Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


New Variant of Ramnit Embezzles Data of Steam Users

Security researchers of security firm Trusteer have stumbled upon a new version of the infamous Ramnit malware which is being employed by scammers to embezzle sensitive credentials of users of Steam, a well-known video game distribution service.

According to security experts, Ramnit employs 'HTML' injection to attain its goals and it is capable of not only bypassing the password encryption of the site but also makes sure that the assault is not identified by the server it targets.

In the primary phase of the assault, Ramnit infuses an appeal for password when Steam users login with their credentials. This particular request permits the menace to bypass the encryption of clients and get hold of the 'password' in plain text.

The difficulty with this method is that the password is recorded in a fresh constituent tagged "pwd2." As the Steam server is not expectant of receiving this constituent at the time of submission of form, most likely an alarm will be elicited and the malevolent attempt will be detected.

To evade detection Ramnit makes sure that the server by no means witnesses the injection and it removes the injected element preceding to the form that is being send to the website.

"One might inquire: why do cyber crooks go through all the pains of inserting an element and then eliminating it when they (cybercriminals) can simply gather the data by using Ramnit's keylogging capability? The answer to this question is simple: by employing form grabbing, the scammer can effortlessly index the gathered details. When a keylogger is employed, there's no hint of which characters are the username, the password and which are irrelevant keystrokes," blogged Trusteer Fraud Prevention Manager Etay Maor, as published by trusteer.com on August 19, 2013.

Steam is a perfect target for malware attacks because it has 50-70% market share with 2,000 titles and over 54 million active users. This is not the first time that Steam has been attacked by cybercriminals as phishing attacks and malware (Stealing credentials) have been attacking Steam users for several years. Maor concludes that Ramnit uses much advanced techniques to collect data as well as to evade detection.

ยป SPAMfighter News - 8/27/2013

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page