• Attackers use Ramnit malware to target Steam users
    132 replies, posted
[QUOTE]A new variant of the Ramnit financial malware is using local Web browser injections in order to steal log-in credentials for Steam accounts, according to researchers from security firm Trusteer. Ramnit is a computer worm first discovered in 2010 that spreads by infecting executable, HTML and Microsoft Office files on the local computer. The malware can steal browser cookies and FTP (File Transfer Protocol) credentials stored locally, but it also hooks the browser process in order to modify Web forms and inject rogue code into Web pages, a technique known as a man-in-the-browser (MitB) attack.[/QUOTE] [url]http://www.itworld.com/security/369598/attackers-use-ramnit-malware-target-steam-users[/url] MSE: Win32/Ramnit [url]http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2fRamnit[/url] Also known as Win32:Ramnit:H W32.Ramnit Win32/Ramnit.A Enable steamguard and ensure your email password is strong and different from your steam password. Do not store the password on your computer. Run malwarebytes daily if you are super paranoid. IF STEAMGUARD IS ENABLED: Open Steam and go to the main menu bar: Steam>Settings Click Manage Steam Guard Account Security On the next window under Keep my account protected, tick the box "Deauthorize all other computers now" This will only allow the computer you are logged in from as a allowed computer.
I hope I don't get infected, godramnit.
[QUOTE=supersoldier58;41943684]I hope I don't get infected, godramnit.[/QUOTE] Should've used protection
Guess I should turn steamguard back on even though its annoying as fuck.
I suggest all of you go to manage steam guard and disable authorization in any other computer without your consent.
[QUOTE=DigitalySane;41943721]Guess I should turn steamguard back on even though its annoying as fuck.[/QUOTE] Annoying steamguard sounds better than no steam
[QUOTE=DigitalySane;41943721]Guess I should turn steamguard back on even though its annoying as fuck.[/QUOTE] how is it annoying?
[QUOTE=Pyth;41943739]Annoying steamguard sounds better than no steam[/QUOTE] I already de-authorised all other systems on my account, although it's a good job I've switched to Linux Mint therefore this won't even affect me. [editline]23rd August 2013[/editline] [QUOTE=The Baconator;41943760]how is it annoying?[/QUOTE] I can understand how people can think it's annoying, but I'd rather have a secure account than disable it entirely.
so how do they do this? Like send a link to you via chat (meaning you partake in this to a degree) or is it completely without you doing anything? The article makes it sound like you aren't required in the process :pwn:
I wish Steam Guard were around in 2006. My Steam account was hijacked way back when and the bastard that did it hacked on CSS and I got VAC banned
[QUOTE=DigitalySane;41943721]Guess I should turn steamguard back on even though its annoying as fuck.[/QUOTE] Considering what it does, it's as un-annoying as it could really get.
They're going to try to steal the money in my steam wallet! All $0.02 of it. [B]Edit:[/B] Thank you, thank you, i'll be here all week.
[QUOTE=DigitalySane;41943721]Guess I should turn steamguard back on even though its annoying as fuck.[/QUOTE] You only have to put the code in once per pc. You just check your mail and paste the code in. It takes like 5 seconds. Lazyness is the main reason people get their accounts stolen.
"Honey! I think there's a man in my browser!"
[QUOTE=The Baconator;41943806]so how do they do this? Like send a link to you via chat (meaning you partake in this to a degree) or is it completely without you doing anything? The article makes it sound like you aren't required in the process :pwn:[/QUOTE] This is somewhat terrifying for me, luckily i don't keep my card details saved on steam, so i'll be okay there, but it'll be a bitch to contact steam, wait, etc.
[QUOTE=The Baconator;41943806]so how do they do this? Like send a link to you via chat (meaning you partake in this to a degree) or is it completely without you doing anything? The article makes it sound like you aren't required in the process :pwn:[/QUOTE] All that you need to do is download and execute a infected file.
[QUOTE=jordguitar;41943909]All that you need to do is download and execute a infected file.[/QUOTE] well that means they'd have to send you a steam chat with a link to it then, which means you can protect yourself phew
[QUOTE=The Baconator;41943958]well that means they'd have to send you a steam chat with a link to it then, which means you can protect yourself phew[/QUOTE] It does not need to be via steam chat. All they need to do is make you click a link that includes the malware and have you run it.
I use steam guard, and unless you commonly swap computers there's no way its an issue I could post my name and password and feel safe, because I know it works
[QUOTE=jordguitar;41943965]It does not need to be via steam chat. All they need to do is make you click a link that includes the malware and have you run it.[/QUOTE] Thats not necessary. Websites can download and execute programs on your computer without you knowing anything.
[QUOTE=TNOMCat;41944073]Thats not necessary. Websites can download and execute programs on your computer without you knowing anything.[/QUOTE] This is really targeted to steam users and I would assume they are going to try and infect people via making them download something and run it. They could do that but it does require them to use a exploit in a plugin or the browser itself.
[QUOTE=jordguitar;41944137]This is really targeted to steam users and I would assume they are going to try and infect people via making them download something and run it. They could do that but it does require them to use a exploit in a plugin or the browser itself.[/QUOTE] Or a simple popup ad of a website and that website has a java applet which can download and execute stuff on your computer
[QUOTE=jordguitar;41943648] IF STEAMGUARD IS ENABLED: Open Steam and go to the main menu bar: Steam>Settings Click Manage Steam Guard Account Security On the next window under Keep my account protected, tick the box "Deauthorize all other computers now" This will only allow the computer you are logged in from as a allowed computer.[/QUOTE] Just did this, thank you.
So the only way to get infected is to run a file some one sends you or?
[QUOTE=thexfiles123;41944259]So the only way to get infected is to run a file some one sends you or?[/QUOTE] possible browser/plugin exploit it depends on how the person who is doing it wants to infect you. [editline]23rd August 2013[/editline] [QUOTE=TNOMCat;41944229]Or a simple popup ad of a website and that website has a java applet which can download and execute stuff on your computer[/QUOTE] Whoever is doing it needs to have a valid exploit to do it that isnt patched.
Better safe than sorry. Showing this to all my Steam friends.
useful sites: [url]http://strongpasswordgenerator.com/[/url] [url]https://howsecureismypassword.net/[/url] My new email password would take trillions of years to crack, and I found out that adding a symbol to my weaker passwords changed the cracking time from ten days to 110 years. Pretty useful sites.
[QUOTE=TNOMCat;41944229]Or a simple popup ad of a website and that website has a java applet which can download and execute stuff on your computer[/QUOTE] I'm pretty sure Java notifies you whenever you attempt to run applets in the browser... (please correct me if I'm wrong, but it definitely notifies me in Chrome) People shouldn't just click "run" without knowing what it does.
[QUOTE=Mors Quaedam;41944401]I'm pretty sure Java notifies you whenever you attempt to run applets in the browser... (please correct me if I'm wrong, but it definitely notifies me in Chrome) People shouldn't just click "run" without knowing what it does.[/QUOTE] java does notify you when a applet attempts to run and asks if you are sure if you want to do it
so my password is something I don't know I put a ticket in for steam support [B]LAST WEEK[/B] why the fuck are they so fucking slow you'd think account security would be responded too within a day or two of business days. the only way I can log in, is because I set it to remember my password, and to automatically log me in if that doesn't work and I need to enter a password that I don't know I'm fucked until they change it I put my credit card and paypal account in the ticket no reply
Sorry, you need to Log In to post a reply to this thread.