Attackers use Ramnit malware to target Steam users
132 replies, posted
[QUOTE=TNOMCat;41944229]Or a simple popup ad of a website and that website has a java applet which can download and execute stuff on your computer[/QUOTE]
noscript to the rescue
does the free trial of malewarebytes work good enough to catch this?
[QUOTE=LtKyle2;41946779]noscript to the rescue
does the free trial of malewarebytes work good enough to catch this?[/QUOTE]
The free version doesn't have realtime scanning.
It doesn't look like the password strength site takes capitalization into account - AAAAAAAAAA gives the same result as aAaAaAaAaA
also
I have Steam Guard, my email sends codes to my phone, I'm vaguely considering changing the email address off Gmail to a not-commonly-used domain, I have antivirus software because I'm not a moron, and I use AdBlock anyway.
Figure I'm as secure as I'm going to be without locking the computer in a safe and never turning it on again.
This happened to me last month. I got a message saying that someone had logged into my Steam from Japan. I'm pretty sure it happened when I downloaded something from CNET and it decided to add some retarded toolbar and forcefully changed my homepage and wouldn't allow me to change it back even after uninstallation without major work, so don't go there. They had access to my email to get past steam guard too, I was stupid enough to have the same email password.
[QUOTE=Midas22;41947005]This happened to me last month. I got a message saying that someone had logged into my Steam from Japan. I'm pretty sure it happened when I downloaded something from CNET and it decided to add some retarded toolbar and forcefully changed my homepage and wouldn't allow me to change it back even after uninstallation without major work, so don't go there. They had access to my email to get past steam guard too, I was stupid enough to have the same email password.[/QUOTE]
I never liked CNET.
[QUOTE=Midas22;41947005]This happened to me last month. I got a message saying that someone had logged into my Steam from Japan. I'm pretty sure it happened when I downloaded something from CNET and it decided to add some retarded toolbar and forcefully changed my homepage and wouldn't allow me to change it back even after uninstallation without major work, so don't go there. They had access to my email to get past steam guard too, I was stupid enough to have the same email password.[/QUOTE]
That shit sucks man, I used 5 programs to purge a browser hijacker off my PC.
Steam guard
A good AV
Different passwords for my email and steam
90% of web browser plugins blocked unless I tell it to run
I virustotal the FUCK out of a lot of the things I download that I'm wary of (which is almost everything)
I think I'll be okay.
I wonder if this has something to do with this guy on my steam friends list who suddenly keeps linking me to steam phishing websites lol. Sucks for him either way since he's obviously lost his account.
I deactivated other steamguard authorizations through my desktop just to be safe. Trying to get in on my laptop and it's saying "Use the Steam Mobile application to provide your Steam Guard code"
I go to my phone and Steam mobile has nothing. Is this a recent change trying to use Steam mobile instead of emails?
[QUOTE=BigJoeyLemons;41944381]useful sites:
[url]http://strongpasswordgenerator.com/[/url]
[url]https://howsecureismypassword.net/[/url]
My new email password would take trillions of years to crack, and I found out that adding a symbol to my weaker passwords changed the cracking time from ten days to 110 years.
Pretty useful sites.[/QUOTE]
instead of random characters, I like to use the XKCD method of creating passwords
[img]http://imgs.xkcd.com/comics/password_strength.png[/img]
Lightly season with numbers or non text characters to prevent dictionary attacks
[editline]23rd August 2013[/editline]
fuck diudn't read through thread before posting that
I think these fuckers already got my info, someone tried to use my credit card shortly after someone logged in on my steam profile so I ended up having to change password, cancel the card, and now I cant buy anything online until I get a new card. Assholes.
I got hacked.
3 times.
In one year.
I guess that is the consequence of being a whiny ass 10 year old who desperately wanted TF2.
Thanks OP for posting this. Just deauthorized and took my debit card off my account.
[QUOTE=avincent;41943701]Should've used protection[/QUOTE]
Hey, Even a condom has a fairly high failure rate. Software protection's even worse
So use both!
[QUOTE=LaTrefle;41944514][IMG]http://i.imgur.com/q127ixM.png[/IMG]
[editline]23rd August 2013[/editline]
I am relieved[/QUOTE]
Its supposed to take trillions of years to be a real password.
[QUOTE=DigitalySane;41943721]Guess I should turn steamguard back on even though its annoying as fuck.[/QUOTE]
This post has 34 disagrees and 8 agrees, and I have no idea which people are rating agree because they agree with the fact that you should turn it on, and which people are rating disagree because they disagree that it's annoying as fuck.
How is this news? This has been going on since start of time.
[QUOTE=viperfan7;41948285]Lightly season with numbers or non text characters to prevent dictionary attacks[/QUOTE]
That's not necessary. Dictionary attacks don't help against passwords concatenated from multiple random dictionary words. They do help against single unmodified words and single unmodified well-known sentences (like quotations).
The method of generating passwords from multiple dictionary words [i]assumes[/i] that the attacker knows they did so. If the attacker doesn't, the password is a shitload more secure - but even if they do, it's still very secure and easier to remember than random characters.
The itworld link is more informative than most but I really wish they'd give things like common distribution methods and what browsers it can attack.
[QUOTE=ShaunOfTheLive;41948649]This post has 34 disagrees and 8 agrees, and I have no idea which people are rating agree because they agree with the fact that you should turn it on, and which people are rating disagree because they disagree that it's annoying as fuck.[/QUOTE]
They disagree that it's annoying as fuck.
In the 9 years I've been using steam I've never had anyone try to get into my account. Pretty terrifying thought to lose all those games. It's a lot of money
A decillion years
27 digit password ftw
My password would be cracked instantly it says. Not like anyone has cracked it yet. Maybe I'm just a computer user who isn't dumb as fuck
I got hacked once after I fell for the free steam games trick. It was funny because it happened literally 30 seconds after I put in my details and then realized the URL was fake. Woke up next morning with my password changed and my account inaccessible.
This is scary, but precautions have been taken. Let's just hope they get bored and bugger off.
Yeah, why are they even still trying this shit while steamguard exists
[editline]24th August 2013[/editline]
Also those links I posted were mainly for email passwords to keep steamguard working well
[editline]24th August 2013[/editline]
And as long as we scan every file we download for viruses, we'll be fine, right?
[QUOTE=Altimor;41948741]The itworld link is more informative than most but I really wish they'd give things like common distribution methods and what browsers it can attack.[/QUOTE]
[QUOTE]Ramnit was first detected in 2010, attaching itself to most executable files and USB drives to infect additional computers. Originally a generic worm, it did not have many capabilities and was thus not considered dangerous. In 2011, malware writers altered the worm to capture data from web sessions, letting hackers commit financial fraud. Most recently, it was responsible for the theft of 45 000 login credentials, using them to infect the victims' friends and remotely access corporate networks.[2] The current version of Ramnit is a hybrid version of the original worm, with some code taken from the ZeuS trojan horse.[/QUOTE]
[QUOTE=Ishwoo;41945774]Losing your steam account to this sort of stuff is probably easier than you think, i NEVER put my steam account and password into anything other than the steam application itself, ran regular virus scans etc and one day i came back from holiday and got a message saying my password was incorrect. I looked on a friends PC and my account had its steam community name changed, country changed, groups deleted and shortly after my friends list reset. Thankfully i got it back because i still had the original cd key the account was registered from but i really do suggest changing your password and at the very least turning steam guard on for those who are stupid enough to have not turned it on by now.
If you've had your password for more than 2 years i'd suggest changing it to something entirely different, it's a real shitty feeling when you have something like that robbed from under your nose while you could have done something so easy to prevent it (like not having the same password for 6 years)[/QUOTE]
you didn't have Steamguard on did you?
For the people bitching about how the site could steal your password:
[img]http://puu.sh/4a57r.png[/img]
It doesn't make any outbound requests, geniuses.
Sorry, you need to Log In to post a reply to this thread.