Strange. | Bitcointalksearch.org

empoweoqwj

hero member

Activity: 518

Merit: 500

Quote from: OnkelPaul on December 29, 2013, 08:44:26 AM

In any case, for someone who does not have prior experience or lots of interest in handling and analyzing malware the proper thing to do is simply deleting the file.
The possibly small gains in knowledge are not worth the effort of setting up a virtual machine environment and all that stuff.

Onkel Paul

Agreed. Don't play with fire. What's he going to learn exactly?

OnkelPaul

legendary

Activity: 1039

Merit: 1005

In any case, for someone who does not have prior experience or lots of interest in handling and analyzing malware the proper thing to do is simply deleting the file.
The possibly small gains in knowledge are not worth the effort of setting up a virtual machine environment and all that stuff.

Onkel Paul

Spendulus

legendary

Activity: 2912

Merit: 1386

Quote from: knightcoin on December 28, 2013, 04:53:38 PM

Quote from: empoweoqwj on December 28, 2013, 06:25:49 AM

Quote from: knightcoin on December 28, 2013, 05:29:40 AM

Quote from: empoweoqwj on December 27, 2013, 10:34:31 PM

Quote from: knightcoin on December 27, 2013, 03:57:52 AM

sandbox it ... open it in a virtual machine ( bastion host concept Roll Eyes

- old schoolz guys lang http://www.sans.org/security-resources/idfaq/bastion.php ), you can also save the machine state and back track.... that's what security researches do.

Why would you waste time on something that is clearly a scam? Just curious Wink

Because that's what security researches do, they need to understand the attacker mindset Wink

... I'm not involved
in that kind of security research anymore. I remember years ago when I got bit engaged with metasploit project ( at ruby gem rex phase, Good times so much funny as well.... when Yukihiro Matsumoto was trying to translate lambdas, "move forward or die" LOL I know hard to understand long history but was very funny at the time Cheesy

)

Well, HDM (I also send donation to his hacker foundation ) remember he was spend loads of time just sanitizing crap code ... He was looking for patterns, attacker's thoughts, etc ... and yes sometimes we need to record his talk burn a LP Vinyl Record and playback in 33rpm (Recordsand)

7th sphere, mean rapid7
http://youtu.be/x3-zKXiTpLE

nice haircut HD Grin

Cool. But he's just a dude, not a security analyst. He's going to learn nothing, just waste time, and possibly infect his system.

oh yes, ok. I agree with you. Wink

Not sure about that. First, no 'possibly infect his system' if using a virtual machine, or if infecting the virtual, scratch it and boot another, then infecting is proven. Nature of the scam could be valuable knowledge, advance warning to people of some new cryptolocker.

knightcoin

full member

Activity: 238

Merit: 100

Stand on the shoulders of giants

Quote from: empoweoqwj on December 28, 2013, 06:25:49 AM

Quote from: knightcoin on December 28, 2013, 05:29:40 AM

Quote from: empoweoqwj on December 27, 2013, 10:34:31 PM

Quote from: knightcoin on December 27, 2013, 03:57:52 AM

sandbox it ... open it in a virtual machine ( bastion host concept Roll Eyes

- old schoolz guys lang http://www.sans.org/security-resources/idfaq/bastion.php ), you can also save the machine state and back track.... that's what security researches do.

Why would you waste time on something that is clearly a scam? Just curious Wink

Because that's what security researches do, they need to understand the attacker mindset Wink

... I'm not involved
in that kind of security research anymore. I remember years ago when I got bit engaged with metasploit project ( at ruby gem rex phase, Good times so much funny as well.... when Yukihiro Matsumoto was trying to translate lambdas, "move forward or die" LOL I know hard to understand long history but was very funny at the time Cheesy

)

Well, HDM (I also send donation to his hacker foundation ) remember he was spend loads of time just sanitizing crap code ... He was looking for patterns, attacker's thoughts, etc ... and yes sometimes we need to record his talk burn a LP Vinyl Record and playback in 33rpm (Recordsand)

7th sphere, mean rapid7
http://youtu.be/x3-zKXiTpLE

nice haircut HD Grin

Cool. But he's just a dude, not a security analyst. He's going to learn nothing, just waste time, and possibly infect his system.

oh yes, ok. I agree with you. Wink

empoweoqwj

hero member

Activity: 518

Merit: 500

Quote from: knightcoin on December 28, 2013, 05:29:40 AM

Quote from: empoweoqwj on December 27, 2013, 10:34:31 PM

Quote from: knightcoin on December 27, 2013, 03:57:52 AM

sandbox it ... open it in a virtual machine ( bastion host concept Roll Eyes

- old schoolz guys lang http://www.sans.org/security-resources/idfaq/bastion.php ), you can also save the machine state and back track.... that's what security researches do.

Why would you waste time on something that is clearly a scam? Just curious Wink

Because that's what security researches do, they need to understand the attacker mindset Wink

... I'm not involved
in that kind of security research anymore. I remember years ago when I got bit engaged with metasploit project ( at ruby gem rex phase, Good times so much funny as well.... when Yukihiro Matsumoto was trying to translate lambdas, "move forward or die" LOL I know hard to understand long history but was very funny at the time Cheesy

)

Well, HDM (I also send donation to his hacker foundation ) remember he was spend loads of time just sanitizing crap code ... He was looking for patterns, attacker's thoughts, etc ... and yes sometimes we need to record his talk burn a LP Vinyl Record and playback in 33rpm (Recordsand)

7th sphere, mean rapid7
http://youtu.be/x3-zKXiTpLE

nice haircut HD Grin

Cool. But he's just a dude, not a security analyst. He's going to learn nothing, just waste time, and possibly infect his system.

knightcoin

full member

Activity: 238

Merit: 100

Stand on the shoulders of giants

Quote from: empoweoqwj on December 27, 2013, 10:34:31 PM

Quote from: knightcoin on December 27, 2013, 03:57:52 AM

sandbox it ... open it in a virtual machine ( bastion host concept Roll Eyes

- old schoolz guys lang http://www.sans.org/security-resources/idfaq/bastion.php ), you can also save the machine state and back track.... that's what security researches do.

Why would you waste time on something that is clearly a scam? Just curious Wink

Because that's what security researches do, they need to understand the attacker mindset Wink

... I'm not involved
in that kind of security research anymore. I remember years ago when I got bit engaged with metasploit project ( at ruby gem rex phase, Good times so much funny as well.... when Yukihiro Matsumoto was trying to translate lambdas, "move forward or die" LOL I know hard to understand long history but was very funny at the time Cheesy

)

Well, HDM (I also send donation to his hacker foundation ) remember he was spend loads of time just sanitizing crap code ... He was looking for patterns, attacker's thoughts, etc ... and yes sometimes we need to record his talk burn a LP Vinyl Record and playback in 33rpm (Recordsand)

7th sphere, mean rapid7
http://youtu.be/x3-zKXiTpLE

nice haircut HD Grin

empoweoqwj

hero member

Activity: 518

Merit: 500

Quote from: knightcoin on December 27, 2013, 03:57:52 AM

sandbox it ... open it in a virtual machine ( bastion host concept Roll Eyes

- old schoolz guys lang http://www.sans.org/security-resources/idfaq/bastion.php ), you can also save the machine state and back track.... that's what security researches do.

Why would you waste time on something that is clearly a scam? Just curious Wink

knightcoin

full member

Activity: 238

Merit: 100

Stand on the shoulders of giants

sandbox it ... open it in a virtual machine ( bastion host concept Roll Eyes

- old schoolz guys lang http://www.sans.org/security-resources/idfaq/bastion.php ), you can also save the machine state and back track.... that's what security researches do.

empoweoqwj

hero member

Activity: 518

Merit: 500

Quote from: cryptolaxy on December 26, 2013, 07:10:58 PM

I just got an email. Here is the content:
Hey Bro , i got wallet bitcoin , but i don't know how can i used it .. he have 5.63 BTC .. please try with it and let me know if you done it

Attachment: wallet.dat [23k]

What do you guys think?

Can't believe that someone won't know what to do with 5.63btc

Just delete and move on. Why do people waste time on these things? Its not like someone is really trying to give you any coins. If its not malware its a scam of another kind. Maybe the malware comes later once he's got your confidence.

DELETE!!

Darkster

newbie

Activity: 24

Merit: 0

Quote from: cryptolaxy on December 26, 2013, 07:46:02 PM

Quote from: odolvlobo on December 26, 2013, 07:42:34 PM

If it really is named wallet.dat, then I don't think there is anything to fear. My guess is that it will have no bitcoins and the scammer will ask you to send bitcoins to it as a test. Then he will take the bitcoins you sent. If you want to be safe, you can import the wallet.dat into a brand new blockchain.info wallet.

I really don't want to take any chances with Trojans and malwares.

I think you're right, wallet.dat itself can't be executed because .dat is not an executable file format like .exe, .com.

I also doubt there is some code in that file that would cause an overflow in a bitcoin wallet client but maybe indeed just to let you import it and don't know how to switch (back) to your own wallet so you're using that wallet and at the same time they have access to that wallet, or can't one wallet be used on multiple systems? (actually never tested that).

Take care,

Darkster

cryptolaxy

member

Activity: 103

Merit: 10

Quote from: odolvlobo on December 26, 2013, 07:42:34 PM

If it really is named wallet.dat, then I don't think there is anything to fear. My guess is that it will have no bitcoins and the scammer will ask you to send bitcoins to it as a test. Then he will take the bitcoins you sent. If you want to be safe, you can import the wallet.dat into a brand new blockchain.info wallet.

I really don't want to take any chances with Trojans and malwares.

odolvlobo

legendary

Activity: 4438

Merit: 3387

If it really is named wallet.dat, then I don't think there is anything to fear. My guess is that it will have no bitcoins and the scammer will ask you to send bitcoins to it as a test. Then he will take the bitcoins you sent. If you want to be safe, you can import the wallet.dat into a brand new blockchain.info wallet.

cryptolaxy

member

Activity: 103

Merit: 10

Quote from: OnkelPaul on December 26, 2013, 07:21:23 PM

If you know how to handle malware files safely (sandboxing, never executing stuff, extracting zip archives with safe tools etc.) you might be able to see what kind of bad dope you got there.
It's most likely an executable whose file extension has been hidden by the infamous Windows "hide known extensions" misfeature.

Onkel Paul

Really don't know how to sandbox it. I just deleted the whole email.

OnkelPaul

legendary

Activity: 1039

Merit: 1005

If you know how to handle malware files safely (sandboxing, never executing stuff, extracting zip archives with safe tools etc.) you might be able to see what kind of bad dope you got there.
It's most likely an executable whose file extension has been hidden by the infamous Windows "hide known extensions" misfeature.

Onkel Paul

cryptolaxy

member

Activity: 103

Merit: 10

Quote from: DavidZ on December 26, 2013, 07:16:58 PM

This is almost certainly malware. Delete it.

Thanks. Just deleted it.

DavidZ

newbie

Activity: 56

Merit: 0

This is almost certainly malware. Delete it.

cryptolaxy

member

Activity: 103

Merit: 10

I just got an email. Here is the content:
Hey Bro , i got wallet bitcoin , but i don't know how can i used it .. he have 5.63 BTC .. please try with it and let me know if you done it

Attachment: wallet.dat [23k]

What do you guys think?

Can't believe that someone won't know what to do with 5.63btc

Topic: Strange. (Read 2212 times)