Got a strange messge from a friend's steam account

[ArcossG]

the message reads: Hi bro you need it? (and then a certein link which I won't post here)

once I clicked on the link it downloaded something(a PNG file that asked me to install it when I tried to open it) on my computer, then I checked and saw my friend also received a similar message

I proceeded to change my password, delete the file and reset steamguard

does anyone know what it means? should I be worried?

 

[Arrk]

It means your friend was hacked. If you didn't install the file you got, should be good. Run a virus scan as well, just to be on the safe side.

 

[Prime_Hunter_H01]

If a message seems suspicious, even from a friend, don't open it. Many viruses and attacks work by impersonation some one you might know. What you should have done and should do in the future is ask them about the strange message through another means of communication. Then don't open it, delete it right away, and never download the attachment or follow the link. I would suggest that you do a virus scan and as an added measure of safety, change your password through a different means like another computer or through your phone, just in case there is a keylogger.

I remember on this site there was news of malware infected steam screenshot links going around that would empty your steam inventory.

 

[Fappy]

My girlfriend got a weird friend request and message on Steam recently too. FYI don't open any .scr files if someone sends them to you over Steam. Apparently it's a common account hacking tactic. Thankfully she deleted the file immediately (before ever opening it) and changed her password.

 

[ArcossG]

Update: I installed Malware bytes and it didn't work' I initiated a system restore and re installed it and it worked

any further advice?

 

[Pseudonym]

It seems like you should be reasonably safe. If you virusscanned, changed your password and still have your account, I doubt much is going to happen anymore. One thing you could also do is talk about it to the owner of the steam account who sent you the message. Is he on steam often? Has he noticed that something happened yet? Does he knows what's going on? Might he want his account back?

 

[DoPo]

Wow, not even Steam is safe anymore?

When has it ever been safe? If somebody compromises your PC, like, for example, having you install malware on it, then every application on it is potentially compromised, like, for example, any software which can send messages to other users.

Staying safe, while using Steam, is hard but doable - don't install malware on your PC. It's a little known technique that only gained popularity about a couple of decades ago, not sure why nobody mentions it...aside from being reiterated over and over again all the time.

I'm actually going to reuse the exact same image I posted in the other thread [http://www.escapistmagazine.com/forums/read/9.865223-PSA-Steam-thieves-empty-accounts-with-screenshots] because, dammit, it's relevant again.

 

[sanquin]

Same here. These days I can pretty much instantly recognize any fake download from friends, or any email that tries to scam me. And if I'm not entirely sure if a file a friend sent me is legit, I always wait until I have confirmation before downloading it.

 

[Sillarra]

It seems like a problem happening in Steam right now.

Luckily you didn't install it; from what I understand the virus/whatever is designed to steal items on your inventory and transfer it to the hacker's account. Items from DOTA/CSGO/TF2 is commonly the target for this hack.

 

[Hairless Mammoth]

Woohoo! No one sent me anything. But, yes you aren't safe anywhere online, and if your friends send you something you didn't expect don't open it. Talk to them under a different messaging client, and even then research the latest hacking tactics going around.

PINGS can be installed?

Pretty much any file extension can be made executable or have an exploit attached to the file. So beware of anything.

 

[Lilikins]

I'm actually going to reuse the exact same image I posted in the other thread [http://www.escapistmagazine.com/forums/read/9.865223-PSA-Steam-thieves-empty-accounts-with-screenshots] because, dammit, it's relevant again.

That..is my new favorite picture. Nevertheless, got sent one aswell, the funny part about this all was that the friend who supposedly sent it to me was sitting right next to me. So I was just sorta 'why...are you typing me if your literally 2m away from me...?' Yep, that was the end of that one hehe, though I did notice then afterwards that the name was spelled differently. Henceforth an 'í' instead of an 'i' in his name.

Maybe make sure that the friends name whom your recieving something from is spelled 100% correctly then as an added precaution.

 

[Trude]

Might I ask who you hang out with where: "Hi bro you need it?" does not set off a Christmas light disco?

 

[small]

i got something similar last month from a friend and it immediately rand warning bells, apparently it cleans out your steam inventory, on a related note if they wanted the 3 copies of a dead island moba in my inventory they could of just asked, i cant get rid of them

 

[CrystalShadow]

PINGS can be installed?

Strictly speaking, no. But you can rename the file extension on just about any kind of file.

(just because something has the extension .jpg, or .png doesn't mean it is], a jpeg or PNG file. Could be anything at all.)

And besides, what's been going round on steam seems to be .scr files. Which actually aren't images at all, but 'windows screensaver files'.

And a screensaver is simply a very specialised program, so... It could do a lot of nasty stuff in theory...

The key point is, don't 'run' any code. Downloading stuff isn't as big a risk, but online some links will 'run' scripts automatically. (A link may be javascript, or any number of other bits of code, rather than an actual link - Office documents can also have scripts in them)

You can't run an image, but you can trick people into thinking an executable is an image if they aren't paying attention...

 

[Lil_Rimmy]

No, this is quite common. Basically what happens is that your friends on steam may get hacked or whatever, and they will then try and spread bullshit around steam using various tactics, like "oh i'll trade with you but this isn't my main, go to THIS LINK and I will give you good things" and a really fucking weird one I saw that was like "I wanna chat with you but I gotta go so go to this link to talk to me LINK" I didn't even know the guy, just friended him in game.

The other thing that happens is that someone will friend you JUST to send you the message. Thats happened to me, because I usually accepted friend requests while playing L4D or TF2 because I assume they are players in the game. But then 10 seconds later I get "OH Gisgs WANT FERSES GEURMES? LINK LINK LINK NOT A VIRUS I SWEAR"

Yeah. Tis bullshit.

 

[DoPo]

PINGS can be installed?

I assume you mean PNGs - no, they cannot. You could, however, have a file called my-awesome-image.png.exe - it's a really old trick, it works (or rather "works") because by default Windows is set to not show file extensions, thus what you actually see when you have that file on your machine is my-awesome-image.png (which is just a name, as far as the operating system is concerned) sans the .exe at the end. And since it's actually an executable, if you double-click that file it will be...well, executed, and doing anything it might want to do.

PINGS can be installed?

Pretty much any file extension can be made executable or have an exploit attached to the file. So beware of anything.

Strictly speaking, no. But you can rename the file extension on just about any kind of file.

(just because something has the extension .jpg, or .png doesn't mean it is], a jpeg or PNG file. Could be anything at all.)

While both of these are correct, I just want to clarify:

If you have a file called my_executable.exe and rename it to my_executable.png it won't just be executed when you double click it. Windows judges file content by extension, so if it sees .png, it will launch it through the picture viewer. That, in turn, would not display or do anything (well, most likely, anyway) as the actual file content is not an image, so it can't be displayed as an image.

Malicious code can be embedded into an image. It could basically run when the image is read. However, these shouldn't prompt you for installation.

 

[Riotguards]

as someone who has a few unique hats (that are expensive) i have received a few of these (although recently they've stopped) "hey this guy can't trade, *insert malware / fake website here*"

although they have evolved past that a little while ago in which one of them sent me a link which instantly installed some "screenshot" onto my computer, although it said screensaver it was obviously a virus but i was pretty amazed at how ingenious it was