MtGox Client Email! | Bitcointalksearch.org

SomeoneWeird

hero member

Activity: 700

Merit: 500

Quote from: Vladimir on June 20, 2011, 07:14:40 AM

If you had a non ecrypted wallet.dat on the compromised computer, transfer all the money you had there to a new secure wallet ASAP.

It wallet.dat was encrypted, first transfer it (and only it) to a secure computer. Than as skull88 said.

Using secure system change all your passwords, when changing every password repeat "I will not open email attachments, I will not open email attachments, I will not open email attachments..."

haha +1

CYPER

hero member

Activity: 812

Merit: 502

Quote from: Vladimir on June 20, 2011, 07:14:40 AM

If you had a non ecrypted wallet.dat on the compromised computer, transfer all the money you had there to a new secure wallet ASAP.

It wallet.dat was encrypted, first transfer it (and only it) to a secure computer. Than as skull88 said.

I have a wallet, but since I haven't started mining yet there are no coins in it.

Of f*** I so hate myself - I really don't want to reinstall Windows

Vladimir

hero member

Activity: 812

Merit: 1001

-

If you had a non ecrypted wallet.dat on the compromised computer, transfer all the money you had there to a new secure wallet ASAP.

It wallet.dat was encrypted, first transfer it (and only it) to a secure computer. Than as skull88 said.

Using secure system change all your passwords, when changing every password repeat "I will not open email attachments, I will not open email attachments, I will not open email attachments..."

ius

newbie

Activity: 56

Merit: 0

Quote from: CYPER on June 20, 2011, 07:05:40 AM

I don't have any coins yet, as I'm in the process of building a rig, so at least nothing to steal. But do you think the virus is so sophisticated that it can extract all of my saved passwords from Firefox for example?

One of the other stealers sent (Bitcoin_Exploit.rar) certainly did. Firefox, Chrome, Filezilla password caches and bitcoin wallet.

skull88

hero member

Activity: 683

Merit: 500

Quote from: CYPER on June 20, 2011, 06:47:24 AM

Well, call me stupid but I opened the file after I scanned it with MSE, so can you please tell me how can I clean my pc now, when no antivirus detects it as a potential threat?

Does it install any files which I can manually delete?

Change your passwords, backup your files, do a format and reinstall everything.
You will think twice in the future before opening an attachment.

SomeoneWeird

hero member

Activity: 700

Merit: 500

Quote from: CYPER on June 20, 2011, 07:05:40 AM

Quote from: SomeoneWeird on June 20, 2011, 06:57:20 AM

Quote from: CYPER on June 20, 2011, 06:47:24 AM

Well, call me stupid but I opened the file after I scanned it with MSE, so can you please tell me how can I clean my pc now, when no antivirus detects it as a potential threat?

Does it install any files which I can manually delete?

Run Mbam, SpyBot S&D and a couple of others and see if they pick anything up. And create a new wallet and move all your coins ASAP.

I don't have any coins yet, as I'm in the process of building a rig, so at least nothing to steal. But do you think the virus is so sophisticated that it can extract all of my saved passwords from Firefox for example?

Possibly, although they might have tried to keep it simple so it wouldn't set off any alarms (AV or IDS or otherwise).

CYPER

hero member

Activity: 812

Merit: 502

Quote from: SomeoneWeird on June 20, 2011, 06:57:20 AM

Quote from: CYPER on June 20, 2011, 06:47:24 AM

Well, call me stupid but I opened the file after I scanned it with MSE, so can you please tell me how can I clean my pc now, when no antivirus detects it as a potential threat?

Does it install any files which I can manually delete?

Run Mbam, SpyBot S&D and a couple of others and see if they pick anything up. And create a new wallet and move all your coins ASAP.

I don't have any coins yet, as I'm in the process of building a rig, so at least nothing to steal. But do you think the virus is so sophisticated that it can extract all of my saved passwords from Firefox for example?

SomeoneWeird

hero member

Activity: 700

Merit: 500

Quote from: CYPER on June 20, 2011, 06:47:24 AM

Well, call me stupid but I opened the file after I scanned it with MSE, so can you please tell me how can I clean my pc now, when no antivirus detects it as a potential threat?

Does it install any files which I can manually delete?

Run Mbam, SpyBot S&D and a couple of others and see if they pick anything up. And create a new wallet and move all your coins ASAP.

relative

newbie

Activity: 56

Merit: 0

there now is basically a list of people out there who have wallet.dat's on their computers.
have fun.

CYPER

hero member

Activity: 812

Merit: 502

Well, call me stupid but I opened the file after I scanned it with MSE, so can you please tell me how can I clean my pc now, when no antivirus detects it as a potential threat?

Does it install any files which I can manually delete?

Bazil

full member

Activity: 126

Merit: 100

This kind of crap is why I use a different email address for every single thing I sign up for.

Tx2000

full member

Activity: 182

Merit: 100

I think one should not open an attachment without 100% assurance that there is nothing malicious inside. Hell, I even ask my friends if they sent me an email attachment before I open it. Even then, I thoroughly scan the file to make sure. Caution and prevention are the the best weapons.

jatajuta

sr. member

Activity: 365

Merit: 250

Quote from: SomeoneWeird on June 19, 2011, 11:07:26 PM

Im not stupid enough to run it...

Just checking... Grin

Oldminer

legendary

Activity: 1022

Merit: 1001

A quick check of the email headers will tell you if its legit or not. If your not sure how to do that forward the email to Mtgox support team for advice (enter their email address as listed on their site dont simply reply to the email!).

chuckypalumbo

full member

Activity: 148

Merit: 100

I got this email an hour ago, I can now throw away my email address of 15 years at it will be scammed and phished to death through this.

SomeoneWeird

hero member

Activity: 700

Merit: 500

Quote from: jatajuta on June 19, 2011, 11:05:22 PM

Quote from: SomeoneWeird on June 19, 2011, 10:45:36 PM

Im pretty sure this is spam. The Email is as follows:

Quote

Dear Mt.Gox user,

Our database has been compromised, how you already know.

To protect your account in the future, please download the Certificate (self-extracting archive) from Attachment and install it.

If you were using the same password on Mt.Gox and other places (email, mybitcoin.com, etc), you should change this password as soon as possible.

Please accept our apologies for the troubles caused, and be certain we will do everything we can to keep the funds entrusted with us as secure as possible.

Any unauthorized access done to any account you own (email, mtgox, etc) should be reported to the appropriate authorities in your country.

Thanks,
The Mt.Gox team

Going to download the file and anubis it.

[Update - 3:45 GMT] Update: DO NOT DOWNLOAD ANYTHING
If you receive ANY email which seems coming from Mt.Gox asking you to download something (certificate, generating program, etc), DO NOT DOWNLOAD. Do not either input your password on any site which is not MTGOX.COM.

https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback

Im not stupid enough to run it...

jatajuta

sr. member

Activity: 365

Merit: 250

Quote from: SomeoneWeird on June 19, 2011, 10:45:36 PM

Im pretty sure this is spam. The Email is as follows:

Quote

Dear Mt.Gox user,

Our database has been compromised, how you already know.

To protect your account in the future, please download the Certificate (self-extracting archive) from Attachment and install it.

If you were using the same password on Mt.Gox and other places (email, mybitcoin.com, etc), you should change this password as soon as possible.

Please accept our apologies for the troubles caused, and be certain we will do everything we can to keep the funds entrusted with us as secure as possible.

Any unauthorized access done to any account you own (email, mtgox, etc) should be reported to the appropriate authorities in your country.

Thanks,
The Mt.Gox team

Going to download the file and anubis it.

[Update - 3:45 GMT] Update: DO NOT DOWNLOAD ANYTHING
If you receive ANY email which seems coming from Mt.Gox asking you to download something (certificate, generating program, etc), DO NOT DOWNLOAD. Do not either input your password on any site which is not MTGOX.COM.

https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback

SomeoneWeird

hero member

Activity: 700

Merit: 500

Quote from: Vladimir on June 19, 2011, 11:00:57 PM

"self-extracting archive" should scare the bejisus out of you kids.

It means untrusted code! An now... why would mtgox send you anything like this!

Yep.

https://anubis.iseclab.org/?action=result&task_id=1831b3136a13eee9419e962dd8416b9c1&format=html

Vladimir

hero member

Activity: 812

Merit: 1001

-

"self-extracting archive" should scare the bejisus out of you kids.

It means untrusted code! An now... why would mtgox send you anything like this!

SomeoneWeird

hero member

Activity: 700

Merit: 500

Quote from: finack on June 19, 2011, 10:50:53 PM

Sounds legit.

Mhmm. I'll report back with the results.

Topic: MtGox Client Email! (Read 3293 times)