Project-Bit (@ProjectBitCOM) confirmed MALICIOUS Software: Proof & documentation

grue

legendary

Activity: 2058

Merit: 1431

spawning random processes is pretty suspicious.

Luke-Jr

legendary

Activity: 2576

Merit: 1186

Zooey asked me to look at this.
I'm no security expert, so who knows if I'm missing something, but...

I don't see any evidence of malware here or in the reports, just a lot of technical information that tells nothing about the nature of the webpage/software.

Since I could be wrong, I did not personally open the "malicious" links in question, just in case, so there may be something obvious there I didn't see too.

Also, even if an antivirus vendor told me there was something malicious (which again, I don't see), I would take it with a grain of salt.
One thing anyone involved with Bitcoin mining should know, is that most antivirus software is itself malicious, labelling even legit mining software as viruses and malware when they are not.

Finally, I hate spam as much as the next person.
Please don't support spammers, whether their products/services are malicious or not.

Edit: Ok, I clicked the "malicious" link, and it's just a redirect to an EXE download. Obviously it'd be stupid to run it.
Edit: VirusTotal accuses this EXE of being a virus

Zooey

sr. member

Activity: 241

Merit: 250

Time you enjoy wasting is not wasted time.

Project-Bit which promotes software that claims to give away Bitcoins daily is here documented to be maliciously distributing malware executed through disguised requests in the links they spam all over the place. To help out the Google Bot: Project-Bit is a scam.

Links for info:
Owner of Youtube and linked Google + accounts: Benjamin Dimitriou
https://twitter.com/ProjectBitCOM aka @ProjectBitCOM
http://www.youtube.com/user/TheDykeMinglingFag
https://plus.google.com/u/0/117408554505736965633/about

2 active/recent posts linking malware:
http://www.youtube.com/watch?v=bF6JnszmzaE
https://twitter.com/ProjectBitCOM/status/330684568103448576

Identification and documentation of distributed malicious software

HIGHLIGHTED LINKS ARE CONFIRMED DANGEROUS: DO NOT CLICK.
The supposed 'free Bitcoin' injector has been such an obviously bogus idea that only the most greedy and stupid will have made a personal choice to download it... and so it's been fairly uninteresting to pay much attention to it even if some morons do download the program. But the critical threat I have identified today lies not in the bullshit software you knew not to download, but is instead heavily obfuscated as a hidden request in the very first link so that none of the mainstream URLscanners detect it. These links have not been flagged as containing malicious software by scans or members of the community until now:

http://bit.ly/ZLxxiw
http://bit.ly/158O6sB

Expanded URL (same for both): http://ge.tt/api/1/files/7B5eMhf/0/blob?download

Analyses below report specific malicious software threat:

WEPAWET Analysis report of expanded URL: http://wepawet.iseclab.org/view.php?hash=70746858ea93d8542f8fd780e45d47bc&t=1367926099&type=js

DETECTED obfuscated REQUEST: http://s3.kkloud.com/gett/38Mvgvf/ProjectBit.exe?response-content-disposition=attachmen%3B&AWSAccessKeyId=AKIAI7XHZJPL62V2UOVA&Signature=OHrIHgNqcohDn90Vkc%2BUynx8Ku0%3D&Expires=1367926132
TYPE: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
HASH: 33f9d0e68c5e836e44e9da4a82084dca

ANUBIS Analysis: 70746858ea93d8542f8fd780e45d47bc-3cd7ba7aae4c5c81fea54eb9810cf8b4-1367926099
MD5: 33f9d0e68c5e836e44e9da4a82084dca

FRONTPAGE / TASK OVERVIEW: http://anubis.iseclab.org/?action=result&task_id=100c823f931708fd4f906028da5da5e66
ANALYSIS Report (Direct links by format):

Topic: Project-Bit (@ProjectBitCOM) confirmed MALICIOUS Software: Proof & documentation (Read 4172 times)