Steam Trading Implements CAPTCHA to Curb Outbreak of Malware

-smash-

Content Director
Joined
Aug 27, 2004
Messages
1,823
Reaction score
340
For awhile now, many Steam users have fallen victim to a rash outbreak of malware. Simply put, the malware's function is to steal your inventory of targeted items by exploiting the Steam Trading system. All a victim has to do is execute a file, one disguised as a .scr, and blammo - goodbye CS:GO or Dota 2 items. Inside sources say that these phishers create "thousands of bots" a day to help seed the malware.

Steam Trading did not have much of an authentication safeguard in place, so it was pretty easy for phishers to steal items. Well, today, Valve has implemented a new safeguard.

trade_captcha.png

Trade offers now require that both users pass a CAPTCHA test before committing to a trade deal.

"We’re updating trading to include a captcha as part of confirmation process," John C. from Valve said today. "This is to prevent malware on users’ machines making trades on their behalf. We know it’s a bit of a hassle, and we don’t like making trading harder for users, but we do expect it to significantly help customers who are tricked into downloading and running malware from losing their items."

Is this a good idea? It should help to curb some of the cases of victims of this malware, easing the load on Valve's already strained Customer Support. But is this just making the trade experience more of a nuisance? Also, Google says that there are bots out there that can solve nearly 100% of all CAPTCHA tests. Google has developed their own system, called reCAPTCHA, which claims no bot can crack and is a more streamlined process for users. Should Valve implement reCAPTCHA instead?

Image: SteamDB's Twitter
 
Last edited:
Completely ruined tradebots, good job Valve.

These phisherbots are the absolute opposite of subtle. Anyone can see the difference between a phisherbot and a normal person. It should be common sense by now, it's happened multiple times for me, and a lot of my friends.

Also, give people some time, and they'll find a way around reCAPTCHA
 
Valve went ahead and implemented Google's reCAPTCHA.
 
Valve went ahead and implemented Google's reCAPTCHA.
Is it the "I am a human" checkbox? That does tend to be much more user friendly.

These forums will have that eventually. We recently implemented the new version into XenForo.
 
Captcha is now gone in the trade, and it's replaced with an E-maill confirmation system.

xhYcy4T.png


So that means MyBot can now be used again.
 
Back
Top