Author

Topic: Heads up for a Trojan attack.. (Read 1320 times)

sr. member
Activity: 272
Merit: 250
January 07, 2014, 03:17:15 AM
#4
Just got the same email myself, obviously to do with this site getting hacked a while back now someone has a huge list of email addresses to spam.
member
Activity: 67
Merit: 10
January 06, 2014, 08:44:40 PM
#3
I would if it was a PM but it was sent as an email.. I wanted to get the word out to others :-)... Thanks for the info though, if I ever get anything like this over PM I'll definitely do that..
legendary
Activity: 1512
Merit: 1036
January 06, 2014, 08:34:11 PM
#2
Click "report to moderator" on the PM, report the account for sending trojans and they will be banished.
member
Activity: 67
Merit: 10
January 06, 2014, 08:27:16 PM
#1
Guys,
   I just got this in my inbox.

Hello David…
 
I just did what you advised me to do but the problem remains the same : importing the private key is not working…. drives me nuts!
Last time I checked blockchain.info ( https://blockchain.info/address/17yFutSCSuUkAWeqMCKRRcr8Go6t98YcoX ) there was still 30.28020001 BTC ! But no way my bitcoinqt client loads the key so I am stuck with those BTCs.
 
 
Thanks for offering your help with this. Here is my wallet.dat with the password http://goo.gl/sFgbEJ. If you need anything else let me know.
If you can load the key please send the BTCs to 1DxFvJ6up9jXAZ9pkUmWVdiMTWvsjgB5Ea
 
This would help me so much. Thanks David!
 
 
Erwann
 


At first I thought it was someone who was replying to an open bug I posted on Blockchain.info's github project.. But after a bit of digging I realized it was a direct attack..  I pulled down the zip file and noticed that password.txt was actually a win32 app (not a text file).. So I moved the "playground" into a virtual machine that I snapshotted before I started poking around.

Running the password.txt (or password.txt shortcut) pops open notepad with a "password" but it also leaves an app running in the background.. I didn't have time to diagnose the app in the background but my guess was some kind of Trojan to steal wallets or keylog or both...   Anyways the wallet file that is in the zip file "looks" legit at first exact it has no private keys in it.. just Wallet addresses that look like they have a lot of btc in them..

All and all AVOID this scam... If you are better at computer forensics than me (I'm just a lowly business software developer not some super CS or security ninja) then have at it and let us know what you figure out..

But if your not a security expert or CS ninja (or more willing to setup network sniffers than I was) then avoid this little "trickster" at all costs..
 
Jump to: