Ramnit Malware Now Targeting Steam Users

[exfileme]

This seems to be a different attack than what's plaguing Konami, Ubisoft and other game-related services.

Ramnit Malware Now Targeting Steam Users : Read more

 

[Pailin]

Pretty Please Tom's - Kill these spammers already ^

 

[Trialsking]

I hope that single mom who makes $5987968 a week gets her Steam accountshacked!

 

[aramisathei]

"Even more, don't store credit card information on Steam: simply enter the number each time you make a purchase." Unless you're using a virtual keyboard, this is actually less secure since the exploit they're talking about is also a keylogger.

 

[ojas]

@arami: depends, a keylogger will also have extra junk keystrokes, plus the expiry date and other info isn't entered via the keyboard.

local virtual keyboards might be vulnerable to screen-shot based attacks, or even key loggers if they're using STDIN as well.

 

[ubercake]

The guys at Steam could write some code identifying when the user's browser is attempting to pass the pwd2 form field (or any other unexpected form field/value pairs) when logging into Steam. This would help the users identify whether or not they have this malware running on their machine.

 

[ubercake]

I hope that single mom who makes $5987968 a week gets her Steam accountshacked!

:lol:

Me too!

 

[rylt]

@ubercake

"But Maor reports that Ramnit avoids server-side detection by removing the injected element before the form is sent back to the website."

from the article.

 

[ubercake]

@ubercake

"But Maor reports that Ramnit avoids server-side detection by removing the injected element before the form is sent back to the website."

from the article.

Ah. Missed that. Hopefully we'll see some updates to detect this on the client side.