nanny state to all their steam users at this point
[QUOTE=Judas;46908851]valve is literally being a nanny state to all their steam users at this point[/QUOTE]
Blame the idiots who keep losing their accounts and inventories that are worth money to someone.
[QUOTE=residntevl;46908873]Blame the idiots who keep losing their accounts and inventories that are worth money to someone.[/QUOTE]
There was that link that was going around that would send an invisible trade to you if clicked and it would send all of your items to someone. It looked just like an image link, and anyone on your friends list could send it.
One of my friends lost $200 worth of items, and Valve basically said "sorry we aren't obligated to return them."
I don't have remorse for fools clicking links and falling for shit like freesteamgamez.tz but there are TONS of exploits in steam that need to be addressed.
[QUOTE=Marlamin;46897290]Most of the nasty Steam malwares Valve is trying to battle with the captchas in trade offers have already patched in a captcha breaker that only slows them down by like ~10 seconds.
That became useless quick :v:[/QUOTE]
And then google came
Does that mean websites like TF2scrap and TF2warehouse are fucked?
[QUOTE=Ern;46908931]Does that mean websites like TF2scrap and TF2warehouse are fucked?[/QUOTE]
Nope, Valve added sites like scrap.tf, Dota 2/CS:GO Lounge, along with a few others to a whitelist so their bots don't have to do the CAPTCHA/reCAPTCHA checkbox.
[QUOTE=residntevl;46908873]Blame the idiots who keep losing their accounts and inventories that are worth money to someone.[/QUOTE]
How about blaming malware creators instead of the victims?
You'll never get everyone invested enough that they'll keep up to date with the latest scam techniques tricks on a fairly regular basis and it's only good customer service to create a secure environment in which you don't have to analyze every friend request and line of text you're sent.
To me getting worked up over this feature is about as silly as getting worked up over email providers offering spam filters and people having to occasionally inconvenience themselves by weeding out false positives themselves.
good
i have a ton of valuable dota items i collect and i dont want to lose them to a misclick
This is bullshit.
I can't accept any trade offers thanks to the awful trading and now I have to fill out a captcha every try.
AGH.
[QUOTE=01271;46909086]This is bullshit.
I can't accept any trade offers thanks to the awful trading and now I have to fill out a captcha every try.
AGH.[/QUOTE]
Robot confirmed
[QUOTE=Judas;46908851]valve is literally being a nanny state to all their steam users at this point[/QUOTE]
occupy valve? U guys with me ?
-reiterated in next post-
So valve made a stupid feature slightly more inconvenience and everyones crying?
[QUOTE=residntevl;46908873]Blame the idiots who keep losing their accounts and inventories that are worth money to someone.[/QUOTE]
Right, let's never progress. Let's only focus on the people who are just [I]too stupid[/I] to be on your astute and never focus on protection for any one.
I swear, it's like the next thing that was going to come out of your mouth was, "Well, they don't deserve their items or account anyway. They were basically asking to be hacked."
Again, blaming people who are being messed with instead of looking at how we can improve the situation for even the most novice isn't productive. Steam is home to a huge market of people and it's not all about you or me or Judas but everyone.
People take virtual hats too seriously.
[QUOTE=anemone;46910820]People take virtual hats too seriously.[/QUOTE]
Some, just some virtual hats are worth thousands of dollars.
So, trade bots are dead?
I've seen a huge increase in scamming attempts recently.
I literally got like 1 random scam friend invite per day, and I still do get some.
[QUOTE=JohnnyOnFlame;46910838]So, trade bots are dead?[/QUOTE]
Actually I am curious about this. What's the current status of trashbot?
Additionally, I'm not even sure if captcha is applied to live trades as well as trade offers
AFAIK the only vulnerable users to these links are IE users?
the image links that were being sent to people were screensaver files with exe's in them, that wouldn't autoopen outside of IE? I know I clicked a link and it opened in Firefox and just downloaded the .scr, my inventory is still fine (not that I have anything worth taking, I think my inventory is worth $3) and 2 different virus scans showed 0 hits
I can't imagine Chrome's sand boxing would be any less secure to these kinds of viruses than Firefoxes either
I suppose it helps that I have show file extension enabled in Windows, and was not convinced by the screenshot website downloading a .scr to my computer, so maybe some people just saw that it was an image file and double-clicked it?
[editline]12th January 2015[/editline]
[QUOTE=Scratch.;46911431]Actually I am curious about this. What's the current status of trashbot?
Additionally, I'm not even sure if captcha is applied to live trades as well as trade offers[/QUOTE]
Read above, apparently Valve whitelisted some trading sites
[QUOTE]
Read above, apparently Valve whitelisted some trading sites[/QUOTE]
Trashbot is just a steam user that uses nodejs and a couple of other utilities in it's package
I
There is no trashbot website outside the steam community, so they're probably doing it some other way
So does this mean that anyone who wants to develop a trade bot for either personal usage or a new trade/warehouse like web service is pretty much screwed?
I doubt that there will be some kind of official "Whitelist your tradebot here, by following these 5 simple steps" manual anytime soon on the Steam Support pages...
[QUOTE=wauterboi;46910641]Right, let's never progress. Let's only focus on the people who are just [I]too stupid[/I] to be on your astute and never focus on protection for any one.
I swear, it's like the next thing that was going to come out of your mouth was, "Well, they don't deserve their items or account anyway. They were basically asking to be hacked."
Again, blaming people who are being messed with instead of looking at how we can improve the situation for even the most novice isn't productive. Steam is home to a huge market of people and it's not all about you or me or Judas but everyone.[/QUOTE]
I don't need to do anything for these ignorant consumers who lose their items, Valve is doing something to prevent that and if people [i]still[/i] lose their items it's still their damn fault because Valve has put so many warnings and features in to prevent these things from happening.
I agree, attempt to stop the malware creators, it's what Valve is doing, but it's hard not to blame the victims when there's so many warnings in the client to help you identify and protect you from getting scammed/phished/botted.
[editline]13th January 2015[/editline]
[QUOTE=GabrielWB;46914235]So does this mean that anyone who wants to develop a trade bot for either personal usage or a new trade/warehouse like web service is pretty much screwed?
I doubt that there will be some kind of official "Whitelist your tradebot here, by following these 5 simple steps" manual anytime soon on the Steam Support pages...[/QUOTE]
If you've got a huge net of bots and they're part of a third party service used by a portion of users I'm sure Valve will whitelist the bots, but not single bots used by one user. You'd have to e-mail them and let them know what it's used for though. Don't quote me on that though I'm not actually sure if they'll whitelist anyone right now.
[QUOTE=Judas;46908851]valve is literally being a nanny state to all their steam users at this point[/QUOTE]
A company is taking caring of its customers, what a crime.
I started finding malware that bypasses this via cheap captcha OCR services the second they added this.
Nothing changed.
[QUOTE=Tobba;46917961]I started finding malware that bypasses this via cheap captcha OCR services the second they added this.
Nothing changed.[/QUOTE]
Who would've thought any different. Captchas these days are hardly a problem for bots.
[QUOTE=Medevila;46910822]Must be something off about your usage or computer, it's using RECAPTCHA as of yesterday so all you have to do is check a box,
[IMG]http://i.imgur.com/rw0vWEn.png[/IMG][/QUOTE]
I don't know about you but if I use a lot of recaptchas in a short amount of time (posting on 4chan, for example), I end up having to type out a word anyways.
Sorry, you need to Log In to post a reply to this thread.
