Go Back   Steam Users' Forums > Steam Discussions > VAC Discussion

Reply
 
Thread Tools Display Modes
Old 04-30-2012, 05:27 PM   #1
DocHouse
 
 
 
Join Date: Mar 2012
Reputation: 1102
Posts: 1,452
Virus = VAC?

To start I'm not VAC banned. But from time to time I wonder what would happen if a virus infects the dlls/exes of games or even Steam.

AFAIK a modified binary triggers a VAC ban, no matter what the modification was. So, technically a virus could get you VAC banned. And yeah, I know, care and an Anti-virus should keep you safe. I consider myself to be careful, with no infections in the last 5 years, but nobody and no system is perfect, so tomorrow could be the day.

And not even talking about general viruses, what if someone develops a virus that specifically installs cheats(actual cheats) in Steam with the purpose of making people get VAC-banned?

Yeah, I know, it's our responsibility, but I think this has a limit. Nobody's perfect, and many people shares PC or at least lets other people touch it from time to time. So it all can happen in miliseeconds. You let your brother/sister/cousin touch your pc, he downloads a "superb gamezz" or the new "justin biber official aplication!111!11" and BAMMM!, VAC banned.

And in that case, you're left for dead. Valve won't help you at all.

Also, as a side note, I think it's a matter of time that someone develops a virus designed to get people VAC-banned

And to be more clear, I've not let anybody my PC in quite some time without my supervision, and I take precautions (sandboxie + anitivirus), so this is not a "I hope ht believe me wen I get caught", it's just a wonder. Because it could happen any day to anybody, including me.

Last edited by DocHouse: 04-30-2012 at 05:32 PM.
DocHouse is offline  
Reply With Quote
Old 04-30-2012, 05:47 PM   #2
Nekomancer
 
 
 
Join Date: Mar 2008
Reputation: 2921
Posts: 16,161
VAC is able to distinguish between an infected file and a modified file. That has been stated in an interview which was posted in this forums a year ago or so.

Although there has been a case where a virus triggered VAC. That was fixed and the ban reversed. Affected only a very small fraction of users since that particular virus was already detected by anti virus programs for half a year. Only someone neglecting basic PC security would get infected by that one.
Nekomancer is offline   Reply With Quote
Old 04-30-2012, 06:28 PM   #3
Satoru
 
 
 
Join Date: Jul 2008
Reputation: 4861
Posts: 10,759
Note that the days of 'viruses for fun' are over. Period.

Viruses are a for-profit enterprise now. They are designed to be silent and need to make money. Whether that be stealing cc information, banking information etc. Money is the key. VAC banning accounts doesn't make money for anyone. Thus any virus designed for such a purpose would be unlikely to exist.

Again a self-propgating worm or any other thing is hardly even necessary. Just ASK people for their login information and you can get a lot of people to do it, if you couch it in the right terms like FREE CS:GO or FREE STEAM GAMES. One hardly needs to go to the trouble of a virus.
Satoru is offline   Reply With Quote
Old 04-30-2012, 07:05 PM   #4
PhamousVegas
 
Join Date: Aug 2010
Reputation: 262
Posts: 3,173
Quote:
Originally Posted by Satoru View Post
Note that the days of 'viruses for fun' are over. Period.

Viruses are a for-profit enterprise now. They are designed to be silent and need to make money. Whether that be stealing cc information, banking information etc. Money is the key. VAC banning accounts doesn't make money for anyone. Thus any virus designed for such a purpose would be unlikely to exist.

Again a self-propgating worm or any other thing is hardly even necessary. Just ASK people for their login information and you can get a lot of people to do it, if you couch it in the right terms like FREE CS:GO or FREE STEAM GAMES. One hardly needs to go to the trouble of a virus.
It could make money for CD Key Sellers ;-)
PhamousVegas is offline   Reply With Quote
Old 04-30-2012, 07:26 PM   #5
Satoru
 
 
 
Join Date: Jul 2008
Reputation: 4861
Posts: 10,759
Quote:
Originally Posted by PhamousVegas View Post
It could make money for CD Key Sellers ;-)
But again this is about as valid as people who say 'VAC is for making money'. How do you ensure that every banned user comes to YOU for sales? Maybe you're just boosting teh sales of another cd-key reseller? There's hardly a way to tell how successful such an scheme would be.

The only way woudl be to have a massive DNS redirect via hosts files or a hijacked DNS server that re-routes all users to YOUR cd-key store. Note that cd-key resellers occupy a grey area of import/export law legality, which makes going after them not really worth it. A VAC virus would be 100% ILLEGAL in pretty much every country and thus you'd expect swift legal action to be taken. This means that the only way to make the virus worth while is to make it so obvious you're the problem and make it so illegal that you'd be in jail with Kim Dotcom faster than you can ban people.

Last edited by Satoru: 04-30-2012 at 07:29 PM.
Satoru is offline   Reply With Quote
Old 04-30-2012, 08:03 PM   #6
PhamousVegas
 
Join Date: Aug 2010
Reputation: 262
Posts: 3,173
Quote:
Originally Posted by Satoru View Post
But again this is about as valid as people who say 'VAC is for making money'. How do you ensure that every banned user comes to YOU for sales? Maybe you're just boosting teh sales of another cd-key reseller? There's hardly a way to tell how successful such an scheme would be.

