Pages:
Author

Topic: Another Bitcoin Scam on YouTube? (Read 3189 times)

newbie
Activity: 62
Merit: 0
July 31, 2011, 10:30:27 AM
#21
i flagged it too.
member
Activity: 112
Merit: 10
July 31, 2011, 06:03:30 AM
#20
Flagged...

All the bitcoin theft going on is just like the gold rush was...
member
Activity: 84
Merit: 10
July 31, 2011, 05:27:29 AM
#19
Excellent, Ive been also been flagging when I can
sr. member
Activity: 322
Merit: 250
Do The Evolution
July 30, 2011, 09:01:42 PM
#18
Just got one son of a bitch.
http://www.youtube.com/watch?v=x4-nesXzBOw

habbocrazy543, his account got closed and videos removed.

They will still appear in searched though.
member
Activity: 84
Merit: 10
July 30, 2011, 08:13:33 PM
#17

Thanks Memory Dealers! If enough of us monitor this rubbish and flag them!
hero member
Activity: 602
Merit: 502
July 30, 2011, 07:57:28 PM
#16
Flagged as scam/fraud. Everyone else should flag it as well.

This
vip
Activity: 1052
Merit: 1155
full member
Activity: 196
Merit: 100
July 29, 2011, 09:30:32 AM
#14
Flagged as scam/fraud. Everyone else should flag it as well.
member
Activity: 112
Merit: 10
July 29, 2011, 09:25:25 AM
#13
This only seems appropriate: http://www.youtube.com/watch?v=zvfD5rnkTws
member
Activity: 84
Merit: 10
July 29, 2011, 03:17:11 AM
#12
My Point is, this crap needs to be flagged etc, and removed just like all that spam that was going up on YouTube before, but especially these damn Trojans, Wallet Stealers etc!
sr. member
Activity: 322
Merit: 250
Do The Evolution
July 28, 2011, 11:31:46 AM
#11
What about the file as a whole?(The exe with the fake and the virii)

Also, lets flag the bitch up.

Googling around more info on the subject gave me this:
http://www.hackforums.net/member.php?action=profile&uid=54808
A scam report disclosed his email/msn
[email protected]
Which yield more results
https://twitter.com/#!/popc0rnftw
http://www.sythe.org/showthread.php?t=843802
And found this: http://dazzlepod.com/lulzsec/final/?email=live.com&page=2 - Entry 50322

Due to the similarity between names I tried several combos against Facebook and found this:
https://www.facebook.com/popc0rn -> Vincent Zuo due to the info in the page it makes me believe he is not involved in any of this.
Looks like the email address is not registered with Facebook.


More to come.
newbie
Activity: 28
Merit: 0
sr. member
Activity: 322
Merit: 250
Do The Evolution
July 28, 2011, 10:53:16 AM
#9
Most likely the path is hardcoded, what would be interesting to find out is if it also has some authentication hardcoded and we can mess with that, ex. change the password and rm -rf / the bitch.

Also, my heart is crying over such a stupid interface when you could have had only one fucking button. D:<
hero member
Activity: 1148
Merit: 501
July 28, 2011, 09:58:23 AM
#8
im guessing it just looks for wallet.dat.  most likely not very sophisticated.
full member
Activity: 126
Merit: 100
July 28, 2011, 09:51:22 AM
#7
lol. It's a double compressed archive.
extract the BIT.rar file and you will get:


extract the "Bitcoin Wallet Injector.exe" and you will get:

....bot.exe....pretty lame

Wow that is just awesome.... bot.exe

Hrmm perhaps later I will get some time to reverse engineer it and see what it does =)

i'd be interested - should you happen to take the thing apart - in knowing how sophisticated the wallet-stealer is.

can it find a wallet.dat anywhere on any hard drive or partition?  if the wallet is on an unmounted file system, can it mount that?  if wallet.dat is renamed to something else - i.e., foo.bar - could it find the renaming line in bitcoin.conf and steal foo.bar?
member
Activity: 84
Merit: 10
July 28, 2011, 09:36:09 AM
#6
Thats the 2nd or 3rd Ive found on YouTube, they seem to be reasonably consistent in this crap.
member
Activity: 84
Merit: 10
July 28, 2011, 09:16:07 AM
#5
lol. It's a double compressed archive.
extract the BIT.rar file and you will get:


extract the "Bitcoin Wallet Injector.exe" and you will get:

....bot.exe....pretty lame

Wow that is just awesome.... bot.exe

Hrmm perhaps later I will get some time to reverse engineer it and see what it does =)
legendary
Activity: 1937
Merit: 1001
July 28, 2011, 09:03:52 AM
#4
Seems some kind of botnet...
newbie
Activity: 28
Merit: 0
July 28, 2011, 08:55:25 AM
#3
lol. It's a double compressed archive.
extract the BIT.rar file and you will get:
http://img638.imageshack.us/img638/8312/scam2i.jpg

extract the "Bitcoin Wallet Injector.exe" and you will get:
http://img31.imageshack.us/img31/5793/scamuw.jpg
....bot.exe....pretty lame


edit: i should add "do not double click 'Bitcoin Wallet Injector.exe' , that's not how you extract bot.exe from the inner archive"
member
Activity: 84
Merit: 10
July 28, 2011, 08:53:19 AM
#2
http://www.youtube.com/watch?v=8Hws-OruuqE

Just Found this! Another Scam I presume!

LOL if only it was that easy to make bitcoins
Pages:
Jump to: