sad to see such a domain being abused.
agree
Topic: *WARNING* "Bitcoin.org/Bitcoin.com" Phishing Scam!!! Possibly originating here (Read 1714 times)
December 04, 2014, 06:42:16 PM
agree
December 04, 2014, 10:00:12 AM
sad to see such a domain being abused.
December 04, 2014, 01:13:59 AM
I get e-mails all the time saying someone sent 8 btc to my wallet and asking me to download a file with the transaction attached. I of course delete the attachment and the e-mail. Occasionally I launch a profanity laced reply but only when the mood hits me.
December 03, 2014, 08:54:47 PM
Flag #4 - Payload file name included last four digits of my SSN.
This is what scares me. Phishing mails are no longer mass mailed in the hope that at least one in a million falls for it. They seem to be targeting specific individuals. We really have to be on our toes.
December 03, 2014, 10:08:29 AM
December 03, 2014, 01:13:19 AM
*scammer-hackers
some of us "hackers" are the good guys
some of us "hackers" are the good guys
True I guess you have a point
December 03, 2014, 12:44:39 AM
*scammer-hackers
some of us "hackers" are the good guys
some of us "hackers" are the good guys
December 03, 2014, 12:32:31 AM
I hate hackers / scammers.. I wish we could stop them all TOGETHER
December 03, 2014, 12:27:09 AM
Just seeing this now...sorry guys...don't have a sandbox on the station I'm on...
December 02, 2014, 10:27:13 PM
Very interesting.
Going to look into this as it is quite a problem if indeed what I think it is...
Going to look into this as it is quite a problem if indeed what I think it is...
December 02, 2014, 10:12:47 PM
Note: Just got a reply from Mandrik @blockchain.info - so I guess they're aware of it now. Hopefully this will get fixed and spammers won't be able to send from this domain at the very least.
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
December 02, 2014, 09:34:17 PM
Who can I contact about this?
Can you privately send me a link to this java malware for me to analyze?Once you are done analyzing, would you mind posting your findings here?
December 02, 2014, 09:26:49 PM
Who can I contact about this?
Can you privately send me a link to this java malware for me to analyze?Once you are done analyzing, would you mind posting your findings here?
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
December 02, 2014, 09:05:19 PM
Who can I contact about this?
Can you privately send me a link to this java malware for me to analyze? December 02, 2014, 08:56:42 PM
Who can I contact about this?
Try contacting blockchain.info (I dunno what's the best way, I just tried sending them a msg on reddit).
December 02, 2014, 08:51:20 PM
Who can I contact about this?
December 02, 2014, 08:44:07 PM
In order to prevent such phishing scam from @bitcoin.com, blockchain.info would have to set clear DMARC, DKIM and SPF policies on their DNS:
https://dmarcian.com/dmarc-inspector/bitcoin.com
https://dmarcian.com/dmarc-inspector/bitcoin.com
December 02, 2014, 07:19:31 PM
Definitely looks like malware, possibly coin-stealing. I'm interested to see if anyone with a spare offline machine they're willing to get "dirty" would have any luck decompiling this with a Java decompiler. I've never seen Java that can actually act as a full-system rootkit, at least without JNI.
Hello
I recently received a (relatively) sophisticated phishing attack via email. The payload seems to be a java root kit.
The email sender was labelled "Bitcoin.org", but the actual email was "[email protected]". The subject read "The transaction has completed successfully."
Flag #1 - I have not made any Bitcoin transactions for over a week.
Flag #2 - "no-replay"
Flag #3 - Recently made email in question public on bitcointalk.org.
Flag #4 - Payload file name included last four digits of my SSN.
The message contents were as follows:
Online Payment Details https://www.bitcoin.org/Ref-XXXXXXXXXXXX (linked to http://[Suspicious link removed]/Bitcoin-transactionSSSS)
SSSS represents the last four digits of my SSN. This part concerns me the most, although linking of this email (my main public email) to my the last digits of SSN wouldn't be too difficult.
The transaction has completed successfully. The order number, for your customers reference is:Ref-XXXXXXXXXXXX-XXXXX.
Additional Payload info:
File: Bitcoin_transactionSSSS.jar
File type: Java JAR (226 Kb)
From: http://www.thedumps.ru
I recently received a (relatively) sophisticated phishing attack via email. The payload seems to be a java root kit.
The email sender was labelled "Bitcoin.org", but the actual email was "[email protected]". The subject read "The transaction has completed successfully."
Flag #1 - I have not made any Bitcoin transactions for over a week.
Flag #2 - "no-replay"
Flag #3 - Recently made email in question public on bitcointalk.org.
Flag #4 - Payload file name included last four digits of my SSN.
The message contents were as follows:
Online Payment Details https://www.bitcoin.org/Ref-XXXXXXXXXXXX (linked to http://[Suspicious link removed]/Bitcoin-transactionSSSS)
SSSS represents the last four digits of my SSN. This part concerns me the most, although linking of this email (my main public email) to my the last digits of SSN wouldn't be too difficult.
The transaction has completed successfully. The order number, for your customers reference is:Ref-XXXXXXXXXXXX-XXXXX.
Additional Payload info:
File: Bitcoin_transactionSSSS.jar
File type: Java JAR (226 Kb)
From: http://www.thedumps.ru
December 02, 2014, 06:54:59 PM
Hello
I recently received a (relatively) sophisticated phishing attack via email. The payload seems to be a java root kit.
The email sender was labelled "Bitcoin.org", but the actual email was "[email protected]". The subject read "The transaction has completed successfully."
Flag #1 - I have not made any Bitcoin transactions for over a week.
Flag #2 - "no-replay"
Flag #3 - Recently made email in question public on bitcointalk.org.
Flag #4 - Payload file name included last four digits of my SSN.
The message contents were as follows:
Online Payment Details https://www.bitcoin.org/Ref-XXXXXXXXXXXX (linked to http://[Suspicious link removed]/Bitcoin-transactionSSSS)
SSSS represents the last four digits of my SSN. This part concerns me the most, although linking of this email (my main public email) to my the last digits of SSN wouldn't be too difficult.
The transaction has completed successfully. The order number, for your customers reference is:Ref-XXXXXXXXXXXX-XXXXX.
Additional Payload info:
File: Bitcoin_transactionSSSS.jar
File type: Java JAR (226 Kb)
From: http://www.thedumps.ru
I recently received a (relatively) sophisticated phishing attack via email. The payload seems to be a java root kit.
The email sender was labelled "Bitcoin.org", but the actual email was "[email protected]". The subject read "The transaction has completed successfully."
Flag #1 - I have not made any Bitcoin transactions for over a week.
Flag #2 - "no-replay"
Flag #3 - Recently made email in question public on bitcointalk.org.
Flag #4 - Payload file name included last four digits of my SSN.
The message contents were as follows:
Online Payment Details https://www.bitcoin.org/Ref-XXXXXXXXXXXX (linked to http://[Suspicious link removed]/Bitcoin-transactionSSSS)
SSSS represents the last four digits of my SSN. This part concerns me the most, although linking of this email (my main public email) to my the last digits of SSN wouldn't be too difficult.
The transaction has completed successfully. The order number, for your customers reference is:Ref-XXXXXXXXXXXX-XXXXX.
Additional Payload info:
File: Bitcoin_transactionSSSS.jar
File type: Java JAR (226 Kb)
From: http://www.thedumps.ru
Jump to: