[fragmede]

I mean, there's going to be a web endpoint that gets hit to count one installation. That is definitely going to remain a secret, so no one could possibly run wget in a loop to say their steam account installed it a million times.

[numpad0]

Back in the days in parts of the Internet I've seen, though I've never joined those groups, it used to be a webapp stress testing tool called Apache JMeter. Participants(legit criminals, in hindsight!) were encouraged to download scenario files, referred to as "ammunition", through equivalents to Mega/mediafire at the time and join coordinated attacks. Nowadays I'm sure it will be scripts on GitHub, botnets of IoT appliances, and volunteered GPU farms for PoW algorithms.

[everforward]

> Nowadays I'm sure it will be scripts on GitHub, botnets of IoT appliances, and volunteered GPU farms for PoW algorithms.

I'd be surprised if it's anywhere near that exotic. It'll just be a webpage with a list of games you can pick, input a number of "installs" to fake, and it'll fire the requests off with Javascript. Or maybe a browser extension if they feel the need to distribute the requests. Half the gamers will install it at some point when their favorite absurdly over-hyped game flops.

There's not much need to run an optimized and complicated tool like JMeter when each request costs the other side $0.20. I wouldn't be surprised if a browser extension could get out something in the ballpark of 100 requests/second.

[salawat]

...How do you propose they'll hide the packet going over the network, that decodes to a GET or POST request?

I assure you. That endpoint will not remain secret no matter how hard they try.

[nrabulinski]

I’m pretty sure that was exactly the joke they were going for