« previous next »
Pages: [1] 2 3 4

Author Topic: Another loving steam virus  (Read 6381 times)

Stick Man

November 13, 2014, 09:52:52 PM
http://steamcommunity.com/groups/TheBattleGrounds#events/199610590928890280

Brace your starfishs, and don't click any links whatsoever.
Report any of your friends if they've been infected.
The link I've posted is a warning from one of the groups that I'm in.
« Last Edit: November 13, 2014, 10:02:55 PM by Stick Man »

Ad Bot

Advertisement

Gytyyhgfffff

November 13, 2014, 10:01:10 PM
i'm assuming that clicking the group link is ok
i hope
i wish

Masterlegodude

November 13, 2014, 10:01:25 PM
VINH'LL FIX IT

Maxwell.

November 13, 2014, 10:05:09 PM
one of my friends got infected by it, it sent to everyone and I opened it but I was on a Mac and gimp opened it

ResonKinetic

November 13, 2014, 10:13:12 PM
what if i opened that link in the steam browser  :cookieMonster:

Superbro11

November 13, 2014, 10:16:24 PM
Quote from: ResonKinetic on November 13, 2014, 10:13:12 PM
what if i opened that link in the steam browser  :cookieMonster:
YOU GET THE MLG EXPERICE!!!!!!!! YOU WILL GET FREE MC DONALSSSS
CLICK DA LUNK BELUW
legitlink.virus

Ipquarx

November 13, 2014, 10:19:02 PM
I don't understand exactly, does it automatically download and run something on your computer? If so, how?

Hansome duded

November 13, 2014, 10:24:49 PM
Quote from: ResonKinetic on November 13, 2014, 10:13:12 PM
what if i opened that link in the steam browser  :cookieMonster:
what if i opened that link on my phone  :cookieMonster:

SpongeCraft1212

November 13, 2014, 10:27:56 PM
Now, the real question is, can the Sega Saturn open up that link?

JJJMan4

November 13, 2014, 10:28:31 PM
"Many people got hacked by clicking this link that a friend sent em:

You will exchange this thing? screenshot -url .com/Screen_19521. png

If your friend send you a link to click on it and it looks like that, then your friend got infected/hacked."

Biohazard

November 13, 2014, 10:32:09 PM

Satan From Wreck-It-Ralph

November 13, 2014, 10:36:08 PM
something weird is
someone sent me the link despite not having any access to steam for the past week

Ipquarx

November 13, 2014, 10:37:49 PM
Quote from: JJJMan4 on November 13, 2014, 10:28:31 PM
"Many people got hacked by clicking this link that a friend sent em:

You will exchange this thing? screenshot -url .com/Screen_19521. png

If your friend send you a link to click on it and it looks like that, then your friend got infected/hacked."
thank you for repeating word for word what the link in OP says.

Masterlegodude

November 13, 2014, 11:14:32 PM
Quote from: Biohazard on November 13, 2014, 10:32:09 PM
thanks?
Quote from: Ipquarx on November 13, 2014, 10:37:49 PM
thank you for repeating word for word what the link in OP says.
Quote from: Gytyyhgfffff on November 13, 2014, 10:01:10 PM
i'm assuming that clicking the group link is ok
i hope
i wish

Alternat¡ve

November 13, 2014, 11:21:21 PM
Information about the virus (from reddit):
Quote
I've downloaded it with wget.
It immediatly redirects to a russian server and changes the name from xxxxx.png (a picture) to xxxxxx.scr (an executable)
Here's the server response if you are curious

--2014-11-14 02:37:57--  http://screenshot-url.com/Screen_19521.png
Resolving screenshot-url.com... 37.140.192.187
Connecting to screenshot-url.com|37.140.192.187|:80... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 302 Found
  Server: nginx
  Date: Fri, 14 Nov 2014 01:37:56 GMT
  Content-Type: text/html; charset=iso-8859-1
  Connection: keep-alive
  Location: http://files.etherway.ru/G5LG2VZD7OT0OO50DW7SLY2TFEKTSS
  Content-Length: 323
Location: http://files.etherway.ru/G5LG2VZD7OT0OO50DW7SLY2TFEKTSS [following]
--2014-11-14 02:37:59--  http://files.etherway.ru/G5LG2VZD7OT0OO50DW7SLY2TFEKTSS
Resolving files.etherway.ru... 91.197.172.9
Connecting to files.etherway.ru|91.197.172.9|:80... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 200 OK
  Date: Fri, 14 Nov 2014 01:37:06 GMT
  Server: Apache
  X-Powered-By: PHP/5.4.4-14+deb7u2
  Set-Cookie: PHPSESSID=cl430u2g7k41n9gkm91qsvq595; path=/
  Expires: Thu, 19 Nov 1981 08:52:00 GMT
  Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
  Pragma: no-cache
  Content-Disposition: attachment; filename="Screen_19521.scr"
  Last-Modified: Thu, 13 Nov 2014 09:57:10 GMT
  ETag: "a70f0a0803f552d0-38a00-507ba892d1dd5;4eebad2310a7f"
  Content-Length: 231936
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: application/octet-stream
Length: 231936 (227K) [application/octet-stream]
Saving to: `G5LG2VZD7OT0OO50DW7SLY2TFEKTSS'
The <Content-Disposition: attachment; filename="Screen_19521.scr"> does the magic trick of making a PNG an executable :P

Not surprisingly, the picture is a windows executable
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00  MZ..........ÿÿ..
00000010  B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00  ¸.......@.......
Go Linux!
Yes it does appear that you will get it if you click on the link at all.
Pages: [1] 2 3 4
« previous next »