Do Not Click RSS Feed

Attention! We may have a new phishing scam!

[FoRcE]army_guy3 — Sat, 17 Jul 2021 20:09:00 +0000

This is not yet verified and I'm waiting for a response from steam moderation.

I recieved a message that appears to be a steam phishing website.

The account asked me to go to this website and vote for them in a tournament.

I checked the website in a virtualized enviroment and it has what appears to be a fake steam login window. The window tries to look like another window in your browser but the difference is it cannot go outside the bounds of the website.

You can drag it around the website but not OUTSIDE the website.

The website asks for your username and password.

At this time I recommend you DO NOT enter any information and do not click any links.

If you have entered information then contact steam support asap to report your account may be compromised.

This may turn out to be nothing but for now I'll treat it as phishing.

(UPDATE) Valve is saying they have no confirmed cases of RCE

[FoRcE]army_guy3 — Wed, 22 Apr 2020 23:09:08 +0000

Valve says they are investigating and believe the source code leak to be the leaked source from 2018.

RCE and API claims MAY have been fabricated by forum users.

Valve are still investigating but are giving the ok to play source games.

Attention! New Remote Execution Exploit has been found for source games!

[FoRcE]army_guy3 — Wed, 22 Apr 2020 21:51:58 +0000

(SEE UPDATE ANNOUNCEMENT REGARDING THIS ISSUE)

It is recommended not to play source games until valve gives the ok on if it's been patched!

This exploit allows hackers to execute code on your computer through the game itself. This can result in any form of malware being injected into your system.

It is currently unknown what source games are affected. We do have confirmed reports that TF2 and CS:go are vulnerable to the exploit.

Play at your own risk to your computer and your accounts!

Attention peeps! New scam is up on steam!

[FoRcE]army_guy3 — Fri, 20 Mar 2020 00:00:16 +0000

This scam tells you:
1 free csgo skin for new users! Go to <malware link> and take the skin you want.

Inform your friends not to fall for this scam! It hijacks, steals your account, steals your inventory items, and other malicious activity.

If you or your friend has been hijacked you should follow these instructions ASAP to avoid losing your inventory items or getting VAC banned by hijackers.

https://psteamhelp.yuanyoumao.com/en/wizard/HelpWithAccountStolen

You can also go to the infected friends profile, click the report icon, and choose reason:

----
"They are involved in theft, scamming, fraud, or other malicious activity"

"Their account seems to have been compromised"

"Submit this account for review"

Include details telling why you think your friend has been hacked and submit.
----

I haven't been able to get ahold of the malware steam hijacker so I don't know what it includes. I do know it locks you out of your account, steals your account items, and sends malware url to friends through direct message to attempt to infect them as well.

Inform your friends and stay vigilant peeps.

Attention peeps! We got a new scam malware that offers a free skin tutorial!

[FoRcE]army_guy3 — Sun, 20 Jan 2019 12:26:43 +0000

This new scam not only steals money but also installs malware to your computer and sends messages to all your friends as a chain mail. Beware of any links offering free skins INCLUDING friends you trust!

Invite all of your friends to this group!

Smoocher — Sun, 18 Jan 2015 20:13:45 +0000

You might help someone avoid getting haxored!

Knowing your URLs

[FoRcE]army_guy3 — Sun, 18 Jan 2015 01:24:11 +0000

I already covered some of URLs in my guide to XSS but I decided to go more indepth on this one.

Note: I'm going to copy some of the other guide to this one just to save some time but I will go over them in more detail.

What is a URL?

URL is short for Uniform Resource Locator. When you type a website such as " h ttp://my_awesome_site_domain:80/images?name=someguy&icecream=delicious#killstreak" you are typing a protocol then a domain name followed by the port, resource path, URL parameters, and a fragment identifier. This whole thing put together is a URL:

protocol: http://

This tells us what kind of protocol we are going to use to connect to the server. This space can also indicate how to use the following information. Protocol may not be the best name for this as sometimes it uses things other than a protocol but... I like the name and I'm sticking with it.

domain name: my_awesome_site_domain

I put domain name here however a better name would have been "address" as a domain name isn't the only thing that can go in this area. Another example of something that can go here is an IP Address. The most commonly used IP address is a IPv4 (4 bytes (8 bits per byte) meaning 32 bits in total). A byte can have 256 unique possible values so each number in the ip address can range from 0 to 255. (255.255.255.255) is the largest possible IPv4 address. IPv4 will always have 4 numbers and 3 periods seperating the numbers. Keep in mind that the address ends when you reach a ":" or a "/" character. A less commonly known fact is that ip addresses can be written in hexidecimal format. IE: 0xC0.0xA8.0x1.0x1 would be equal to (192.168.1.1) which is in most cases the default gateway.

port: :80

The port is a 2 byte (16 bit) number that indicates where to send the information when it arrives on the network. The default port for http is 80. The port is actually used everytime you go to a webpage whether you set it yourself or not. If you go to pretty much any site and append a :80 after the address (before the "/" character) you can see that it takes you to the main webpage as it would have normally.

resource path: /images

The resource path is information sent to the server to tell us what we want from it. In a simple case "/images" would take us to a directory (folder) when used. In more advanced cases it can lead us where ever the server operator wants us to go. More about this later.

URL Parameter: ?name=someguy&icecream=delicious

We already went over URL parameters so we will skip it.

Fragment Identifier: #killstreak

This is a bit complicated to explain all of its functions and you don't really need to know most of it so we'll gloss over it. Basically the most common purpose of the fragment identifier is to point to an element's id in an html format. Keep in mind that things like ".asp" and ".php" also use html format. The difference is that asp and php runs code on the server side before sending a modified html page where as a html page is sent as is. Keep in mind that custom server code can make even a html document dynamic with the right code so don't take this as a guarantee that this is how things will work but for the most part this is how things work. Whoops.. went off track.. Ahem... Anyways by assigning an element a unique id we can tell the page to automatically scroll to the point where that element starts. The fragment identifier is not sent to the server and is just used as a guide for the client.

So we already went over most of this in XSS.. Why are we bring it up again?

In XSS we went over the basics of URLs but in this guide I will also be going over how the server processes the URL and why you shouldn't assume you're safe because the extension leads to an image file or video (or anything else for that matter).

Lets take this link for example:

h ttp://MY_TOTALLY_LEGIT_WEBSITE_DOMAIN_GOES_HERE/images/screenshot.png

Using a normal http server this would tell the server to look for resource "/images/screenshot.png" and send it to the client or take us to a 404 errorcode page if the resource was not found.

However.. Using a more advanced http server we can do more with what happens when we send the data back.

For instance:

Lets say if the resource is not found on the server we redirect to a page saying that it wasn't found on the server. If we change the "not found" page that it redirects to we have changed what data is sent to the client. Using this method hackers are easily able to make fake URLs that redirect to other websites or resources to download.

Now Lets say we force the webpage to always send the same redirect no matter what resource is sent to the server by us. Using this as an example we have redirected the client even if a valid resource was found.

Using either of these techniques we can turn a harmless image file:

h ttp://MY_TOTALLY_LEGIT_WEBSITE_DOMAIN_GOES_HERE/images/screenshot.png

Into a redirect that downloads an SCR file with malicious code.

-----------------------------------------------------------------

In this guide I have gone more in depth with URLs and how server resources are processed server side. You should never trust a website (or any URL) to send you to the resource file equal to the one you are sending to it and I hope this has helped you understand the reasons behind it. ALWAYS check the URL and the file extension before you download or use anything on the site.

If you find any mistakes please let me know.

(UPDATE) Fixed a sentence that didn't make sense.

Have you read it?

[FoRcE]army_guy3 — Thu, 15 Jan 2015 22:04:27 +0000

Joining the group is all well and good but if you don't actually read the information given then being in this group won't help you much.

That being said I'm curious how many of you actually read PART 1 through PART 4.

If you have then click the little "Rate up" button under this post and if you haven't then click the down vote button.

Thank you.

