Topic: Another Bitcoin Scam on YouTube? (Read 3179 times)
i flagged it too.
Flagged...
All the bitcoin theft going on is just like the gold rush was...
All the bitcoin theft going on is just like the gold rush was...
Excellent, Ive been also been flagging when I can
Just got one son of a bitch.
http://www.youtube.com/watch?v=x4-nesXzBOw
habbocrazy543, his account got closed and videos removed.
They will still appear in searched though.
http://www.youtube.com/watch?v=x4-nesXzBOw
habbocrazy543, his account got closed and videos removed.
They will still appear in searched though.
It seems there are several dozen new bitcoin scam videos up today.
http://www.youtube.com/results?search_type=videos&search_query=bitcoin&search_sort=video_date_uploaded&suggested_categories=24%2C10%2C27%2C28
http://www.youtube.com/results?search_type=videos&search_query=bitcoin&search_sort=video_date_uploaded&suggested_categories=24%2C10%2C27%2C28
Thanks Memory Dealers! If enough of us monitor this rubbish and flag them!
Flagged as scam/fraud. Everyone else should flag it as well.
This
It seems there are several dozen new bitcoin scam videos up today.
http://www.youtube.com/results?search_type=videos&search_query=bitcoin&search_sort=video_date_uploaded&suggested_categories=24%2C10%2C27%2C28
http://www.youtube.com/results?search_type=videos&search_query=bitcoin&search_sort=video_date_uploaded&suggested_categories=24%2C10%2C27%2C28
Flagged as scam/fraud. Everyone else should flag it as well.
This only seems appropriate: http://www.youtube.com/watch?v=zvfD5rnkTws
My Point is, this crap needs to be flagged etc, and removed just like all that spam that was going up on YouTube before, but especially these damn Trojans, Wallet Stealers etc!
maybe not a wallet stealer at all but a "normal" trojan:
http://www.virustotal.com/file-scan/report.html?id=d51bfe70bc04cf0266cd6fa83d53951a5c74e6fcb2ea0e37b7ee40da0278eef2-1311868992
What about the file as a whole?(The exe with the fake and the virii)http://www.virustotal.com/file-scan/report.html?id=d51bfe70bc04cf0266cd6fa83d53951a5c74e6fcb2ea0e37b7ee40da0278eef2-1311868992
Also, lets flag the bitch up.
Googling around more info on the subject gave me this:
http://www.hackforums.net/member.php?action=profile&uid=54808
A scam report disclosed his email/msn
[email protected]
Which yield more results
https://twitter.com/#!/popc0rnftw
http://www.sythe.org/showthread.php?t=843802
And found this: http://dazzlepod.com/lulzsec/final/?email=live.com&page=2 - Entry 50322
Due to the similarity between names I tried several combos against Facebook and found this:
https://www.facebook.com/popc0rn -> Vincent Zuo due to the info in the page it makes me believe he is not involved in any of this.
Looks like the email address is not registered with Facebook.
More to come.
maybe not a wallet stealer at all but a "normal" trojan:
http://www.virustotal.com/file-scan/report.html?id=d51bfe70bc04cf0266cd6fa83d53951a5c74e6fcb2ea0e37b7ee40da0278eef2-1311868992
http://www.virustotal.com/file-scan/report.html?id=d51bfe70bc04cf0266cd6fa83d53951a5c74e6fcb2ea0e37b7ee40da0278eef2-1311868992
Most likely the path is hardcoded, what would be interesting to find out is if it also has some authentication hardcoded and we can mess with that, ex. change the password and rm -rf / the bitch.
Also, my heart is crying over such a stupid interface when you could have had only one fucking button. D:<
Also, my heart is crying over such a stupid interface when you could have had only one fucking button. D:<
im guessing it just looks for wallet.dat. most likely not very sophisticated.
lol. It's a double compressed archive.
extract the BIT.rar file and you will get:
extract the "Bitcoin Wallet Injector.exe" and you will get:
....bot.exe....pretty lame
extract the BIT.rar file and you will get:
extract the "Bitcoin Wallet Injector.exe" and you will get:
....bot.exe....pretty lame
Wow that is just awesome.... bot.exe
Hrmm perhaps later I will get some time to reverse engineer it and see what it does =)
i'd be interested - should you happen to take the thing apart - in knowing how sophisticated the wallet-stealer is.
can it find a wallet.dat anywhere on any hard drive or partition? if the wallet is on an unmounted file system, can it mount that? if wallet.dat is renamed to something else - i.e., foo.bar - could it find the renaming line in bitcoin.conf and steal foo.bar?
Thats the 2nd or 3rd Ive found on YouTube, they seem to be reasonably consistent in this crap.
lol. It's a double compressed archive.
extract the BIT.rar file and you will get:
extract the "Bitcoin Wallet Injector.exe" and you will get:
....bot.exe....pretty lame
extract the BIT.rar file and you will get:
extract the "Bitcoin Wallet Injector.exe" and you will get:
....bot.exe....pretty lame
Wow that is just awesome.... bot.exe
Hrmm perhaps later I will get some time to reverse engineer it and see what it does =)
Seems some kind of botnet...
lol. It's a double compressed archive.
extract the BIT.rar file and you will get:
http://img638.imageshack.us/img638/8312/scam2i.jpg
extract the "Bitcoin Wallet Injector.exe" and you will get:
http://img31.imageshack.us/img31/5793/scamuw.jpg
....bot.exe....pretty lame
edit: i should add "do not double click 'Bitcoin Wallet Injector.exe' , that's not how you extract bot.exe from the inner archive"
extract the BIT.rar file and you will get:
http://img638.imageshack.us/img638/8312/scam2i.jpg
extract the "Bitcoin Wallet Injector.exe" and you will get:
http://img31.imageshack.us/img31/5793/scamuw.jpg
....bot.exe....pretty lame
edit: i should add "do not double click 'Bitcoin Wallet Injector.exe' , that's not how you extract bot.exe from the inner archive"
LOL if only it was that easy to make bitcoins
Jump to: