Author

Topic: Malware alert: Listentobitcoins (Read 2394 times)

b!z
legendary
Activity: 1582
Merit: 1010
September 22, 2013, 01:46:05 AM
#19
guys stop using ie and opera as main browsers -these two can be exploited and can be infected with a malware or btc stealer and you dont loose only your btc ... you can loose your cc details , passwords , bank accounts etc etc  .... use chrome or firefox ..... cant be exploited by exploit packs . also when you visit some sites you are asked to download updates for flash player or something like that .... if the upgrade is nor from adobe , you can download a malware for sure.

i'm waiting for a mod to tell me where i can open a thread and explain how the malware thing works like.
Exploit kits do target Firefox. FF hits are much more common than Opera. Where did you get this nonsense from?
hero member
Activity: 756
Merit: 522
September 20, 2013, 06:29:19 PM
#18
guys stop using ie and opera as main browsers -these two can be exploited and can be infected with a malware or btc stealer and you dont loose only your btc ... you can loose your cc details , passwords , bank accounts etc etc  .... use chrome or firefox ..... cant be exploited by exploit packs . also when you visit some sites you are asked to download updates for flash player or something like that .... if the upgrade is nor from adobe , you can download a malware for sure.

i'm waiting for a mod to tell me where i can open a thread and explain how the malware thing works like.

Hey, not a bad post idea. Link us when you find a spot (what's wrong with just putting it in Bitcoin Discussion?).
hero member
Activity: 511
Merit: 500
Hempire Loading...
September 20, 2013, 10:06:16 AM
#17
Definitely using Chrome at the time.  I don't know how the guy got in exactly...but I had been on this site...and reading about how it was sold to someone who infected it with malware made much more sense than any other thing I've done that might have left me vulnerable.
full member
Activity: 141
Merit: 100
September 20, 2013, 04:09:46 AM
#16
guys stop using ie and opera as main browsers -these two can be exploited and can be infected with a malware or btc stealer and you dont loose only your btc ... you can loose your cc details , passwords , bank accounts etc etc  .... use chrome or firefox ..... cant be exploited by exploit packs . also when you visit some sites you are asked to download updates for flash player or something like that .... if the upgrade is nor from adobe , you can download a malware for sure.

i'm waiting for a mod to tell me where i can open a thread and explain how the malware thing works like.
hero member
Activity: 511
Merit: 500
Hempire Loading...
September 19, 2013, 05:54:54 PM
#15
This all occurred right around the same time lots of forum members started putting up sock puppets as their picture, as many accounts became sock puppets after passwords became compromised. 

The posts made with my account lead me to believe the hacker was obviously a forum member, and possibly fairly good at coding...or at least using vicious code capable of stealing your shit.  He also appeared to have a fascination with all things gambling.  I'll bet some of the senior members are starting to recognize his poor grammar and continued unpleasant posts.

He also posted on some rather shady threads already on this site...like forum account purchasing threads and debt threads where he talked about getting information illegally. 

If he's capable of doing this to a bunch of bitcoin nerds...lookout real world...cause this bastard is smarter than a malicious person should be.  Probably lacking in the hugs department as a child.
uk1
copper member
Activity: 546
Merit: 500
September 19, 2013, 05:20:35 PM
#14
thanks for the heads up
full member
Activity: 180
Merit: 100
September 19, 2013, 05:18:24 PM
#13
This may be how my Bitcointalk forum account was hacked...I just saw this thread, and considering the guy that hacked my account was clearly a forum member already...this makes some level of sense.  My account was hacked back on July 10th, and I had been using the listen to bitcoins site prior to that at work because I thought it was cool to hear my money becoming worth more with the low tones indicating large purchases.

Thought that mystery would stay a mystery, but I have a strong feeling this is how he got in.  Now if only we could figure out who he is...tar and feathers at the ready men!

