• Attackers use Ramnit malware to target Steam users
    132 replies, posted
[QUOTE=The Baconator;41945194]Steamguard makes it pointless imo[/QUOTE] steamguard is useless if your steam password is the same as your email password that is linked to steam.
[QUOTE=Keychain;41945128]Well they're waiting a long time to do that since it's been around for a couple years.[/QUOTE] You just reinforced my point... Nobody would know if it happened it could of happened already... [QUOTE=Ericson666;41945151]well the passwords aren't going to be of much use if you don't have the usernames[/QUOTE] Just cross reference the IP's with latest username signups on large websites and tadaa! You have some persons account.
[QUOTE=Jarva;41945078]But nobody would have the slightest idea if it got rooted and used for malicious purposes. They could change the script and steal about 500 passwords then change it back and nobody would have a clue.[/QUOTE] Passwords...to what? They don't have anything beyond a password, they would need a username, and unless they can do some magic to do that too, they won't have it. On top of that not all the searches are necessarily passwords. [editline]23rd August 2013[/editline] [QUOTE=Jarva;41945250] Just cross reference the IP's with latest username signups on large websites and tadaa! You have some persons account.[/QUOTE] Oh, how would you even do that
I have an ñ in my password. I think that it should make it more hard to crack.
[QUOTE=Satane;41945166]are you guys seriously entering your steam password into untrusted websites ?[/QUOTE] even if it was doing that, without a username that's just redundant information.
[QUOTE=TNOMCat;41944229]Or a simple popup ad of a website and that website has a java applet which can download and execute stuff on your computer[/QUOTE] so as long as you avoid the browser you'll be okay?
Wait, would this virus be capable of logging into your email to get the code, or would it stop at Steam?
[QUOTE=Lambadvanced;41945260] Oh, how would you even do that[/QUOTE] They would just monitor the incoming registration traffic which could easily be monitored by a simple shell on the website.
[QUOTE=BigJoeyLemons;41945313]Wait, would this virus be capable of logging into your email to get the code, or would it stop at Steam?[/QUOTE] I would assume it will try to grab anything and everything but it is targeting steam.
Who cares about how long it takes to crack a password, if the password is sniffed/keylogged/MitB'd, then lenght and difficulty have zero effect on your security.
My keyboard left a n out but i do have some good news It appears this version of Ramnit is already detected by MSE. Update your virus definitions and you should be fine: [url]http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2fRamnit[/url]
[QUOTE=Jarva;41945250]You just reinforced my point... Nobody would know if it happened it could of happened already... Just cross reference the IP's with latest username signups on large websites and tadaa! You have some persons account.[/QUOTE] Yes, because the IPs users logged on with are publicly available on Steam. You may be able to find out what somebody's IP and username is thorough careful digging, if they posted it on a game forum or whatever, but its an awful lot of work for possibly no reward just for one user name.
[t]http://puu.sh/49hwD.png[/t] fuckfuckfuckfuckfuckfuck [sp]Too lazy to change it though[/sp]
[QUOTE=code_gs;41945584][t]http://puu.sh/49hwD.png[/t] fuckfuckfuckfuckfuckfuck [sp]Too lazy to change it though[/sp][/QUOTE] ILikeSoccer12
[QUOTE=LaTrefle;41945638]ILikeSoccer12[/QUOTE] It would take a desktop PC about A million years to crack your password
[QUOTE=macdoo999;41943816]Considering what it does, it's as un-annoying as it could really get.[/QUOTE] The only thing that annoys me about it is the fact that it uses email. I'd prefer it to be able to be used in Google authenticator like Dropbox's OTP. But I guess email makes it pretty damn secure though.
[QUOTE=Jsm;41945712]The only thing that annoys me about it is the fact that it uses email. I'd prefer it to be able to be used in Google authenticator like Dropbox's OTP. But I guess email makes it pretty damn secure though.[/QUOTE] I kinda dislike authenticators, I got locked out of my battle.net account that way email is more permanent
Losing your steam account to this sort of stuff is probably easier than you think, i NEVER put my steam account and password into anything other than the steam application itself, ran regular virus scans etc and one day i came back from holiday and got a message saying my password was incorrect. I looked on a friends PC and my account had its steam community name changed, country changed, groups deleted and shortly after my friends list reset. Thankfully i got it back because i still had the original cd key the account was registered from but i really do suggest changing your password and at the very least turning steam guard on for those who are stupid enough to have not turned it on by now. If you've had your password for more than 2 years i'd suggest changing it to something entirely different, it's a real shitty feeling when you have something like that robbed from under your nose while you could have done something so easy to prevent it (like not having the same password for 6 years)
My problem with SteamGuard is that it always forgets that I've authorized certain computers. I logged in on Chrome earlier today and authorized this computer. Then I opened Chrome again later and tried to log in, but the dang thing forgot that I'd already authorized it.
[QUOTE=code_gs;41945584][t]http://puu.sh/49hwD.png[/t] fuckfuckfuckfuckfuckfuck [sp]Too lazy to change it though[/sp][/QUOTE] what the hell is it? your username? you should probably change it, it takes like 10 seconds I recommend changing it into two random bacteria, with random numbers, symbols, and capitalization replacing the letters.
[QUOTE=Satane;41945166]are you guys seriously entering your steam password into untrusted websites ?[/QUOTE] this site is trusted tho? its even google verified.
[QUOTE=bunnyspy1;41945901]what the hell is it? your username? you should probably change it, it takes like 10 seconds I recommend changing it into two random bacteria, with random numbers, symbols, and capitalization replacing the letters.[/QUOTE] People don't brute force passwords anymore, you could tell someone to change their password to the first 500 digits of pi but if they have a keylogger then they're fucked no matter how long it is.
Apparently "fuck" is the in the top 40 most used passwords. All the runescape accounts will be mine
3 Trillion Years for mine right now
[QUOTE=code_gs;41945584][t]http://puu.sh/49hwD.png[/t] fuckfuckfuckfuckfuckfuck [sp]Too lazy to change it though[/sp][/QUOTE] don't worry the one I've been using for almost a decade is way worse It would take a desktop PC about 19 seconds to crack your password 19 seconds
[QUOTE=Jacknife;41943883]This is somewhat terrifying for me, luckily i don't keep my card details saved on steam, so i'll be okay there, but it'll be a bitch to contact steam, wait, etc.[/QUOTE] How do I remove my card details?
[QUOTE=theobod;41946311]How do I remove my card details?[/QUOTE] delete your steam account and burn your computer before hackers get to it OR Click on Steam in the top left corner > Settings > Account. To the right hand of that window, there'll be a 'View Account History'. Click that. This'll bring up your account history. To the right, there'll be a 'Your Steam Account' box. Beneath that, there'll be your credit card info (last 4 digits). Click delete next to it.
[QUOTE=J!NX;41946335]delete your steam account and burn your computer before hackers get to it OR Click on Steam in the top left corner > Settings > Account. To the right hand of that window, there'll be a 'View Account History'. Click that. This'll bring up your account history. To the right, there'll be a 'Your Steam Account' box. Beneath that, there'll be your credit card info (last 4 digits). Click delete next to it.[/QUOTE] Thanks man!
I'm actually quite worried about this for some reason, it does anger me too I mean why do people do this in the first place?
Apparantly a password of AAAAAAAAAA would take 19 years to crack. Hmm...
Sorry, you need to Log In to post a reply to this thread.