The only way woudl be to have a massive DNS redirect via hosts files or a hijacked DNS server that re-routes all users to YOUR cd-key store. Note that cd-key resellers occupy a grey area of import/export law legality, which makes going after them not really worth it. A VAC virus would be 100% ILLEGAL in pretty much every country and thus you'd expect swift legal action to be taken. This means that the only way to make the virus worth while is to make it so obvious you're the problem and make it so illegal that you'd be in jail with Kim Dotcom faster than you can ban people.
Well I said COULD, I didn't say would. Some people are desperate though.
PhamousVegas is offline   Reply With Quote
Old 05-14-2012, 07:50 PM   #7
vektorx4
 
Join Date: Jul 2010
Reputation: 0
Posts: 10
I was (and still am) paranoid about this possibility, so much so that I wote a little batch script to delete all hl2.exe and bin folders inside the different game directories (but it only works for games that run off GCFs, so it -unfortunately- can't be applied on others such as L4D1/2, Portal 2, CoD:MW, etc.). Of course, this still doesn't eliminate the possibility of a virus modifying steam.exe...

Edit:
Deeeerp, didn't notice how long ago the last post was made, sorry for the bump.
Anyway, if anyone wants the batch script, I'll post it here.

Last edited by vektorx4: 05-14-2012 at 09:16 PM.
vektorx4 is offline   Reply With Quote
Old 05-15-2012, 12:01 AM   #8
kakkerlak
 
Banned
Join Date: Feb 2004
Reputation: 2165
Posts: 24,008
a bit too paranoia :P

how about not installing malware it is not that hard , I never done it.
kakkerlak is offline   Reply With Quote
Old 05-15-2012, 07:38 AM   #9
bejayel
 
 
 
Join Date: Jul 2010
Reputation: 589
Posts: 3,793
There was a trojan that caused a vac ban not too long ago actually. The bans were discovered and reversed.
bejayel is offline   Reply With Quote
Old 05-15-2012, 07:42 AM   #10
kakkerlak
 
Banned
Join Date: Feb 2004
Reputation: 2165
Posts: 24,008
some variation on the spyeye trojan if I remember correct.
kakkerlak is offline   Reply With Quote
Old 05-16-2012, 08:12 AM   #11
bha2597
 
 
 
Join Date: Aug 2011
Reputation: 2
Posts: 330
Vac is smart enought to see if you injected a hack or is a virus
bha2597 is offline   Reply With Quote
Old 05-16-2012, 12:48 PM   #12
DocHouse
 
 
 
Join Date: Mar 2012
Reputation: 1102
Posts: 1,452
I think some of you didn't understand what I said.

I'm not saying a random virus will trigger a VAC ban. Valve obviously can see file's signatures to check if it was a random virus with no adventage.

What I'm talking about is a hypothetical virus which just installed actual cheats (you can find thousands on the internet). I mean, taking files of recognized actual cheats and pack them with a virus, or pack them along other non-virus software so people download and inadvertently install actual cheats. Then it would be just your word against Valve's, and we all know who would win.
DocHouse is offline   Reply With Quote
Old 05-16-2012, 01:27 PM   #13
Tito Shivan
 
 
 
Join Date: Oct 2010
Reputation: 3390
Posts: 9,036
Quote:
Originally Posted by Satoru View Post
Viruses are a for-profit enterprise now. They are designed to be silent and need to make money. Whether that be stealing cc information, banking information etc. Money is the key. VAC banning accounts doesn't make money for anyone. Thus any virus designed for such a purpose would be unlikely to exist.
I really miss the time when viruses were made to be seen...It made my life easier.
Nowadays you are lucky if you get infected by some sort of evident hijackware (Pay us or i'll send your dirty browse history to all your email contacts) Because more likely you'll become part of some zombie network used for god knows what without even noticing.

Quote:
Originally Posted by DocHouse View Post
What I'm talking about is a hypothetical virus which just installed actual cheats (you can find thousands on the internet). I mean, taking files of recognized actual cheats and pack them with a virus, or pack them along other non-virus software so people download and inadvertently install actual cheats. Then it would be just your word against Valve's, and we all know who would win.
Theoretically it would be possible. But such a scenario is very unlikely. There is no economic gain on it. And although it happened, in the end those bans would be reverted.
Tito Shivan is offline   Reply With Quote
Old 05-17-2012, 07:07 AM   #14
_Budweiser_
 
Join Date: Jan 2007
Reputation: 213
Posts: 830
Quote:
Originally Posted by DocHouse View Post
a hypothetical virus which just installed actual cheats (you can find thousands on the internet). I mean, taking files of recognized actual cheats and pack them with a virus, or pack them along other non-virus software so people download and inadvertently install actual cheats. Then it would be just your word against Valve's, and we all know who would win.
If such a scenario were ever to occur, and, I agree that this isn't beyond the realms of possibility, there would need to be some degree of specifics within the propegation of the malware that would point to or resemble the 'cheat' code.
When various security labs, (i.e. Symantec, McAfee etc.) investigate the malware, they would learn that it has some effect on certain software (particularly, say, MW games or ceretain Valve software).
It would be reasonable to assume that after an amount of correspondence with the relevant companies, that it will be realised what is occurring.
Also, Valve can themselves then investigate the effects of the malware using test machines intended for specific infection or at least, mimicking certain effects of infection.

Statistically, if such a situaiton were to occur, there would be a definite, noticeable and irregular increase in the number & reason of particular ban flagging applied to accounts - due to the delayed ban facility, the problem may even be fully resolved long before account holders are even aware!
_Budweiser_ is offline   Reply With Quote
Old 05-17-2012, 07:30 AM   #15
DocHouse
 
 
 
Join Date: Mar 2012
Reputation: 1102
Posts: 1,452
Well, I have to admit it's not an everyday scenario, but also you might be THE target of someone. You might just open a file from a friend or lend your pc to a friend and boom, you're banned.

And yeah, I know I'm paranoid xD
DocHouse is offline   Reply With Quote
Reply

Go Back   Steam Users' Forums > Steam Discussions > VAC Discussion


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT -7. The time now is 12:09 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site Content Copyright Valve Corporation 1998-2014, All Rights Reserved.