File Extensions - Things you should know - PART 2

[FoRcE]army_guy3 — Mon, 12 Jan 2015 19:50:14 +0000

Continuing our list:

-------
.jpg
.jpeg
.jif
.jfi
.jfif
.jpe
-------
Displays images in a compressed image format. (I had no idea what it stood for so I looked it up) Short for Joint Photographic Experts Group. Normally a legit file however hackers were able to construct a malicious header into the file that would execute in the kernel when the file was opened in an image viewer. I'm unaware if microsoft has patched this exploit however I'm guessing they did. (maybe?)

--------------------------------------------------

This was just a short list on what some file extensions are and what they do. This is not a complete list.. however I'd be here for months if I were to do that.

Before I end this guide I would like to go over one more thing. Hidden extensions.

By default on your computer most extensions are hidden from view meaning that "Apple.jpg" would show as "Apple" and "Apple.jpg.exe" would show as "Apple.jpg". The second example "Apple.jpg" appears as a harmless jpg file however the hidden exe extension means it will execute machine code when executed.

So how do we avoid this?

(These instructions are for Win7 64b OS so instructions may be slightly different for other windows OS)

1. Go to (Start)

2. Click "Computer" (Or "My Computer" depending on OS)

3. While on the new window that popped up press your alt key (Next to spacebar) once.

Warning: Do not change any other settings in this next window. Not my fault if you break something.

4. Go to "Tools" and "Folder Options"

5. Click "View" at the top.

6. Under "Advanced settings" Uncheck "Hide extensions for known file types".

Note: DO NOT uncheck the "Hide protected operating system files" check box by accident.

7. Click "Apply" and "OK" to save the settings or click "Cancel" to cancel any changes you made.

After completing these instructions you should now always (Except for acouple file types under certain conditions) see the extension at the end of the filename. If you are still unsure you can right click the file and go to properties. At the top in the first tab you should see the type of file and the program used to open it with.

---------------------------------------------------

In this guide we talked about file extensions and how to handle them. There is lots of information that could have been added to this but I left them out to avoid confusing people... and because I'm tired of typing....... and because I'm hungry...... However with the information I have provided here you should be much more able to intelligently handle files by extension types.

(If you spot any mistakes be sure to let me know)

File Extensions - Things you should know - PART 1

[FoRcE]army_guy3 — Mon, 12 Jan 2015 19:46:22 +0000

Alot of malware now adays is actually recieved from the user actually downloading the malware file and executing it. The main reason for this is they don't understand what the file extensions mean and the risks for running the files. In this post I will go over what file extensions are, how they work, and how a file should be treated based off of what the file extension is.

So first things first.

What is a file extension?

A file extension is a suffix on the file name that tells the computer what program is required to run this specific file. This suffix will always be seperated by a "." character from what I've seen. Keep in mind that a period CANNOT be apart of the file extension itself. If more than one period character appear in the filename only the period farthest to the right will be used.

Some examples before we go on:

1. MyApple.jpg

For 1 we can see there is only one period so we take the period and everything to the right of the period as our extension. In this case our name would be "MyApple" and the extension would be ".jpg" .

2. MyApple.jpg.exe

For 2 we can see ".jpg" again however.. In this example it is not the last period in the name so it is ignored so in this case our name would be "MyApple.jpg" and our extension would be ".exe".

This is very important to remember so keep it in mind.

------------------------------------------------------

How does a file extension work?

I won't be going indepth with this but I'll go over the basics. Lets say we have a file called "snikagotpwned.txt".

When you install windows or install software that has a new extension you will be adding new extensions to your system registry. The registry is a place that mostly stores important information required for your system to run correctly so don't change anything inside without knowing what you're doing first. We won't be going over the registry here but it is still an important bit of information to know.

Upon opening the file "snikagotpwned.txt" our system would search our registry values for the ".txt" extension and what is used to open it.

This file would be opened in notepad on a windows operating system (default setting). Notepad does not use a file format and just displays all file bytes from the file to the notepad program. Using notepad you can open pretty much every file on your computer for viewing however I don't recommend doing so as that is not its purpose and it may cause notepad or your computer to stop responding depending on your build and the size of the file you are trying to open.

Notepad is one of the few programs that does not actually use a format however since most do use formats we will look alittle into why we need formats.

Lets say we have a file with the following contents:

WAITEMILYGOHOME

Now obviously we know what the file says so we don't need a format right? If we were to split the words it would look something like this:
WA
ITEM
ILY
GOH
OME

Oh? You got something different?

Ok lets look at another example:

69527741

Lets split these numbers into pieces giving us our numbers. Obviously the numbers would be:

695 27 7 41

Confused yet? So is your computer.

Without anything telling it how the data is collected and what type they are your computer is just as confused as you are right now and that is why we need a file format.

Now lets look at the first example again with a file format. In actual files this would be done differently because files are written in bytes but for the sake of this example it will get my point across.

Ok so our example was:
WAITEMILYGOHOME

Lets set this up with a format. First how many different parts did we get when we split it previously?

5 parts. So we will set the first position in the file to indicate how many parts we will be reading. Currently we will look like this. (Keep in mind that I am using <> to indicate a number. It will only take up one position in the file):

<5>WAITEMILYGOHOME

Ok so now we know that we have 5 parts to split... However we still do not know in what way we need to split the parts. For that we need the next part of our file format. This will return the amount of characters in this part. It will look something like this:

<5> <2>WA <4>ITEM <3>ILY <3>GOH <3>OME

I put some spaces to make it easier to understand. "WA" is two characters so we put a 2 before it to indicate the next 2 characters are for our first part. Now we get the next number for the next part. 4 is our number so we will read 4 characters. Using this file format we can understand that:
<5><2>WA<4>ITEM<3>ILY<3>GOH<3>OME

splits into:

WA
ITEM
ILY
GOH
OME

This is the best way I can explain it for now without going into bits, binary, and bytes so we'll leave it at this.

Ok so now we know what a file extension is, how a file extension works, what a file format is, and why/how a file format works. Next we will go over..

How files should be treated based on their file extensions.
---------
.exe
---------
The most common file extension used for malware is ".exe". "exe" is short for executeable and indicates we want to execute machine code on the system. We won't be going into any of that here.

---------
.com
---------
Executes machine code. Pretty much same thing as ".exe" with slight differences. Hackers used this extension to confuse users into thinking they were webpages.

---------
.scr
---------
Executes machine code. Pretty much same thing as ".exe" with slight differences. The main purpose of this file extension was to indicate a screen saver however it is just as effective at executing machine code as exe and com.

--------
.vbs
--------
Executes source script code. Short for Visual Basic Script. If you are downloading a file with this extension there is a high probability it is malware but not always.

--------
.vbe
--------
Executes encoded script code. Short for Visual Basic Encoded Script. If you are downloading a file with this extension there is a high probability it is malware but not always.

-------
.wsf
-------
Executes source script code. Short for Windows Script File. If you are downloading a file with this extension there is a high probability it is malware but not always.

-------
.bat
.btm
.cmd
-------
Executes source script code. Short for Batch. If you are downloading a file with one of these file extensions there is a high probability it is malware but not always.

-------
.swf
-------
Executes a flash file. Short for Shockwave Flash. Most of the time this kind of file is executed inside of the browser itself instead of being downloaded by your consent but their are occurrences where it is. This is one of the most common file types you see when visiting a webpage now adays. Hackers use swf to attempt URL Hijacking exploits to change your webpage to either a malicious URL or a phishing URL so always be aware of what website you are on. XSS is also not uncommon using swf.

-------
.pdf
-------
Displays documents that may include different fonts, pictures, and other things used for making your document look pretty. Short for Portable Document Format. Using a buffer overflow exploit the hackers were able to turn this file type into an instant low access for your system. Adobe claims they have patched this vulnerablity however I still recommend that you disable the browser addon that starts pdf automatically when it is viewed.

-------
.rtf
-------
Displays documents. Short for Rich Text Format. Using a buffer overflow exploit the hackers were able to execute malicious win32 machine code when this file was opened into microsoft word. Microsoft claims to have patched this vulnerability years ago however I still don't recommend downloading a file with this format unless if you know what it is.

(Continued in part 2)