Results 1 to 3 of 3

Thread: The gifting led to security holes - Stolen Crystal Maiden arcana

  1. #1
    Basic Member tiritto's Avatar
    Join Date
    Jun 2014
    Location
    Poland
    Posts
    17

    The gifting led to security holes - Stolen Crystal Maiden arcana

    Some facts about the item...

    • The arcana was bought using the in-game store.
    • The last time someone saw the arcana for sure was March 1.
    • The disappearance of the arcana has been spotted March 2 in the evening.


    • The last transaction on the market took place on February 13. Buying Phantom Assassin arcana on the market.
    • The last transaction in the game took place on February 24. Buying points for the New Bloom Event.
    • The last transaction in the store was held on February 3. Buying some games.
    • There are no entries about any kind of transactions after February 24.
    • Player's inventory transaction history latest entry is dated for February 27. None of those transaction concern arcana.


    I opened an link and ran an infected application.

    • This application is impersonating a screensaver for Windows.
    • Potential victim is convinced that he opens an ordinary image.
    • The virus affects the operation of steam by sending links to friends with the infected file.
    • After some time, the virus adds to the friend list fake account that will be used to steal.
    • In the case of my diagnosis the account steam id was 76561198175588446.
    • There is a lot of link in the comments of the thief account. I suppose that they are necessary for the proper operation of the virus.
    • There is a lot of gifted items in the thief account inventory. That was my first clue as to how did he steal the items. Signatures of the gifts were not removed.
    • I managed to contact with the person whose nickname was written as a gift giver - Popeye. I learned from him that he was the victim of theft as well and that he tried to contact with Steam Support but received no response for more than 3 days at the moment. His items have disappeared without leaving any trace in the history of the transactions. Just like in my case.
    • I tried to contact with other listed people as well but they didn't respond for my friend invitation yet. I left an comments everywhere I was able to with the warning about the possibility of theft.
    • There are few links on the thief account leading to the steam trade with person called "AVANGARD" who created his account at the beginning of this year. I decided to take a closer look at him.
    • I managed to contact with a few people from the AVANGARD friends list. Some Russian, Korean and Ukrainian guys.
    • During the conversation, I learned from the Russian guy that Avangard tried to extort from him the password to his steam account on the same day under the pretext of winning a DotA 2 contest. He thanked me for the warning and removed him from his friends. I moved on.
    • During the conversation, I learned from the Korean guy that Avangard just added him to the friends one day before, but he didn't said anything since then. I warned him and continued my investigation.
    • During the conversation, I learned from the Ukrainian guy that Avangard just talked with him about some DotA 2 items in exchange for steam founds. Just like before I warned him and move on.
    • At this point it was obvious for me that Avangard is some kind of semi-main accout of the thief and arvinessianiti was just an items gateway or something like that.


    The question remains: What should I do now?

  2. #2
    Basic Member
    Join Date
    Nov 2011
    Location
    Serbia
    Posts
    523
    Tell it to steam autoresponder.
    Quote Originally Posted by Crowfeather View Post
    The average mmr in the 3.4k is lower than the average mmr in the 3.5k .
    Quote Originally Posted by Legdotus View Post
    in the middle of my game, I go to the menu, and watch a friend's game. That makes no sense to me.
    Quote Originally Posted by twl04046 View Post
    Sometimes the zeus ulti suddenly activated and it really scared me...

  3. #3
    Basic Member AngryHan's Avatar
    Join Date
    Dec 2011
    Posts
    162
    Quote Originally Posted by Kidades View Post
    Tell it to steam autoresponder.
    submit a steam support ticket and stop clicking on stupid links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •