I sent the EXE to ClamAV.
"If nothing else, it looks as though sourceforge has taken down the novascoin "project." I'm guessing that I wasn't the only one to click the "report abuse" button on that page."
I did, too.
Topic: [BEWARE] Novacoin Phising Site! (Read 2872 times)
https://www.phishtank.com/
http://www.mywot.com/
http://www.google.com/safebrowsing/report_phish/
Reported this site here.
http://www.mywot.com/
http://www.google.com/safebrowsing/report_phish/
Reported this site here.
If nothing else, it looks as though sourceforge has taken down the novascoin "project." I'm guessing that I wasn't the only one to click the "report abuse" button on that page.
This NVC address is not generated from new client. Please download new client and generate another address to be qualified.
Thanks
Thanks
what a scumbag.
This is Jozzaboy. Unfortunately I've discovered my computer was infected with infected with DarkComet RAT. A remote control software. They have successfully gained access into my account, Jozzaboy and changed the email and password. Even attempted to get into my email without success.
If you downloaded that file, isolate the machine and scan it for all new .exe files since you downloaded it and run DarkComet RAT remover. Change any passwords you entered since the file was downloaded.
Fucking virus and people who don't have anything better to do.
If you downloaded that file, isolate the machine and scan it for all new .exe files since you downloaded it and run DarkComet RAT remover. Change any passwords you entered since the file was downloaded.
Fucking virus and people who don't have anything better to do.
It seems that they are using victim accounts to send more PMs.
LOL, I got one too from Jozzaboy.
Reported to admin. Nice try, but I don't even care about Novacoin.
Reported to admin. Nice try, but I don't even care about Novacoin.
It was the name novacoin with an S extra in the url. Beware!
Got that mail as well. Stupid scammers.
Linux user not affected! 
Just because there are not so much linux users... 
Actually there are, they are called Android users.
Linux user not affected!
Just because there are not so much linux users... Actually there are, they are called Android users.
Linux user not affected!
Just because there are not so much linux users... Shit, installed novacoin-qt for nothing...
novascoin.org has the same links to sourceforge as novacoin.org, how does our system gets compromised in this attack?
Links are not the same.novascoin.org has the same links to sourceforge as novacoin.org, how does our system gets compromised in this attack?
sourceforge.net/projects/novascoinqt/files/
vs.
sourceforge.net/projects/novacoin/files/
// I've sent file to Kaspersky Lab and DrWeb.
Please report this file here
[email protected]
https://vms.drweb.com/sendvirus/?lng=en
http://www.symantec.com/security_response/submitsamples.jsp
https://analysis.avira.com/
Yes, that link is in the front page.
Linux user not affected!
Shit, installed novacoin-qt for nothing...
novascoin.org has the same links to sourceforge as novacoin.org, how does our system gets compromised in this attack?
Links are not the same.novascoin.org has the same links to sourceforge as novacoin.org, how does our system gets compromised in this attack?
sourceforge.net/projects/novascoinqt/files/
vs.
sourceforge.net/projects/novacoin/files/
// Sent file to Kaspersky Lab and DrWeb.
Upload it using jotti and virustotal: it'll get detected by many AVs after a few hours.
Shit, installed novacoin-qt for nothing...
novascoin.org has the same links to sourceforge as novacoin.org, how does our system gets compromised in this attack?
Links are not the same.novascoin.org has the same links to sourceforge as novacoin.org, how does our system gets compromised in this attack?
sourceforge.net/projects/novascoinqt/files/
vs.
sourceforge.net/projects/novacoin/files/
// I've sent file to Kaspersky Lab and DrWeb.
Please report this file here
[email protected]
https://vms.drweb.com/sendvirus/?lng=en
http://www.symantec.com/security_response/submitsamples.jsp
https://analysis.avira.com/
BTW, I joked about "sourcesforge" but the fake novaScoin dot org is a copy of the real site but with a link to sourceforge.net—it's a real (well, an actual fake) project on sourceforge.
So it wouldn't hurt to go to http://sourceforge.net/projects/novascoinqt/ and leave some reviews so that unsuspecting visitors don't get duped.
So it wouldn't hurt to go to http://sourceforge.net/projects/novascoinqt/ and leave some reviews so that unsuspecting visitors don't get duped.
Oh, now I get it!
The fake sf.net project link is in the big download button in the front page, I was checking the links in the "Installation" page, those are legit...
BTW, I joked about "sourcesforge" but the fake novaScoin dot org is a copy of the real site but with a link to sourceforge.net—it's a real (well, an actual fake) project on sourceforge.
So it wouldn't hurt to go to http://sourceforge.net/projects/novascoinqt/ and leave some reviews (edit to add: and abuse reports) so that unsuspecting visitors don't get duped.
So it wouldn't hurt to go to http://sourceforge.net/projects/novascoinqt/ and leave some reviews (edit to add: and abuse reports) so that unsuspecting visitors don't get duped.
Yeah, I got one from cryptograd too. I didn't even think to click the link, I just typed "novacoin" into my search bar and followed the link on the novacoin.org (no s) site to sourcesforge (kidding) and downloaded the qt client.
So I think I'm safe but if anyone gets any strange PMs from me…
So I think I'm safe but if anyone gets any strange PMs from me…
I also got a PM from cryptograd, (I believe his account has been hacked after installing the file)
I downloaded the File but never installed it. Should I be worried? Or is it okay because I never installed the exe?
I just got this PM (from cryptograd) and opened the link, however I didn't download anything.
I'm using Google Chrome on Xubuntu 13.04. Is there some risk of my PC being infected now (probably not but better safe than sorry)
I'm using Google Chrome on Xubuntu 13.04. Is there some risk of my PC being infected now (probably not but better safe than sorry)
Jump to: