Topic: Wallet Injector 2.0 on Youtube . Anyone wanna check it? (Read 5610 times)
Virus through watching a YouTube video? Now this I gotta see
The video is back. I'm reporting it violation of terms of service and all its incarnations. You should too.
He is not very smart, showing his wallet address.
Here is where he sent his coinies
0.01, 0.01, 0.01, 1.0 as shown in the video.
http://blockexplorer.com/address/1CCaPTSfkRYhn3ukWDLv4ur4AKLmdjePme
And here is the scan
http://www.virustotal.com/file-scan/report.html?id=7ca463885caaf3db2dc15a62edcdffa1cc4e820625fcbb4cabc4a95659afb148-1312572029
Too bad it's not fully detected yet, but VT will distribute it to antivius vendors to analyze/scan it again
Edit 1:
BTW can someone explain this transaction to me?
http://blockexplorer.com/tx/1d9c7ca2668f3173b0145969e58be2c281503add5830ffa3a82568253bd3d5ad#o1
http://blockexplorer.com/address/1618dCnRi6U2unkTn4fWGXhXLzQYi9dqGy
I am still not familiar with blockexplorer but 1000BTC looks interesting..
Edit 2:
I found out that's not the original video, he just downloaded and uploaded the video and put his own link/stealer.
The original one [with higher quality is most likely the original]
http://www.youtube.com/watch?v=8Hws-OruuqE
It contains also a malicious file i will reverse that one tomorrow, but it creates "Bitcoins Wallet Injecting.exe" [261120 Bytes] and "bot.exe" [33792 Bytes] in the temp folder, so it's obvious it's malicious :]
I second what bitrebel said, Don't download any of those files unless you know what you are doing.
Here is where he sent his coinies
0.01, 0.01, 0.01, 1.0 as shown in the video.
http://blockexplorer.com/address/1CCaPTSfkRYhn3ukWDLv4ur4AKLmdjePme
And here is the scan
http://www.virustotal.com/file-scan/report.html?id=7ca463885caaf3db2dc15a62edcdffa1cc4e820625fcbb4cabc4a95659afb148-1312572029
Too bad it's not fully detected yet, but VT will distribute it to antivius vendors to analyze/scan it again
Edit 1:
BTW can someone explain this transaction to me?
http://blockexplorer.com/tx/1d9c7ca2668f3173b0145969e58be2c281503add5830ffa3a82568253bd3d5ad#o1
http://blockexplorer.com/address/1618dCnRi6U2unkTn4fWGXhXLzQYi9dqGy
I am still not familiar with blockexplorer but 1000BTC looks interesting..
Edit 2:
I found out that's not the original video, he just downloaded and uploaded the video and put his own link/stealer.
The original one [with higher quality is most likely the original]
http://www.youtube.com/watch?v=8Hws-OruuqE
It contains also a malicious file i will reverse that one tomorrow, but it creates "Bitcoins Wallet Injecting.exe" [261120 Bytes] and "bot.exe" [33792 Bytes] in the temp folder, so it's obvious it's malicious :]
I second what bitrebel said, Don't download any of those files unless you know what you are doing.
Flagged the video and reported the Megaupload download.
I also flagged the video and commented. Wouldn't let me copy the thread link.
Flagged the video and reported the Megaupload download.
Here is a quick anatomy of the file 
First of all you won't get infected if you watched the video you will get infected if you downloaded the file in the video description [megaupload link].
It is a visualbasic file
It steals your \Bitcoin\wallet.dat.
It collects your conputer information.
It connects to smtp.gmail.com and sends an email to [email protected] with the info.
E.G:
First of all you won't get infected if you watched the video you will get infected if you downloaded the file in the video description [megaupload link].
It is a visualbasic file
It steals your \Bitcoin\wallet.dat.
It collects your conputer information.
It connects to smtp.gmail.com and sends an email to [email protected] with the info.
E.G:
Quote
Wallet taken from:
System Information
Operating System
Platform
Version
User
Language
Network
Display
Resolution
Workspace
Client-IP
It's pooly coded, most likely a ripped source or something, not custom made, i doubt it will succeed in stealing your info System Information
Operating System
Platform
Version
User
Language
Network
Display
Resolution
Workspace
Client-IP
Nice work! Get the smtp password, log into gmail and set up a forward + delete rule, send the stolen coins to the faucet
Thanks, Newminerr,
You are an asset to the community.
So, when you think you'll be able to download a file to help you steal other people's wallet, it actually steals your wallet? That's pretty cool, actually. Now maybe we can upload a fix and steal everything he steals, and mail it all to Bruce.
You are an asset to the community.
So, when you think you'll be able to download a file to help you steal other people's wallet, it actually steals your wallet? That's pretty cool, actually. Now maybe we can upload a fix and steal everything he steals, and mail it all to Bruce.
You know, I think I'm going to pass on clicking that link.
Here is a quick anatomy of the file
First of all you won't get infected if you watched the video you will get infected if you downloaded the file in the video description [megaupload link].
It is a visualbasic file
It steals your \Bitcoin\wallet.dat.
It collects your conputer information.
It connects to smtp.gmail.com and sends an email to [email protected] with the info.
E.G:
First of all you won't get infected if you watched the video you will get infected if you downloaded the file in the video description [megaupload link].
It is a visualbasic file
It steals your \Bitcoin\wallet.dat.
It collects your conputer information.
It connects to smtp.gmail.com and sends an email to [email protected] with the info.
E.G:
Quote
Wallet taken from:
System Information
Operating System
Platform
Version
User
Language
Network
Display
Resolution
Workspace
Client-IP
It's pooly coded, most likely a ripped source or something, not custom made, i doubt it will succeed in stealing your info System Information
Operating System
Platform
Version
User
Language
Network
Display
Resolution
Workspace
Client-IP
That's stupid. Even if it can inject a payment into your wallet, that doesn't mean you can spend the funds on the network; you just have a corrupted wallet!
Most likely a scam that empties your wallet too.
Most likely a scam that empties your wallet too.
It is a scam. It's used to steal people's wallet files. I'm wondering if it works, how well it works, and if the virus can be downloaded to you by watching the video. If it's already advertising the stealing of wallets, who's to say if he disguises the method and uses it against you?
That's stupid. Even if it can inject a payment into your wallet, that doesn't mean you can spend the funds on the network; you just have a corrupted wallet!
Most likely a scam that empties your wallet too.
Most likely a scam that empties your wallet too.
imma give it a go
http://www.youtube.com/watch?v=lxaigv0Ymgk
Do not click on the link unless you have good virus protection and know your stuff.
Anyone wanna check it for us? Post the results. Relay the info. Is this a new virus or an improvement on an old one?
I won't click many of those links because I got a virus by clicking on a youtube video once. Now i'm a bit paranoid, even though I run antivirus.
Do not click on the link unless you have good virus protection and know your stuff.
Anyone wanna check it for us? Post the results. Relay the info. Is this a new virus or an improvement on an old one?
I won't click many of those links because I got a virus by clicking on a youtube video once. Now i'm a bit paranoid, even though I run antivirus.
Jump to: