Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What is it with this sd.steam.info / zodiac-game.info thing recently ?


  • Please log in to reply
7 replies to this topic

#1 inkoalawetrust

inkoalawetrust

  • Members
  • 318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Internet
  • Local time:11:04 PM

Posted 24 August 2016 - 08:22 AM

Is this some new kind of malware that everybody is reporting here and how does it even spread ? (I wanna know more about it.)


Twitter

Discord:inkoalawetrust#9783

Website


BC AdBot (Login to Remove)

 


#2 Ahams

Ahams

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:04 PM

Posted 24 August 2016 - 08:29 AM

I started experiencing it today, dno how it happened though. You can read the rest on my post: http://www.bleepingcomputer.com/forums/t/624666/sdsteaminfo-virus-need-help-fast/



#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 24 August 2016 - 09:32 AM

I've noticed a lot of threads in the MRL section reporting that infection (over a dozen). It looks like a simple hijack, but I haven't seen what caused it yet. Maybe our Researchers here knows more.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 inkoalawetrust

inkoalawetrust
  • Topic Starter

  • Members
  • 318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Internet
  • Local time:11:04 PM

Posted 24 August 2016 - 09:39 AM

I've noticed a lot of threads in the MRL section reporting that infection (over a dozen). It looks like a simple hijack, but I haven't seen what caused it yet. Maybe our Researchers here knows more.

Thats what im saying everybody is reporting since like a few hours ago.


Twitter

Discord:inkoalawetrust#9783

Website


#5 Will5200

Will5200

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:04:04 PM

Posted 24 August 2016 - 12:27 PM

Looks like something like this was handled in this thread:

 

http://www.bleepingcomputer.com/forums/t/624241/sd-steaminfo-redirects-to-zodiac-gameinfo-popup-on-startup/



#6 Captain_Chicken

Captain_Chicken

  • BC Advisor
  • 1,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 24 August 2016 - 12:33 PM

My guess is it is disguising itself as some form of update to steam(a popular gaming platform).

Computer Collection:

Spoiler

Spoiler

Spoiler

Spoiler

#7 inkoalawetrust

inkoalawetrust
  • Topic Starter

  • Members
  • 318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Internet
  • Local time:11:04 PM

Posted 24 August 2016 - 04:07 PM

Yea it sounds like it.


Twitter

Discord:inkoalawetrust#9783

Website


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 24 August 2016 - 04:10 PM

Malwarebytes has apparently been updated to deal with it, though from the screenshot in the other thread, it only seems to delete the Run key that launches the website on restart, however there's also a task that adds it to the Registry (for persistence). Picked up 3 threads with that infection and asked them all to run Malwarebytes, I want to see if the task is still there or not.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users