Currently I have a bitcointalk account  that was hacked  and still waiting to get into it.
hero member
Activity: 511
Merit: 500
Hempire Loading...
September 19, 2013, 04:26:17 PM
#12
This may be how my Bitcointalk forum account was hacked...I just saw this thread, and considering the guy that hacked my account was clearly a forum member already...this makes some level of sense.  My account was hacked back on July 10th, and I had been using the listen to bitcoins site prior to that at work because I thought it was cool to hear my money becoming worth more with the low tones indicating large purchases.

Thought that mystery would stay a mystery, but I have a strong feeling this is how he got in.  Now if only we could figure out who he is...tar and feathers at the ready men!
full member
Activity: 235
Merit: 100
July 15, 2013, 08:10:44 PM
#11
That type of shit makes me happy to run a clean tight ship.
newbie
Activity: 24
Merit: 0
July 15, 2013, 07:38:12 PM
#10
Wow. I was just there two days ago. Thanks for posting this.
full member
Activity: 131
Merit: 100
July 15, 2013, 03:14:24 PM
#9
thanks for the heads up
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
July 15, 2013, 02:53:47 PM
#8
So, is it likely I have some key logger with my wallet copied to some evil guy? I run a rather freshly installed debian.

Yeah, I tell all my friends with their Windows problems that there are no Linux-Viruses but with my bitcoins at stake I feel a bit paranoid.
hero member
Activity: 672
Merit: 500
July 15, 2013, 02:09:30 PM
#7
Reported site to Google Safe Browsing.  Thanks for the heads up.
sr. member
Activity: 378
Merit: 325
hivewallet.com
July 15, 2013, 11:51:48 AM
#6
Bumping for exactly this reason.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
July 15, 2013, 11:46:37 AM
#5
Bump: Hargnah, why doesn't this thread get more attention?Huh It should be linked everywhere but instead there is silence.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
July 14, 2013, 11:10:54 PM
#4
This changer.php-thing either is not functional or resists to a simple wget. Hope somebody can find out what the threat is or was two days ago.

Here is what I get with changer.php. Redirects to really fishy stuff and then dies, right?

Code:
$ wget http://www.justiceresearchinstitute.org/changer.php
--2013-07-15 00:08:26--  http://www.justiceresearchinstitute.org/changer.php
Resolving www.justiceresearchinstitute.org (www.justiceresearchinstitute.org)... 70.86.182.49
Connecting to www.justiceresearchinstitute.org (www.justiceresearchinstitute.org)|70.86.182.49|:80... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: http://clisim.memostriamsdays.biz/f2ab0c/meets_weird-justification-telephone/shortest-abuse.php [following]
--2013-07-15 00:08:27--  http://clisim.memostriamsdays.biz/f2ab0c/meets_weird-justification-telephone/shortest-abuse.php
Resolving clisim.memostriamsdays.biz (clisim.memostriamsdays.biz)... 74.63.209.216
Connecting to clisim.memostriamsdays.biz (clisim.memostriamsdays.biz)|74.63.209.216|:80... connected.
HTTP request sent, awaiting response... 502 Bad Gateway
2013-07-15 00:08:28 ERROR 502: Bad Gateway.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
July 14, 2013, 11:06:38 PM
#3
ok, so I was at listentobitcoins.com 2 days ago. what should I expect?

I got to go to bed now but is this bad? According to my analysis of this first some lines It does:
eval("") which looks like the really interesting part is in http://www.justice research institute.org/changer.php

(I first tried to just understand this munged part but then decided to debug it after removing the eval part that I had figured out pretty quickly. At my first attempt my box was online, what I highly regret. Kids, don't do that at home. It's playing with fire. Wish I had a separate box that runs off a CD without HD or something for analyzing Viruses.)
member
Activity: 98
Merit: 10
Invest NASDAQ in Bitcoin
July 14, 2013, 08:41:42 PM
#2
Thanks! Can google chrome detects the malware?
sr. member
Activity: 364
Merit: 250
July 14, 2013, 07:20:09 PM
#1
According to reddit the website was sold and the new owner put malware in it!

More about this:
http://www.reddit.com/r/Bitcoin/comments/1ia7q2/listen_to_bitcoin_contains_malware/
Jump to: