There are a couple of programs in circulation at the moment designed to steal Steam account login credentials. People can have a lot of money invested in Steam purchases (if you purchase PC games online Steam is probably the best digital delivery service around), and it isn’t really the greatest thing in the world to have one stolen.
Steam is a popular thing to have in webcafes, and the company behind it actually support this in a very big way. These particular infection files would cause the most trouble on the networks of netcafes with minimal security in place, allowing chancers to install files with a USB stick, let the stealer grab account logins then come back later to collect the passwords.
This is what the first one looks like:
There’s a number of clues that the above is 100% fake – for starters, it’s based on the old style Steam login which may tip off a clued-up gamer. Secondly, the spelling is all over the place: “Please re-login with you’r correct login informations for being safe from hackers”.
Oh dear. “Copyrighted” doesn’t do them any favours, either.
I suppose the creator knew he wouldn’t get very far with the above, because there’s a second version and it’s a lot more impressive, sadly:
Looking absolutely identical to the real thing, only a clued-up webcafe Admin type guy would save the day at this point, either by having the network locked down or by running security software that detects the threat. Once the account details are entered, they appear in a .txt file wherever the logger happens to be running on the PC at the time:
Poor old Fakey Mc Fakename can wave goodbye to his account.
We detect both of these as Trojan-PSW.Win32.Steam.z – you can see the most recent count on VirusTotal here.