7 January 2015

Alert Priority Moderate

Researchers have observed malware using the chat functionality of internet based gaming and social networking platform Steam to send malicious messages to users.

The malware incorporates a simple message such as 'WTF?????' and a link to what appears to be an image hosted on another website. However, navigating to this link will download a screensaver that will infect your computer with malware when opened.

The malware will then propagate by using the victim’s Steam account to send messages to his or her friends. The attack relies on tricking people into running the screensaver infected with malware rather than exploiting any vulnerabilities in the Steam software.

While this current attack focuses on Steam, researchers have observed similar attack patterns on many other social networks.

Staying safe with online chat

If you receive links purporting to come from your friends on Steam or other social media services, check with your friends that they did so and the link is legitimate. Do not click on unsolicited links, regardless of the apparent source.

If you attempt to view an image on a website, and a file downloads instead, do not open the file. Instead, run an antivirus product to check its legitimacy. If you are unsure of the result from your antivirus product, delete the file rather than open it.

What to do if your Steam service is infected

If the malware infects your Steam service, it will use the chat function to send malicious links to your friends. If your friends alert you that your Steam chat is sending malicious links to them, you should run an antivirus product on your computer.

If the antivirus product does not find and remove the infection, you should seek further technical advice on cleaning your computer.

Once the malware is removed, we recommend that you change your passwords, particularly for high-value sites such as online banking and email.

More information

Stay Smart Online contains more information on securing your computer and updating your software. An up-to-date computer will reduce the risk of an infection, although may not stop all attacks.

This report is based on information from researcher Graham Cluley.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.


Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.


This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.

This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.

Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.

Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.


Facebook: www.facebook.com/staysmartonline
Email: staysmartonline [at] communications.gov.au
Web: www.staysmartonline.gov.au
You are receiving this message at the address [Email].
Update your profile preferences
If you no longer wish to receive this information, you can unsubscribe.

© 2013 Australian Government. All rights reserved

Connect with Stay Smart Online