Users of gaming platform Steam have the ability to upload images from games, post messages, and more besides, into their social network stream. They also have the option to upload game-related artwork. Spammers occasionally make use of this feature to sling some spam at the gaming masses.
We’ve spotted one such example in the wild, in the form of a profile claiming to be IMDB offering up free movies. Below you can see they’ve uploaded six decidedly non-game related images, all of which claim a movie is but a click away.
There’s also some spam text accompanying the various pictures in an attempt to gain some search engine juice and also to provide a link for would-be movie watchers to click on.
Some of the links are in the flavor text, a few are only viewable if you enlarge the image, and more still are posted as standalone comments underneath the original picture.
As for where they go, it’s worth noting that Steam’s link filter will warn people that they’re about to move away from Steam (generally, this is there to try and help deter phishing but also serves as fair warning for any other scam you can think of).
Should they continue on with their journey, they’ll end up in a variety of locations.
We looked at three links, which were:
Of the three links, all of them initially land on a “Watch this movie” page with what appears to be a movie player embedded and various pieces of movie-related text scattered about the place.
After that, though:
1. One of our links took us to a survey page, which asks the visitor to fill in personal info on offers in return for “something”. It’s fair to say we’d be very cautious about doing this, as more often than not you never receive the desired prize(s) after handing over a bunch of PII.
2. Another link took us to a movie site which says “sign up for free”, but also wants you to pay a monthly billing fee to continue membership (we looked at the Terms & Conditions, but we couldn’t pin down an exact number).
3. Possibly the worst of the bunch, this one suggests Finding Dory is available to watch.
Clicking the box, however, takes visitors to an Ad rotator URL which drops us off at a variety of non-child friendly links. Various adult webcams, surveys, and related sites all lie in wait.
So, you know, whoops.
Accounts such as the one pushing the above links tend to get deleted or cleaned up (if it’s been hijacked) fairly quickly. Don’t make life easier for the spammers – ignore all of their attempts to give you a night at the movies and report them to Steam. With any luck, they’ll be ejected from the cinema before the trailers are over.
The post Steam spammers have a night at the movies appeared first on Malwarebytes Labs.
Powered by WPeMatico