Pages:
Author

Topic: Warning: DO NOT CLICK LINK IN PRIVATE MESSAGES (Read 15239 times)

hero member
Activity: 560
Merit: 500
Just wanted to let everyone know, that this thread has hit an awesome site (meaning more and more hackers have just received the same email I got).
http://www.f-secure.com/weblog/archives/00002187.html

In other words, stay frosty my friends!
legendary
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
Bitcoin needs some end-user encryption/protection to prevent unauthorized access.
Sure. Waiting hard for next release
member
Activity: 84
Merit: 10
Nothing to contribute, bumping for educating other users. This sucks: I thought we'd have a little more time before people tried to pull this.

Honestly, I'm surprised it took this long. The only reason why it never happened before was because the value of the BTC was so low it wasn't worth the time to invest in creating the virus and spamming it. Now that 25,000 BTC is worth $500,000, it seemed it was only a matter of time and we're just getting started. Bitcoin needs some end-user encryption/protection to prevent unauthorized access.
hero member
Activity: 630
Merit: 500
Nothing to contribute, bumping for educating other users. This sucks: I thought we'd have a little more time before people tried to pull this.
newbie
Activity: 30
Merit: 0
Wow,

nice detective work everyone. If this is true something will have to be done? perhaps publicly naming and shaming is enough but the evidence must be concrete first.

legendary
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
Doxing? In my forum.bitcoin.org?
member
Activity: 69
Merit: 10
firstbits.com/1c3qpa
His name isn't Mario; a quick search on his email reveals him to be Mariusz Stokłosa - someone who has clearly sold hacks before.
member
Activity: 84
Merit: 10
Here's some more info after a bit of digging:

[email protected] uses a polish phrase for his security question.
Searching 'blundcoder' returns results from various hacking forums.
One forum post by "BBOYMARIO" has [email protected] in his signature.
BBOYMARIO leads to a mySpace page by someone in Germany named Mario Basta. (Germany and Poland are neighboring countries)

That's all I got.
member
Activity: 84
Merit: 10
Thanks for the information.

Interesting approach. It nice to know that the vast majority of users here who may have accidentally clicked on the link won't be affected. However it is disturbing to think that future miner GUI's or similar programs may be compromised.
How easily would anti-virus programs detect such a virus complied accidentally in a new program?



Very easy.

Here's the report: http://www.virustotal.com/file-scan/report.html?id=fe4aab0c8e62e3a2a285f9a4a1c7cb8f10fa97fe655ea7aa0b2f71d3e6ff94ca-1308154827

Also, it seems it uses the @wp.pl account as an SMTP relay to send the email to [email protected]. The @wp.pl account password has been changed (it was in plain text in the virus file) so this virus is now useless as it can no longer send email, it'd just fail to log in.
ius
newbie
Activity: 56
Merit: 0
Actually, the first (wp.pl) address is used to send the wallet (via their SMTP server) - you can send your fan mail to [email protected].

The good news is that the password for the SMTP server doesn't seem to work anymore - ie. noone should be at risk anymore (unless you already opened it before).

At least the second time this guy strikes, earlier he promised a miner with increased efficiency. Please stay alert, I'm sure he'll back back (sadly).
member
Activity: 105
Merit: 10
Spreading Bitcoin love
Thanks for the information.

Interesting approach. It nice to know that the vast majority of users here who may have accidentally clicked on the link won't be affected. However it is disturbing to think that future miner GUI's or similar programs may be compromised.
How easily would anti-virus programs detect such a virus complied accidentally in a new program?

member
Activity: 84
Merit: 10
Sorry I posted about this as well before I saw this thread.

The information I gathered is here:

http://forum.bitcoin.org/index.php?topic=17373.0

Jimbo said that he caught a W32.Induc.A trojan.

But from what I can tell is that is a very specific delphi altering script.
Would that only be targeting bitcoin developers?


Yes, a quick hex edit of the file shows it reads wallet.dat.

Meaning that it would only be useful for stealing wallet.dat files from people who use the new software compiled in delphi or are more people at risk here?


Right, it emails wallet.dat to:

[email protected]
[email protected]
member
Activity: 105
Merit: 10
Spreading Bitcoin love
Sorry I posted about this as well before I saw this thread.

The information I gathered is here:

http://forum.bitcoin.org/index.php?topic=17373.0

Jimbo said that he caught a W32.Induc.A trojan.

But from what I can tell is that is a very specific delphi altering script.
Would that only be targeting bitcoin developers?


Yes, a quick hex edit of the file shows it reads wallet.dat.

Meaning that it would only be useful for stealing wallet.dat files from people who use the new software compiled in delphi or are more people at risk here?
member
Activity: 84
Merit: 10
Sorry I posted about this as well before I saw this thread.

The information I gathered is here:

http://forum.bitcoin.org/index.php?topic=17373.0

Jimbo said that he caught a W32.Induc.A trojan.

But from what I can tell is that is a very specific delphi altering script.
Would that only be targeting bitcoin developers?


Yes, a quick hex edit of the file shows it reads wallet.dat.
member
Activity: 105
Merit: 10
Spreading Bitcoin love
Sorry I posted about this as well before I saw this thread.

The information I gathered is here:

http://forum.bitcoin.org/index.php?topic=17373.0

Jimbo said that he caught a W32.Induc.A trojan.

But from what I can tell is that is a very specific delphi altering script.
Would that only be targeting bitcoin developers?
jr. member
Activity: 56
Merit: 1
Another one: do not click on any URL shortened link, that also goes for forum posts. It might almost immediately open a legit site, but go through an intermediate infectious redirect.
member
Activity: 84
Merit: 10
This is a big flaw in the Bitcoin system and there's no easy way to fix it.

No - that's not a flaw in Bitcoin. Bitcoin works perfectly fine. If you execute untrusted code on a computer that you use for financial transactions it's your own fault.

Not every exploit requires user intervention. There are remote exploits that can be run from an open service or from browsing a website and not clicking anything. It's not hard to grab an IE 6/7/8 JS exploit and run a website with it embedded in there. The user wouldn't notice anything and wouldn't need to click anything. In fact, said exploit can be run from any website, even bitcoin.org if it were hacked. The fact that wallets can be read from without user intervention is an issue and the fact that you can send money from the command line is another issue.
member
Activity: 224
Merit: 10
I'm not an idiot. I didn't click run or save. I thought it was a picture file so I cliked it. Without a warning other will click it!!!!

Text:

Hello

Statements which should not be generally offensive, be excessively repeated or have bad formatting (spam), contain forbidden advertising or political or religious views, not be non-English when English is required, disclose personal data of others, or support any other rule violation.

Proof can be seen at:
http://xxxxxxxxx(added)images4u.hostil.pl/DS***054.jpg

One more warning and your account might be banned.

From Moonshadow~

I saw Moonshadow but didn't really look at the post count.
gst
newbie
Activity: 38
Merit: 0
This is a big flaw in the Bitcoin system and there's no easy way to fix it.

No - that's not a flaw in Bitcoin. Bitcoin works perfectly fine. If you execute untrusted code on a computer that you use for financial transactions it's your own fault.
member
Activity: 84
Merit: 10
This is big. Shouldn't this topic be sticked for a while?

A fool and his money are soon parted. If people are silly enough to click on fake/malicious links then they should take that as a lesson and learn from their mistakes. This is a big flaw in the Bitcoin system and there's no easy way to fix it. Even an encrypted wallet would mean nothing if the wallet is open and the password is stored in memory.
Pages:
Jump to: