Steam Virus
JimBowen
Join Date: 2003-05-30 Member: 16873Members, Constellation
Join Date: 2003-05-30 Member: 16873Members, Constellation
<div class="IPBDescription">becareful what you download</div> <!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->There is a new virus disguised as the new "STEAM" software from Value Software, make sure you only DOWNLOAD and RUN PROGRAMS that you know come from TRUSTED SITES.<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Just heard that there is a immitation steam exe about which is infact a virus. Steam release has been canceled because of a DoS attack on the steam website. If anyone offers you a version they have "found" I would ignore it.
Just heard that there is a immitation steam exe about which is infact a virus. Steam release has been canceled because of a DoS attack on the steam website. If anyone offers you a version they have "found" I would ignore it.
Comments
lol!, installing steam is most proberbly worst that installing the virus <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'><!--endemo-->
I know its a virus, I want to look at it.
its valve software, not value <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'><!--endemo-->
its valve software, not value <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'><!--endemo--> <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
blame the typo on the people from quake net, I just copied and pasted their warning <!--emo&;)--><img src='http://www.unknownworlds.com/forums/html/emoticons/wink.gif' border='0' style='vertical-align:middle' alt='wink.gif'><!--endemo-->
#Naturalselection
#Counter-Strike
#DOD
...meh...
is it really THAT bad?
or are people just naturaly resistance towards change?
Some people, like me, dont like being FORCED to download anything.
I think its pretty funny they got DoS owned by some script kiddies.
Some people, like me, dont like being FORCED to download anything.
I think its pretty funny they got DoS owned by some script kiddies. <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
Some people are uninformed and don't know that you aren't FORCED to download anything. An added, and easily toggable, feature is the ability to get automatic updates. You can turn it off so you don't have to use it, and can get it the old fashion way, by having to stand in line at fileplanet.
MrMojo I think you would be surprised at the number of people who actually would.
Simple answer...Yes
hahahaha, you sir are teh funny <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html/emoticons/biggrin.gif' border='0' style='vertical-align:middle' alt='biggrin.gif'><!--endemo-->
I just don't like the feel of short, mandatory changeovers. Never a good sign, especially with a product being rushed out the door.
I just don't like the feel of short, mandatory changeovers. Never a good sign, especially with a product being rushed out the door. <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
Steam has been in beta for quite awhile now, FAR from being rushed out the door...
MrMojo I think you would be surprised at the number of people who actually would. <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
just like the ns2 "release" ;p
I just don't like the feel of short, mandatory changeovers. Never a good sign, especially with a product being rushed out the door. <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Steam has been in beta for quite awhile now, FAR from being rushed out the door... <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
Many Windows versions spend a long time in beta and still manage to feel as robust as an alpha years after release <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'><!--endemo-->
To put it bluntly, he found that Steam was logging each and every site he visited.
Now if steam logs the sites you visit, it could potentially log MP3's you play and the length of time you spend on your computer.
It's incredibly well disguised spyware, though I would like to see information from valve confirming/denying it, I dont feel that I can trust steam just yet.
As for the 'logs everything' thing, from what I've read it's basically just a sort of null space left by a windows command they used while storing stuff for the steam install. If you're using NTFS you'll just see a 0kb sized file but if you're using the older FAT32 system you kinda see this memory hole that shows parts of your old harddrive ^^;
kinda reminds me of programming for the playstation where if you specified a graphic that wasn't there you'd end up with a random piece of the screen for a picture <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html/emoticons/biggrin.gif' border='0' style='vertical-align:middle' alt='biggrin.gif'><!--endemo-->
<!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
I'm not freaking joking around here. Dead serious.
Let's start by getting two tools together
Get a copy of TextPad. It has an excellent file search feature that runs much faster than Windows Find utility.
Next get a copy of WinHEX or some other HEX editor. TextPad can read and display hex files, but with the sizes we're going to be working with, TextPad will practically die.
OK, run TextPad and hit Ctrl+F5. This brings up the "Find in Files" Dialog. Or you can just skip down below to the, "Are you back in your seat"? bit.
Now fill in or set the following options
Find What: ***
In Files: *.gcf
In Folder: (Wherever Steam is located, most likely C:\Program Files\Steam)
Conditions:
Check Text (Check as in check it with a check mark)
Uncheck Match whole words
Uncheck Match case
Uncheck Regular expression
Report detail: File counts only
check Search subfolder
Uncheck Binary files
Now hit that find button and prepare to be surprised.
You may need to wait for the results to come back. These files are huge.
.
.
.
.
.
Are you back in your seat? Got your jaw back in place?
Open that file in the Hex Editor and locate the same string ***
.
.
.
.
.
At this point all the blood just rushed out of my head. You might need a blood transplant.
Not only is *** in there, but there are thousands of addresses for everything that you've visited or downloaded. Try a search for some of those porn sites you've visited. Check for dynamic5.gamespy.com/~hlpd. I was freaking floored! Everything is in there, right down to the addresses of the porn pictures you guys download!
Naturally, this just begs the question of what the **** else is in those Steam files?!
Unfortunately, at 400+ MB for three of the four files I've found, I'm not really able to browse such large files on this older PC. Heck, the automated searches take up a ton of resources on such large files. I'm going to locate a file splitter utility to break the *.gcf files down into smaller, easier to digest, chunks so I can process and examine them a bit easier.
It is too late at night for me to pursue this much further. According to a post I've read, someone claims that Steam also locates and tracks your movie and mp3 files.
This is what I'm merely guessing at what this is all about.
Giving Valve the benefit of the doubt. My guess is that those links are part of the information trapped by Steam during regular network traffic. This would explain why there are addresses in there that I only visit with Opera and addresses that I visit with Internet Explorer. My guess is that this is a part of a function of VAC (though I can't really imagine how). Unfortunately, this raises the question of what else is trapped and logged. I'm hoping against hope that all that is logged are WWW addresses. I would be severely disappointed in Valve if we were to discover account names, passwords, and other, more incriminating, data. Is it possible that important, crucial, and private information is being logged?
Time and research will reveal the truth.
P.S. While typing this, I did a quick... well, not so quick automated search for, "mp3" in one of the larger files and I got back 159 positive matches in that file alone. We'll see if they're all to mp3.com or are really references to my own mp3 collection.
<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
As for steam's security being breached, if there DoS issues, DoS is very different from cracking their website and uploading a backdoor version of steam. DoS is just slowing the site down or trying to take a website off the internet, that's why it's called Denial of service.
Sure it's a bit freaky that there's such a large catalogue of what we've done and stuff and I'm sure there's lots of people getting nervous because their stuff isn't exactly legal (hmmm... Photoshop 7? how did you afford that?) but I can't really get myself worked up about a games developer doing it. If it was microsoft then I'd be pitching a fit, but valve? what are they gonna do apart from maybe sell a collection of their finding to marketing companies based on what we like to listen to and browse? <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif'><!--endemo-->
I'm not gonna say it's right but I'm not going to burst a bloodvessel over it either lol <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->