Bitcoin Forum>Economy>Marketplace>Service Discussion
Author

Topic: Malware alert: Listentobitcoins (Read 2392 times)

b!z
legendary
Activity: 1582
Merit: 1010
Malware alert: Listentobitcoins
September 22, 2013, 02:46:05 AM
#19
Quote from: gacr on September 20, 2013, 05:09:46 AM
guys stop using ie and opera as main browsers -these two can be exploited and can be infected with a malware or btc stealer and you dont loose only your btc ... you can loose your cc details , passwords , bank accounts etc etc  .... use chrome or firefox ..... cant be exploited by exploit packs . also when you visit some sites you are asked to download updates for flash player or something like that .... if the upgrade is nor from adobe , you can download a malware for sure.

i'm waiting for a mod to tell me where i can open a thread and explain how the malware thing works like.
Exploit kits do target Firefox. FF hits are much more common than Opera. Where did you get this nonsense from?
MPOE-PR
hero member
Activity: 756
Merit: 522
Re: Malware alert: Listentobitcoins
September 20, 2013, 07:29:19 PM
#18
Quote from: gacr on September 20, 2013, 05:09:46 AM
guys stop using ie and opera as main browsers -these two can be exploited and can be infected with a malware or btc stealer and you dont loose only your btc ... you can loose your cc details , passwords , bank accounts etc etc  .... use chrome or firefox ..... cant be exploited by exploit packs . also when you visit some sites you are asked to download updates for flash player or something like that .... if the upgrade is nor from adobe , you can download a malware for sure.

i'm waiting for a mod to tell me where i can open a thread and explain how the malware thing works like.

Hey, not a bad post idea. Link us when you find a spot (what's wrong with just putting it in Bitcoin Discussion?).
hennessyhemp
hero member
Activity: 511
Merit: 500
Hempire Loading...
Re: Malware alert: Listentobitcoins
September 20, 2013, 11:06:16 AM
#17
Definitely using Chrome at the time.  I don't know how the guy got in exactly...but I had been on this site...and reading about how it was sold to someone who infected it with malware made much more sense than any other thing I've done that might have left me vulnerable.
gacr
full member
Activity: 141
Merit: 100
Re: Malware alert: Listentobitcoins
September 20, 2013, 05:09:46 AM
#16
guys stop using ie and opera as main browsers -these two can be exploited and can be infected with a malware or btc stealer and you dont loose only your btc ... you can loose your cc details , passwords , bank accounts etc etc  .... use chrome or firefox ..... cant be exploited by exploit packs . also when you visit some sites you are asked to download updates for flash player or something like that .... if the upgrade is nor from adobe , you can download a malware for sure.

i'm waiting for a mod to tell me where i can open a thread and explain how the malware thing works like.
hennessyhemp
hero member
Activity: 511
Merit: 500
Hempire Loading...
Re: Malware alert: Listentobitcoins
September 19, 2013, 06:54:54 PM
#15
This all occurred right around the same time lots of forum members started putting up sock puppets as their picture, as many accounts became sock puppets after passwords became compromised. 

The posts made with my account lead me to believe the hacker was obviously a forum member, and possibly fairly good at coding...or at least using vicious code capable of stealing your shit.  He also appeared to have a fascination with all things gambling.  I'll bet some of the senior members are starting to recognize his poor grammar and continued unpleasant posts.

He also posted on some rather shady threads already on this site...like forum account purchasing threads and debt threads where he talked about getting information illegally. 

If he's capable of doing this to a bunch of bitcoin nerds...lookout real world...cause this bastard is smarter than a malicious person should be.  Probably lacking in the hugs department as a child.
uk1
copper member
Activity: 546
Merit: 500
Re: Malware alert: Listentobitcoins
September 19, 2013, 06:20:35 PM
#14
thanks for the heads up
btcinstant
full member
Activity: 180
Merit: 100
Re: Malware alert: Listentobitcoins
September 19, 2013, 06:18:24 PM
#13
Quote from: hennessyhemp on September 19, 2013, 05:26:17 PM
This may be how my Bitcointalk forum account was hacked...I just saw this thread, and considering the guy that hacked my account was clearly a forum member already...this makes some level of sense.  My account was hacked back on July 10th, and I had been using the listen to bitcoins site prior to that at work because I thought it was cool to hear my money becoming worth more with the low tones indicating large purchases.

Thought that mystery would stay a mystery, but I have a strong feeling this is how he got in.  Now if only we could figure out who he is...tar and feathers at the ready men!

Currently I have a bitcointalk account  that was hacked  and still waiting to get into it.
hennessyhemp
hero member
Activity: 511
Merit: 500
Hempire Loading...
Re: Malware alert: Listentobitcoins
September 19, 2013, 05:26:17 PM
#12
This may be how my Bitcointalk forum account was hacked...I just saw this thread, and considering the guy that hacked my account was clearly a forum member already...this makes some level of sense.  My account was hacked back on July 10th, and I had been using the listen to bitcoins site prior to that at work because I thought it was cool to hear my money becoming worth more with the low tones indicating large purchases.

Thought that mystery would stay a mystery, but I have a strong feeling this is how he got in.  Now if only we could figure out who he is...tar and feathers at the ready men!
WinVery.com
full member
Activity: 235
Merit: 100
Re: Malware alert: Listentobitcoins
July 15, 2013, 09:10:44 PM
#11
That type of shit makes me happy to run a clean tight ship.
btcee
newbie
Activity: 24
Merit: 0
Re: Malware alert: Listentobitcoins
July 15, 2013, 08:38:12 PM
#10
Wow. I was just there two days ago. Thanks for posting this.
clearcrystal
full member
Activity: 131
Merit: 100
Re: Malware alert: Listentobitcoins
July 15, 2013, 04:14:24 PM
#9
thanks for the heads up
giszmo
legendary
Activity: 1862
Merit: 1105
WalletScrutiny.com
Re: Malware alert: Listentobitcoins
July 15, 2013, 03:53:47 PM
#8
So, is it likely I have some key logger with my wallet copied to some evil guy? I run a rather freshly installed debian.

Yeah, I tell all my friends with their Windows problems that there are no Linux-Viruses but with my bitcoins at stake I feel a bit paranoid.
CurbsideProphet
hero member
Activity: 672
Merit: 500
Re: Malware alert: Listentobitcoins
July 15, 2013, 03:09:30 PM
#7
Reported site to Google Safe Browsing.  Thanks for the heads up.
hivewallet
sr. member
Activity: 378
Merit: 325
hivewallet.com
Re: Malware alert: Listentobitcoins
July 15, 2013, 12:51:48 PM
#6
Bumping for exactly this reason.
giszmo
legendary
Activity: 1862
Merit: 1105
WalletScrutiny.com
Re: Malware alert: Listentobitcoins
July 15, 2013, 12:46:37 PM
#5
Bump: Hargnah, why doesn't this thread get more attention?Huh It should be linked everywhere but instead there is silence.
giszmo
legendary
Activity: 1862
Merit: 1105
WalletScrutiny.com
Re: Malware alert: Listentobitcoins
July 15, 2013, 12:10:54 AM
#4
This changer.php-thing either is not functional or resists to a simple wget. Hope somebody can find out what the threat is or was two days ago.

Here is what I get with changer.php. Redirects to really fishy stuff and then dies, right?

Code:
$ wget http://www.justiceresearchinstitute.org/changer.php
--2013-07-15 00:08:26--  http://www.justiceresearchinstitute.org/changer.php
Resolving www.justiceresearchinstitute.org (www.justiceresearchinstitute.org)... 70.86.182.49
Connecting to www.justiceresearchinstitute.org (www.justiceresearchinstitute.org)|70.86.182.49|:80... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: http://clisim.memostriamsdays.biz/f2ab0c/meets_weird-justification-telephone/shortest-abuse.php [following]
--2013-07-15 00:08:27--  http://clisim.memostriamsdays.biz/f2ab0c/meets_weird-justification-telephone/shortest-abuse.php
Resolving clisim.memostriamsdays.biz (clisim.memostriamsdays.biz)... 74.63.209.216
Connecting to clisim.memostriamsdays.biz (clisim.memostriamsdays.biz)|74.63.209.216|:80... connected.
HTTP request sent, awaiting response... 502 Bad Gateway
2013-07-15 00:08:28 ERROR 502: Bad Gateway.
giszmo
legendary
Activity: 1862
Merit: 1105
WalletScrutiny.com
Re: Malware alert: Listentobitcoins
July 15, 2013, 12:06:38 AM
#3
ok, so I was at listentobitcoins.com 2 days ago. what should I expect?

I got to go to bed now but is this bad? According to my analysis of this first some lines It does:
eval("") which looks like the really interesting part is in http://www.justice research institute.org/changer.php

(I first tried to just understand this munged part but then decided to debug it after removing the eval part that I had figured out pretty quickly. At my first attempt my box was online, what I highly regret. Kids, don't do that at home. It's playing with fire. Wish I had a separate box that runs off a CD without HD or something for analyzing Viruses.)
coinprize
member
Activity: 98
Merit: 10
Invest NASDAQ in Bitcoin
Re: Malware alert: Listentobitcoins
July 14, 2013, 09:41:42 PM
#2
Thanks! Can google chrome detects the malware?
Birdy
sr. member
Activity: 364
Merit: 250
Re: Malware alert: Listentobitcoins
July 14, 2013, 08:20:09 PM
#1
According to reddit the website was sold and the new owner put malware in it!

More about this:
http://www.reddit.com/r/Bitcoin/comments/1ia7q2/listen_to_bitcoin_contains_malware/
Bitcoin Forum>Economy>Marketplace>Service Discussion
Jump to: