PSA - STEAM CHAT VIRUS ALERT

You may get a message from a friend that says "dude WTF" followed by a link to what seems to be a screenshot. DO NOT OPEN IT. It's actually a download for an .scr file which will take over your Steam account to do evil things to your inventory and propagate itself through your friends list.

I actually got sent this message from a friend, opened it and guess what?

I have linux...

Trololol.

Should I be worried about this on Realm TS? Because this is pretty much the average message there...

Better safe than sorry.

my computer does not recognise this ".exe" or ".scr" thing you speak of. :>

Linux buddies, go!

Linux buddies are not immune to virus, they are just a minority to worry about making some malware to them.
http://en.wikipedia.org/wiki/Shellshock_(software_bug) That was a very nasty bug, very exploitable.
It may be harder but not impossible.

Well yes, but in this particular instance we are immune, that is unless we ran it through wine possibly?

no?
the virus is still ineffective to the linux environment which it cannot even see. kinda like a one-way mirror.

and the "system" it's on is only a folder that you can delete at any time killing it and any other processes run therein subsequently.

that's actually a pretty specific year-old vulnerability.

you'd have to run the damn infected .sh (something like and .exe) yourself to make it take effect.

and unless it's masquerading as something else, why would you?

contrary to windows we donot have viruses that can run themselves.

and this particular vulnerability (not virus) requires :
for one : human response. (E.G. a linux server is an invalid target)
two : human error.

You are totally wrong, this bug is nasty because it's run when something (anything) uses bash, you don't even need to write the exploit to the disk, you just need to send it to some program that uses bash.

You don't need human response at all, as soon as any program uses bash process text you can be infected, and that happens too often. Way too scary than normal malware.
Recheck "Specific exploitation vectors" on Shellshock wikipedia.

I manage several linux machines, and I still agree with that quote:
"The only secure computer is one that's unplugged, locked in a safe, and buried 20 feet under the ground in a secret location... and I'm not even too sure about that one."
—Dennis Hughes, FBI

@mrkroket ah, my bad.

I actually ended up opening this, except I was on my Android phone. I still logged out of the app, deauthorized everything from my desktop, and changed my password and deleted the file. But I'm still not sure whether it's safe to use Steam on my phone again.

dude....

YOU'RE the one who warned us about it!! x'D


Your phone you say?

also linux unless you mishapedly have windows phone. you're safe it can't run it.

I opened before this thread was made. In fact it was the reason this thread was made.

ah didn't know. well like I said. Android = linux unless you sync your files to your windows your good. try to restore factory state before you plug it back in to your PC.

Shellshock bug indeed work on some rooted phones, both android and iPhones:
https://blog.fortinet.com/post/are-ios-and-android-vulnerable-to-the-shellshock-bug

As I said this was a serious bug, that affected tons of devices (any linux device with bash).
So you can't laugh of someone being worried about its smartphone. Smartphones are little computers on your pocket, and they have the same issues that any other computer.

Just had some random people friend me, I accepted and they told me to run this "cool screensaver"

I was like nope.

I don't have anti-virus, which imo is a waste of money if you know what you're doing, so I didn't execute it.

2stronk6 virus ᕙ( ͡° ͜ʖ ͡°)ᕗ

In this day and age, I'm just going to say: That's a very dumb decision. There are more than enough free ones. Go install Avira (http://www.free-av.com), I'm already using it for at least 10 years. I believe it still recieving the "best free Anti-virus" awards every year.

I don't run them either. Tbh, my computer doesn't run strong enough to afford an antivirus straining any 1/10th of the strength it does have. It barely runs things, an antivirus would make it barely unable to.

Besides, I fix viruses, I don't fall victim to them. Fixed hundreds. Not ever got any.