Yup, and dealt with. - http://raxxpack.wordpress.com/2014/06/03/reverse-engineer-a-key-logger/

For this case however, they bypass steam guard by grabbing your SSFN file from your computer.
Don't underestimate updating your anti-virus folks.

It's some website that's made to look exactly like the steam website so you enter your information thinking it's the real thing.

ur dum

they usually either mirror the steam guard confirmation box and get you to check your own email or ask you to upload a steam certificate that says you are who you are

Um, neither of those cases uses Steam Guard. In both cases, they are making fake login boxes using Steam Guard visual assets, and in the second one they have you download a phishy exe file to steal your Steam authentication certificate. My point still stands.

I guess those are amateurs. You can actually infect computers with malware from just visiting the webpage, aka drive-by-downloads.

Malware can be hidden inside invisible elements on the site, such as iframes or unobfuscated JavaScript code; it can even be embedded in multimedia files, such as images, videos, or Adobe Flash animations. When the page loads, the malware infects the visitor's computer using vulnerabilities in the browser or plug-ins.

How do they escape the browser sandbox without user interaction? I'm genuinely curious.

EDIT: Damn you already answered it :(

I got added by some dude who sent me the exact same message. I just removed him either way once he sent me that link.

http://puu.sh/b0B4x/c407607a23.png

He doesnt want to give me his items

Yea, the BEST thing to do is update update update.
- Browser
- Windows/OSX security updates
- Anti-virus

Hackers use browser exploits to install the crime ware, but these exploits get patched very quickly.

To add on to this:

[*] Don't skip Flash/Java updates. These are huge vectors for exploits.
[*] Consider running Flashblock/ScriptBlock plugins on your browser and whitelist trusted sites.

Report, Remove, Block, Repeat

ayy lmao