Installera Steam
logga in
|
språk
简体中文 (förenklad kinesiska)
繁體中文 (traditionell kinesiska)
日本語 (japanska)
한국어 (koreanska)
ไทย (thailändska)
Български (bulgariska)
Čeština (tjeckiska)
Dansk (danska)
Deutsch (tyska)
English (engelska)
Español - España (Spanska - Spanien)
Español - Latinoamérica (Spanska - Latinamerika)
Ελληνικά (grekiska)
Français (franska)
Italiano (italienska)
Bahasa Indonesia (indonesiska)
Magyar (ungerska)
Nederlands (nederländska)
Norsk (norska)
Polski (polska)
Português (Portugisiska – Portugal)
Português - Brasil (Portugisiska - Brasilien)
Română (rumänska)
Русский (ryska)
Suomi (finska)
Türkçe (turkiska)
Tiếng Việt (vietnamesiska)
Українська (Ukrainska)
Rapportera problem med översättningen
En global moderator har markerat ett inlägg som svar på ämnet ovan.
Diskussionsregler och -riktlinjer
Anmäl detta inlägg
I lolled as well.
You seem to have missed the fact that Valve is actively looking into things, as was communicated back to SidAlpha and as you could've read in the comments on the video.
I've updated my first post to hopefully make that point of view a bit more clear.
I would also take minagi's analysis on reddit with a rather coarse grain of salt.
Where's the actual analysis here? As in the decompilation? The procedures followed?
Where's the proof? Where are the facts?
Does minagi actually show that this bat-to-exe conversion tool creates a clean executable? i.e.
does not contain a coin-miner or dropper for it? No. Infact; the opposite is demonstrated. Other batch scripts pulled through the conversion tool produce the same warnings on VirusTotal.
That only leads credence to the theory that the converter itself is injecting some malware into the generated exe.
Even if the generated EXEs do not show the typical resource usage of a coin-miner, that does not prove anything. It may be lying dormant while software using it spreads, to only be activated later. It may also be that the EXEs only contains a dropper for a coin-miner instead of a full miner.
What business does a clean bat-to-exe tool have to create a GUID folder rooted on the system drive and spawn a second process to run there? Because that's what the EXEs are doing according to VirusTotal's sandbox. Well; next to the main process, which indeed is to unpack the .bat file into a temp folder and issue a shell call with CMD.exe to run it. (The long way around even; rather than directly shell-calling the .bat file...)
The mail that Valve were going to look into it, landed 06:30 PDT.
It is now approx. 11:15 PDT. Short of 5 hours later, which is not a whole lot when you have to decompile code and then make sense of it. That's without even factoring in the possibility of Valve's 'response team' not being immediately available.
How long did it take again for Abstractism to get nuked off the store-front for its item scamming, once it was reported? This incident will probably take atleast that long to be processed, and probably longer.
I will say this though: it would be poor form of Valve if they were to not block this game from being purchased or downloaded pending their further analysis...
What more proof outside of that many AV-vendors detecting something, do you want?
False-positives typically don't happen by the dozens at a time.
And then there's the fact that this bat-to-exe tool that was used, creates executable code that spawns a secondary process running in a freshly created GUID folder on the root of the system drive.
Its main and explainable behavior is unpacking the batch file to the temp folder and opening a shell to execute it. What business does it have with the other process operating out of the GUID folder?
The facts are that the game was detected as containing malware associated with coin mining by 30 odd different AV engines, including big names; and that the game is spawning a secondary process that is doing something in a GUID-named folder rooted on the system drive. The latter is shady behavior at best.
That alone should warrant further inspection by Valve; which THEY ARE DOING.
Sorry; I'm not going to start playing a game of am not / are too with you. As much as you seem to want to troll me into doing so.
And there we are. Valve must've been done with their investigation and deemed that it indeed contained fucntionality suspicious enough to remove the game.
Valve didn't pull Abstractism pending the investigation into the game either. As far as I can remember, that game stayed online until the plug was pulled on it when Valve was done investigating. (And yes; it was for reasons other than a coin miner being present.)
There's a secondary, separate issue associated with the fact that potentially malware-laden games make it onto the storefront. Namely, the fact that Valve seem to not be taking these games down pending further investigation -- or atleast putting some public notice on their store pages when a game is suspect and under investigation -- is bad.
My earlier post that indicates this problem was written using some uncertainty. That was intentional. Valve could infact have finished their investigation already and have done the typical Valve thing: not let anyone know the results.
But since the game has now been pulled (indeed: it no longer shows up in searches for "Alien Hunt") we can indeed conclude that they again left the game up on the store while investigating.
It's simple logic:
The game should have been (atleast temporarily) pulled, when the e-mail affirmation was sent back to SidAlpha at 6:30 PDT. It wasn't. The fact that it was pulled now, indicates Valve's investigation was still running with the game up, until they finished and pulled it.
So... There's no irony here.
Well...
Unless Valve hadn't actually started their investigation yet and the time the game was pulled marks the time it actually started. Which means a terrible response-time for this type of thing that I don't want to consider...
Abusers would love that.
It's Valve modus operandi to bow down to internet outrage.
Everybody's hating on Hatred - ban Hatred from the store.
Everybody's hating on Hatred bein ban - reinstate the game.
Everbody's calling htem greedy pigs for paid modding - just get rid of it altogether and never talk about it again.
Everybody's concerned about gambilng sites - send notice to those gambling sites (leave out opskins, though, because they are actuall fueling the market)
Everybody's outraged about anime boobs - send notice to all anime game developers.
Everybody's outraged about anime game developers getting notice - nope, was a mistake we're looking into it.
They are also known for using chainsaws (skip those hatchets) where scalpels are more in order.
Alos, it's only sensible that you take down a game that is allegedly spreading malware and PUPs. Just as it is the default reaction to take down content that has been reported for copyright infringement while the claim is being investigated or discussed between the invovled parties.
Valve has a PR presence that is beyond abyssmal and as long as theydon't give any reasoning to their actions, you don't know why anything has happened and you can spin it any way you want.
Remember the case of Paranautical Activities? When the developer claimed Valve systematically sabotaged his game and it culminated in the game getting removed from store? If Valve hadn't revealed it was because of the death threads that guy issued, he coul easily have it taken of proof Valve was after his livelyhood and tainted their reputation forever.
There should ofcourse be some up-front checks involved to prevent abuse.
You can't really pull a game based on baseless claims.
But when compelling evidence is given that cannot be forged -- e.g. abusers can't exactly get an executable to flag with 30+ positives on VirusTotal, unless said executable is actually spotty -- taking the product down immediately pending further inquiry and investigation is imho the right response.
And that's what Valve didn't do here.
Good point. Proper disclosure and reporting are important here.
Just having a simple page somewhere on Steam that lists timelines for active investigations into these type of stinks would go a long way, imho.
And I'll beat the nay-sayers to the punch by stating that it doesn't have to contain or reveal technical details of Valve's QA or investigation procedures. Just a simple timeline of what the issue entails (e.g. "potential malware infection"); when it arrived; was triaged; was sent off for further investigation; and when investigation into it was finished.