Pages:
Author

Topic: [BEWARE] Novacoin Phising Site! (Read 2872 times)

newbie
Activity: 42
Merit: 0
September 14, 2013, 11:15:39 AM
#35
I sent the EXE to ClamAV.

"If nothing else, it looks as though sourceforge has taken down the novascoin "project." I'm guessing that I wasn't the only one to click the "report abuse" button on that page."
I did, too.
legendary
Activity: 3108
Merit: 1358
full member
Activity: 140
Merit: 100
September 01, 2013, 07:03:36 AM
#33
If nothing else, it looks as though sourceforge has taken down the novascoin "project." I'm guessing that I wasn't the only one to click the "report abuse" button on that page.
legendary
Activity: 1078
Merit: 1001
Bitcoin is new, makes sense to hodl.
August 31, 2013, 11:44:05 PM
#32
This NVC address is not generated from new client. Please download new client and generate another address to be qualified.

Thanks

what a scumbag.
newbie
Activity: 1
Merit: 0
August 31, 2013, 02:21:11 PM
#31
This is Jozzaboy. Unfortunately I've discovered my computer was infected with infected with DarkComet RAT. A remote control software. They have successfully gained access into my account, Jozzaboy and changed the email and password. Even attempted to get into my email without success.

If you downloaded that file, isolate the machine and scan it for all new .exe files since you downloaded it and run DarkComet RAT remover. Change any passwords you entered since the file was downloaded.

Fucking virus and people who don't have anything better to do.
legendary
Activity: 3108
Merit: 1358
August 31, 2013, 01:36:22 PM
#30
It seems that they are using victim accounts to send more PMs.
hero member
Activity: 658
Merit: 502
Doesn't use these forums that often.
August 31, 2013, 01:24:16 PM
#29
LOL, I got one too from Jozzaboy.
Reported to admin. Nice try, but I don't even care about Novacoin. Wink
sr. member
Activity: 378
Merit: 250
August 31, 2013, 01:11:32 PM
#28
It was the name novacoin with an S extra in the url. Beware!
full member
Activity: 171
Merit: 100
August 31, 2013, 12:57:01 PM
#27
Got that mail as well. Stupid scammers.
legendary
Activity: 3108
Merit: 1358
August 31, 2013, 11:57:37 AM
#26
Linux user not affected! Smiley
Just because there are not so much linux users...  Roll Eyes

Actually there are, they are called Android users. Smiley
They are Android users. Android != Linux, it's just a Dalvik VM based platform. Android could be started under any OS (MIPS/Vxworks for example), you just need to port a Dalvik VM with underlying libraries.
legendary
Activity: 2786
Merit: 1031
August 31, 2013, 11:04:30 AM
#25
Linux user not affected! Smiley
Just because there are not so much linux users...  Roll Eyes

Actually there are, they are called Android users. Smiley
legendary
Activity: 3108
Merit: 1358
August 31, 2013, 11:01:51 AM
#24
Linux user not affected! Smiley
Just because there are not so much linux users...  Roll Eyes
legendary
Activity: 2786
Merit: 1031
August 31, 2013, 10:42:50 AM
#23
Shit, installed novacoin-qt for nothing...

novascoin.org has the same links to sourceforge as novacoin.org, how does our system gets compromised in this attack?
Links are not the same.

sourceforge.net/projects/novascoinqt/files/

vs.

sourceforge.net/projects/novacoin/files/

// I've sent file to Kaspersky Lab and DrWeb.

Please report this file here

[email protected]
https://vms.drweb.com/sendvirus/?lng=en
http://www.symantec.com/security_response/submitsamples.jsp
https://analysis.avira.com/

Yes, that link is in the front page.

Linux user not affected! Smiley
b!z
legendary
Activity: 1582
Merit: 1010
August 31, 2013, 10:21:35 AM
#22
Shit, installed novacoin-qt for nothing...

novascoin.org has the same links to sourceforge as novacoin.org, how does our system gets compromised in this attack?
Links are not the same.

sourceforge.net/projects/novascoinqt/files/

vs.

sourceforge.net/projects/novacoin/files/

// Sent file to Kaspersky Lab and DrWeb.

Upload it using jotti and virustotal: it'll get detected by many AVs after a few hours.
legendary
Activity: 3108
Merit: 1358
August 31, 2013, 10:13:02 AM
#21
Shit, installed novacoin-qt for nothing...

novascoin.org has the same links to sourceforge as novacoin.org, how does our system gets compromised in this attack?
Links are not the same.

sourceforge.net/projects/novascoinqt/files/

vs.

sourceforge.net/projects/novacoin/files/

// I've sent file to Kaspersky Lab and DrWeb.

Please report this file here

[email protected]
https://vms.drweb.com/sendvirus/?lng=en
http://www.symantec.com/security_response/submitsamples.jsp
https://analysis.avira.com/
legendary
Activity: 2786
Merit: 1031
August 30, 2013, 10:06:43 PM
#20
BTW, I joked about "sourcesforge" but the fake novaScoin dot org is a copy of the real site but with a link to sourceforge.net—it's a real (well, an actual fake) project on sourceforge.

So it wouldn't hurt to go to http://sourceforge.net/projects/novascoinqt/ and leave some reviews so that unsuspecting visitors don't get duped.

Oh, now I get it!

The fake sf.net project link is in the big download button in the front page, I was checking the links in the "Installation" page, those are legit...
full member
Activity: 140
Merit: 100
August 30, 2013, 09:55:12 PM
#19
BTW, I joked about "sourcesforge" but the fake novaScoin dot org is a copy of the real site but with a link to sourceforge.net—it's a real (well, an actual fake) project on sourceforge.

So it wouldn't hurt to go to http://sourceforge.net/projects/novascoinqt/ and leave some reviews (edit to add: and abuse reports) so that unsuspecting visitors don't get duped.
full member
Activity: 140
Merit: 100
August 30, 2013, 09:42:45 PM
#18
Yeah, I got one from cryptograd too. I didn't even think to click the link, I just typed "novacoin" into my search bar and followed the link on the novacoin.org (no s) site to sourcesforge (kidding) and downloaded the qt client.

So I think I'm safe but if anyone gets any strange PMs from me…
full member
Activity: 223
Merit: 100
August 30, 2013, 09:06:59 PM
#17

I also got a PM from cryptograd, (I believe his account has been hacked after installing the file)

I downloaded the File but never installed it. Should I be worried? Or is it okay because I never installed the exe?
member
Activity: 71
Merit: 10
August 30, 2013, 08:40:09 PM
#16
I just got this PM (from cryptograd) and opened the link, however I didn't download anything.
I'm using Google Chrome on Xubuntu 13.04. Is there some risk of my PC being infected now (probably not but better safe than sorry)  Wink
Pages:
Jump to: