Author

Topic: Strange. (Read 2223 times)

hero member
Activity: 518
Merit: 500
December 29, 2013, 09:22:03 PM
#17
In any case, for someone who does not have prior experience or lots of interest in handling and analyzing malware the proper thing to do is simply deleting the file.
The possibly small gains in knowledge are not worth the effort of setting up a virtual machine environment and all that stuff.

Onkel Paul

Agreed. Don't play with fire. What's he going to learn exactly?
legendary
Activity: 1039
Merit: 1005
December 29, 2013, 07:44:26 AM
#16
In any case, for someone who does not have prior experience or lots of interest in handling and analyzing malware the proper thing to do is simply deleting the file.
The possibly small gains in knowledge are not worth the effort of setting up a virtual machine environment and all that stuff.

Onkel Paul
legendary
Activity: 2926
Merit: 1386
December 29, 2013, 01:47:29 AM
#15
sandbox it ... open it in a virtual machine ( bastion host concept  Roll Eyes - old schoolz guys lang http://www.sans.org/security-resources/idfaq/bastion.php ), you can also save the machine state and back track.... that's what security researches do.

Why would you waste time on something that is clearly a scam? Just curious Wink

Because that's what security researches do, they need to understand the attacker mindset Wink ... I'm not involved
in that kind of security research anymore. I remember years ago when I got bit engaged with metasploit project ( at ruby gem rex phase, Good times so much funny as well.... when Yukihiro Matsumoto was trying to translate lambdas, "move forward or die" LOL I know hard to understand long history but was very funny at the time Cheesy )

Well, HDM (I also send donation to his hacker foundation ) remember he was spend loads of time just sanitizing crap code ... He was looking for patterns, attacker's thoughts, etc ... and yes sometimes we need to record his talk burn a LP Vinyl Record and playback in 33rpm (Recordsand)   

7th sphere, mean rapid7
http://youtu.be/x3-zKXiTpLE

nice haircut HD  Grin

Cool. But he's just a dude, not a security analyst. He's going to learn nothing, just waste time, and possibly infect his system.

oh yes, ok. I agree with you. Wink
Not sure about that.  First, no 'possibly infect his system' if using a virtual machine, or if infecting the virtual, scratch it and boot another, then infecting is proven.  Nature of the scam could be valuable knowledge, advance warning to people of some new cryptolocker.
full member
Activity: 238
Merit: 100
Stand on the shoulders of giants
December 28, 2013, 03:53:38 PM
#14
sandbox it ... open it in a virtual machine ( bastion host concept  Roll Eyes - old schoolz guys lang http://www.sans.org/security-resources/idfaq/bastion.php ), you can also save the machine state and back track.... that's what security researches do.

Why would you waste time on something that is clearly a scam? Just curious Wink

Because that's what security researches do, they need to understand the attacker mindset Wink ... I'm not involved
in that kind of security research anymore. I remember years ago when I got bit engaged with metasploit project ( at ruby gem rex phase, Good times so much funny as well.... when Yukihiro Matsumoto was trying to translate lambdas, "move forward or die" LOL I know hard to understand long history but was very funny at the time Cheesy )

Well, HDM (I also send donation to his hacker foundation ) remember he was spend loads of time just sanitizing crap code ... He was looking for patterns, attacker's thoughts, etc ... and yes sometimes we need to record his talk burn a LP Vinyl Record and playback in 33rpm (Recordsand)   

7th sphere, mean rapid7
http://youtu.be/x3-zKXiTpLE

nice haircut HD  Grin

Cool. But he's just a dude, not a security analyst. He's going to learn nothing, just waste time, and possibly infect his system.

oh yes, ok. I agree with you. Wink
hero member
Activity: 518
Merit: 500
December 28, 2013, 05:25:49 AM
#13
sandbox it ... open it in a virtual machine ( bastion host concept  Roll Eyes - old schoolz guys lang http://www.sans.org/security-resources/idfaq/bastion.php ), you can also save the machine state and back track.... that's what security researches do.

Why would you waste time on something that is clearly a scam? Just curious Wink

Because that's what security researches do, they need to understand the attacker mindset Wink ... I'm not involved
in that kind of security research anymore. I remember years ago when I got bit engaged with metasploit project ( at ruby gem rex phase, Good times so much funny as well.... when Yukihiro Matsumoto was trying to translate lambdas, "move forward or die" LOL I know hard to understand long history but was very funny at the time Cheesy )

Well, HDM (I also send donation to his hacker foundation ) remember he was spend loads of time just sanitizing crap code ... He was looking for patterns, attacker's thoughts, etc ... and yes sometimes we need to record his talk burn a LP Vinyl Record and playback in 33rpm (Recordsand)   

7th sphere, mean rapid7
http://youtu.be/x3-zKXiTpLE

nice haircut HD  Grin

Cool. But he's just a dude, not a security analyst. He's going to learn nothing, just waste time, and possibly infect his system.
full member
Activity: 238
Merit: 100
Stand on the shoulders of giants
December 28, 2013, 04:29:40 AM
#12
sandbox it ... open it in a virtual machine ( bastion host concept  Roll Eyes - old schoolz guys lang http://www.sans.org/security-resources/idfaq/bastion.php ), you can also save the machine state and back track.... that's what security researches do.

Why would you waste time on something that is clearly a scam? Just curious Wink

Because that's what security researches do, they need to understand the attacker mindset Wink ... I'm not involved
in that kind of security research anymore. I remember years ago when I got bit engaged with metasploit project ( at ruby gem rex phase, Good times so much funny as well.... when Yukihiro Matsumoto was trying to translate lambdas, "move forward or die" LOL I know hard to understand long history but was very funny at the time Cheesy )

Well, HDM (I also send donation to his hacker foundation ) remember he was spend loads of time just sanitizing crap code ... He was looking for patterns, attacker's thoughts, etc ... and yes sometimes we need to record his talk burn a LP Vinyl Record and playback in 33rpm (Recordsand)   

7th sphere, mean rapid7
http://youtu.be/x3-zKXiTpLE

nice haircut HD  Grin
hero member
Activity: 518
Merit: 500
December 27, 2013, 09:34:31 PM
#11
sandbox it ... open it in a virtual machine ( bastion host concept  Roll Eyes - old schoolz guys lang http://www.sans.org/security-resources/idfaq/bastion.php ), you can also save the machine state and back track.... that's what security researches do.

Why would you waste time on something that is clearly a scam? Just curious Wink
full member
Activity: 238
Merit: 100
Stand on the shoulders of giants
December 27, 2013, 02:57:52 AM
#10
sandbox it ... open it in a virtual machine ( bastion host concept  Roll Eyes - old schoolz guys lang http://www.sans.org/security-resources/idfaq/bastion.php ), you can also save the machine state and back track.... that's what security researches do.
hero member
Activity: 518
Merit: 500
December 26, 2013, 08:09:53 PM
#9
I just got an email. Here is the content:
Hey Bro , i got wallet bitcoin , but i don't know how can i used it .. he have 5.63 BTC ..  please try with it and let me know if you done it

Attachment: wallet.dat [23k]



What do you guys think?

Can't believe that someone won't know what to do with 5.63btc

Just delete and move on. Why do people waste time on these things? Its not like someone is really trying to give you any coins. If its not malware its a scam of another kind. Maybe the malware comes later once he's got your confidence.

DELETE!!
newbie
Activity: 24
Merit: 0
December 26, 2013, 07:11:09 PM
#8
If it really is named wallet.dat, then I don't think there is anything to fear. My guess is that it will have no bitcoins and the scammer will ask you to send bitcoins to it as a test. Then he will take the bitcoins you sent. If you want to be safe, you can import the wallet.dat into a brand new blockchain.info wallet.

I really don't want to take any chances with Trojans and malwares.

I think you're right, wallet.dat itself can't be executed because .dat is not an executable file format like .exe, .com.

I also doubt there is some code in that file that would cause an overflow in a bitcoin wallet client but maybe indeed just to let you import it and don't know how to switch (back) to your own wallet so you're using that wallet and at the same time they have access to that wallet, or can't one wallet be used on multiple systems? (actually never tested that).

Take care,

Darkster
member
Activity: 103
Merit: 10
December 26, 2013, 06:46:02 PM
#7
If it really is named wallet.dat, then I don't think there is anything to fear. My guess is that it will have no bitcoins and the scammer will ask you to send bitcoins to it as a test. Then he will take the bitcoins you sent. If you want to be safe, you can import the wallet.dat into a brand new blockchain.info wallet.

I really don't want to take any chances with Trojans and malwares.
legendary
Activity: 4466
Merit: 3391
December 26, 2013, 06:42:34 PM
#6
If it really is named wallet.dat, then I don't think there is anything to fear. My guess is that it will have no bitcoins and the scammer will ask you to send bitcoins to it as a test. Then he will take the bitcoins you sent. If you want to be safe, you can import the wallet.dat into a brand new blockchain.info wallet.
member
Activity: 103
Merit: 10
December 26, 2013, 06:25:47 PM
#5
If you know how to handle malware files safely (sandboxing, never executing stuff, extracting zip archives with safe tools etc.) you might be able to see what kind of bad dope you got there.
It's most likely an executable whose file extension has been hidden by the infamous Windows "hide known extensions" misfeature.

Onkel Paul
Really don't know how to sandbox it. I just deleted the whole email.
legendary
Activity: 1039
Merit: 1005
December 26, 2013, 06:21:23 PM
#4
If you know how to handle malware files safely (sandboxing, never executing stuff, extracting zip archives with safe tools etc.) you might be able to see what kind of bad dope you got there.
It's most likely an executable whose file extension has been hidden by the infamous Windows "hide known extensions" misfeature.

Onkel Paul
member
Activity: 103
Merit: 10
December 26, 2013, 06:19:57 PM
#3
This is almost certainly malware. Delete it.
Thanks. Just deleted it.
newbie
Activity: 56
Merit: 0
December 26, 2013, 06:16:58 PM
#2
This is almost certainly malware. Delete it.
member
Activity: 103
Merit: 10
December 26, 2013, 06:10:58 PM
#1
I just got an email. Here is the content:
Hey Bro , i got wallet bitcoin , but i don't know how can i used it .. he have 5.63 BTC ..  please try with it and let me know if you done it

Attachment: wallet.dat [23k]



What do you guys think?

Can't believe that someone won't know what to do with 5.63btc
Jump to: