Forum
An explanation of SteamStealer aka "Ebola.scr"
Created 21st December 2014 @ 14:38
Add A Reply Pages: « Previous 1 2 3 Next »
Quoted from CHERRY
Who the fuck writes a virus in C#?
lol I actually understood it.
wow that’s not that difficult to create haha.
Quoted from Flow.
[…]
Apparently somebody, who obfuscates the code with a bad open source packer. I guess this stuff is patched together from several code snippets. I don’t complain at all, because they just made my work easier. I only had to de-obfuscate to get to the source instead of reading a lot of stuff in my debugger xD. But writing it in C# doesn’t mean it’s less harmful…
My country’s electoral calculator was written in C# guess how it ended?
.
.
.
.
.
https://github.com/wybory2014/Kalkulator1
They even included pdo files with executable :D
Last edited by CHERRY,
Oh look what I’ve found ;)
http://steamstealer.com/
I guess I’ve got their latest source code for free which they had “protected” … Suddenly C# makes sense when you want your customers to be able to edit it to their needs. Valve REALLY needs to patch the security flaw in steamclient.dll …
wow good job man, definitely interested to see what else this thing hides, does this malware affect other steam accounts on the pc, or just the one you’re currently using?
Last edited by rockie,
Quoted from rockie
wow good job man, definitely interested to see what else this thing hides, does this malware affect other steam accounts on the pc, or just the one you’re currently using?
I think Steam creates and saves the hashes only for the current account. So if you switch users, the previous one should be fine. Since I don’t exactly know how Steam works, I can’t tell for sure. Let’s just hope that Valve is aware of this and stops these guys from making profit by selling this stuff to scammers.
Quoted from Flow.
[…]
I think Steam creates and saves the hashes only for the current account. So if you switch users, the previous one should be fine. Since I don’t exactly know how Steam works, I can’t tell for sure. Let’s just hope that Valve is aware of this and stops these guys from making profit by selling this stuff to scammers.
I don’t think it works like that, not 100% sure though.
Quick fix for sending mass messages http://teamfortress.tv/thread/21707/how-to-protect-yourself-from-steam-viruses#376836
volvo is stupid to stores obvious cookies with steamID
MatchCollection matchs = new Regex(“7656119[0-9]{10}%7c%7c[A-F0-9]{40}”, RegexOptions.IgnoreCase).Matches(preparedIDs);
Untill this shit is fixed there’s little to be done elsewhere.
Last edited by Kengur,
Thank you for your informative post. I’ve received several of these sorts of these “friend” invites on a weekly basis for a very long time so i’m om my guard.
I’ll definitely going to edit my host file. This won’t affect any of steam’s normal functions?
I do have a question about the backpack that’s used for storage for stolen items. You mention there are stolen items in it, does that mean it’s set to public on steam? It’s kind of odd as you would expect it being set to private to prevent someone tracing the items. Or is there some trick to view private backpacks online?
Good job dude. This should be extremely easy to patch for Valve. Makes me cringe looking at someone doing memory editing so much and still using C#.
Quoted from CHERRY
[…]
I don’t think it works like that, not 100% sure though.
It should. I haven’t read it fully at all but if it’s using conventional cookie grabbing it should only affect stuff that is currently logged in.
Last edited by konr,
Quoted from CapTVK
Thank you for your informative post. I’ve received several of these sorts of these “friend” invites on a weekly basis for a very long time so i’m om my guard.
I’ll definitely going to edit my host file. This won’t affect any of steam’s normal functions?
I do have a question about the backpack that’s used for storage for stolen items. You mention there are stolen items in it, does that mean it’s set to public on steam? It’s kind of odd as you would expect it being set to private to prevent someone tracing the items. Or is there some trick to view private backpacks online?
Trade offers require public backpack
Quoted from konr
Good job dude. This should be extremely easy to patch for Valve. Makes me cringe looking at someone doing memory editing so much and still using C#.
[…]It should. I haven’t read it fully at all but if it’s using conventional cookie grabbing it should only affect stuff that is currently logged in.
I still don’t see why Steam couldn’t store different profiles.
Quoted from CapTVK
Thank you for your informative post. I’ve received several of these sorts of these “friend” invites on a weekly basis for a very long time so i’m om my guard.
I’ll definitely going to edit my host file. This won’t affect any of steam’s normal functions?
I do have a question about the backpack that’s used for storage for stolen items. You mention there are stolen items in it, does that mean it’s set to public on steam? It’s kind of odd as you would expect it being set to private to prevent someone tracing the items. Or is there some trick to view private backpacks online?
This won’t affect how your Steam works since API is intended for 3rd party developers, chances are you’ll never need to use it.
https://github.com/Kuba77/SteamWall
May conflict if you have many custom rules in the firewall
Quoted from CHERRY
[…]
I still don’t see why Steam couldn’t store different profiles.
If it did you wouldn’t have to relogin when switching, right? Could be true either way but if it just uses cookies then it’ll only be what is currently logged in.
Add A Reply Pages: « Previous 1 2 3 Next »
content rss