So, apparently Steam has begun offering another service: malware distribution.
Ok, bad jokes aside, Steam is actually experiencing a pretty serious issue. Players are reporting that they have received messages from strangers on Steam that are packaged with a .SCR file. While this might look like a harmless Windows screensaver file, the contents are actually far more dubious.
A shortening service is used to disguise the link's actual address, which leaves the victim with very little information to go off of apart from the .SCR file type, which is actually fake. There are also reports that some players are receiving messages that simply say, "Look at my photo," with the link enclosed. This .SCR file will actually work as a link when clicked, taking you to a Google Drive page.
Bart Blaze, a researcher at Panda Security, has been working to understand the malware and how it works.
"Note that normally, the Google Drive Viewer application will be shown and this will allow you to download the .scr file. In this case, the string '&confirm=no_antivirus' is added to the link, which means the file will pop-up immediately asking what to do: Run or Save (and in some cases download automatically)."
After running the malware, your Steam acount will be hijacked and will begin distributing the link to other people. Luckily, Blaze reports that the malware doesn't appear to upload any personal information to a central server.
It's advised that users who have been infected with the malware first remove these processes from their Task Manager's active processes:
- temp.exe
- wrrrrrrrrrrrr.exe
- vv.exe
- random names such as 340943.exe
After disposing of the above processes, you'll want to run a quick virus scan to eliminate anything that might have worked its way deep into the recesses of your computer. The malware itself doesn't appear to be that damaging, but it's an annoyance and something that needs to be addressed.
