Just wanted to let everyone know, that this thread has hit an awesome site (meaning more and more hackers have just received the same email I got).
http://www.f-secure.com/weblog/archives/00002187.html
In other words, stay frosty my friends!
Topic: Warning: DO NOT CLICK LINK IN PRIVATE MESSAGES (Read 15224 times)
Bitcoin needs some end-user encryption/protection to prevent unauthorized access.
Sure. Waiting hard for next release Nothing to contribute, bumping for educating other users. This sucks: I thought we'd have a little more time before people tried to pull this.
Honestly, I'm surprised it took this long. The only reason why it never happened before was because the value of the BTC was so low it wasn't worth the time to invest in creating the virus and spamming it. Now that 25,000 BTC is worth $500,000, it seemed it was only a matter of time and we're just getting started. Bitcoin needs some end-user encryption/protection to prevent unauthorized access.
Nothing to contribute, bumping for educating other users. This sucks: I thought we'd have a little more time before people tried to pull this.
Wow,
nice detective work everyone. If this is true something will have to be done? perhaps publicly naming and shaming is enough but the evidence must be concrete first.
nice detective work everyone. If this is true something will have to be done? perhaps publicly naming and shaming is enough but the evidence must be concrete first.
Doxing? In my forum.bitcoin.org?
His name isn't Mario; a quick search on his email reveals him to be Mariusz Stokłosa - someone who has clearly sold hacks before.
Here's some more info after a bit of digging:
[email protected] uses a polish phrase for his security question.
Searching 'blundcoder' returns results from various hacking forums.
One forum post by "BBOYMARIO" has [email protected] in his signature.
BBOYMARIO leads to a mySpace page by someone in Germany named Mario Basta. (Germany and Poland are neighboring countries)
That's all I got.
[email protected] uses a polish phrase for his security question.
Searching 'blundcoder' returns results from various hacking forums.
One forum post by "BBOYMARIO" has [email protected] in his signature.
BBOYMARIO leads to a mySpace page by someone in Germany named Mario Basta. (Germany and Poland are neighboring countries)
That's all I got.
Thanks for the information.
Interesting approach. It nice to know that the vast majority of users here who may have accidentally clicked on the link won't be affected. However it is disturbing to think that future miner GUI's or similar programs may be compromised.
How easily would anti-virus programs detect such a virus complied accidentally in a new program?
Interesting approach. It nice to know that the vast majority of users here who may have accidentally clicked on the link won't be affected. However it is disturbing to think that future miner GUI's or similar programs may be compromised.
How easily would anti-virus programs detect such a virus complied accidentally in a new program?
Very easy.
Here's the report: http://www.virustotal.com/file-scan/report.html?id=fe4aab0c8e62e3a2a285f9a4a1c7cb8f10fa97fe655ea7aa0b2f71d3e6ff94ca-1308154827
Also, it seems it uses the @wp.pl account as an SMTP relay to send the email to [email protected]. The @wp.pl account password has been changed (it was in plain text in the virus file) so this virus is now useless as it can no longer send email, it'd just fail to log in.
Actually, the first (wp.pl) address is used to send the wallet (via their SMTP server) - you can send your fan mail to [email protected].
The good news is that the password for the SMTP server doesn't seem to work anymore - ie. noone should be at risk anymore (unless you already opened it before).
At least the second time this guy strikes, earlier he promised a miner with increased efficiency. Please stay alert, I'm sure he'll back back (sadly).
The good news is that the password for the SMTP server doesn't seem to work anymore - ie. noone should be at risk anymore (unless you already opened it before).
At least the second time this guy strikes, earlier he promised a miner with increased efficiency. Please stay alert, I'm sure he'll back back (sadly).
Thanks for the information.
Interesting approach. It nice to know that the vast majority of users here who may have accidentally clicked on the link won't be affected. However it is disturbing to think that future miner GUI's or similar programs may be compromised.
How easily would anti-virus programs detect such a virus complied accidentally in a new program?
Interesting approach. It nice to know that the vast majority of users here who may have accidentally clicked on the link won't be affected. However it is disturbing to think that future miner GUI's or similar programs may be compromised.
How easily would anti-virus programs detect such a virus complied accidentally in a new program?
Sorry I posted about this as well before I saw this thread.
The information I gathered is here:
http://forum.bitcoin.org/index.php?topic=17373.0
Jimbo said that he caught a W32.Induc.A trojan.
But from what I can tell is that is a very specific delphi altering script.
Would that only be targeting bitcoin developers?
The information I gathered is here:
http://forum.bitcoin.org/index.php?topic=17373.0
Jimbo said that he caught a W32.Induc.A trojan.
But from what I can tell is that is a very specific delphi altering script.
Would that only be targeting bitcoin developers?
Yes, a quick hex edit of the file shows it reads wallet.dat.
Meaning that it would only be useful for stealing wallet.dat files from people who use the new software compiled in delphi or are more people at risk here?
Right, it emails wallet.dat to:
[email protected]
[email protected]
Sorry I posted about this as well before I saw this thread.
The information I gathered is here:
http://forum.bitcoin.org/index.php?topic=17373.0
Jimbo said that he caught a W32.Induc.A trojan.
But from what I can tell is that is a very specific delphi altering script.
Would that only be targeting bitcoin developers?
The information I gathered is here:
http://forum.bitcoin.org/index.php?topic=17373.0
Jimbo said that he caught a W32.Induc.A trojan.
But from what I can tell is that is a very specific delphi altering script.
Would that only be targeting bitcoin developers?
Yes, a quick hex edit of the file shows it reads wallet.dat.
Meaning that it would only be useful for stealing wallet.dat files from people who use the new software compiled in delphi or are more people at risk here?
Sorry I posted about this as well before I saw this thread.
The information I gathered is here:
http://forum.bitcoin.org/index.php?topic=17373.0
Jimbo said that he caught a W32.Induc.A trojan.
But from what I can tell is that is a very specific delphi altering script.
Would that only be targeting bitcoin developers?
The information I gathered is here:
http://forum.bitcoin.org/index.php?topic=17373.0
Jimbo said that he caught a W32.Induc.A trojan.
But from what I can tell is that is a very specific delphi altering script.
Would that only be targeting bitcoin developers?
Yes, a quick hex edit of the file shows it reads wallet.dat.
Sorry I posted about this as well before I saw this thread.
The information I gathered is here:
http://forum.bitcoin.org/index.php?topic=17373.0
Jimbo said that he caught a W32.Induc.A trojan.
But from what I can tell is that is a very specific delphi altering script.
Would that only be targeting bitcoin developers?
The information I gathered is here:
http://forum.bitcoin.org/index.php?topic=17373.0
Jimbo said that he caught a W32.Induc.A trojan.
But from what I can tell is that is a very specific delphi altering script.
Would that only be targeting bitcoin developers?
Another one: do not click on any URL shortened link, that also goes for forum posts. It might almost immediately open a legit site, but go through an intermediate infectious redirect.
This is a big flaw in the Bitcoin system and there's no easy way to fix it.
No - that's not a flaw in Bitcoin. Bitcoin works perfectly fine. If you execute untrusted code on a computer that you use for financial transactions it's your own fault.
Not every exploit requires user intervention. There are remote exploits that can be run from an open service or from browsing a website and not clicking anything. It's not hard to grab an IE 6/7/8 JS exploit and run a website with it embedded in there. The user wouldn't notice anything and wouldn't need to click anything. In fact, said exploit can be run from any website, even bitcoin.org if it were hacked. The fact that wallets can be read from without user intervention is an issue and the fact that you can send money from the command line is another issue.
I'm not an idiot. I didn't click run or save. I thought it was a picture file so I cliked it. Without a warning other will click it!!!!
Text:
Hello
Statements which should not be generally offensive, be excessively repeated or have bad formatting (spam), contain forbidden advertising or political or religious views, not be non-English when English is required, disclose personal data of others, or support any other rule violation.
Proof can be seen at:
http://xxxxxxxxx(added)images4u.hostil.pl/DS***054.jpg
One more warning and your account might be banned.
From Moonshadow~
I saw Moonshadow but didn't really look at the post count.
Text:
Hello
Statements which should not be generally offensive, be excessively repeated or have bad formatting (spam), contain forbidden advertising or political or religious views, not be non-English when English is required, disclose personal data of others, or support any other rule violation.
Proof can be seen at:
http://xxxxxxxxx(added)images4u.hostil.pl/DS***054.jpg
One more warning and your account might be banned.
From Moonshadow~
I saw Moonshadow but didn't really look at the post count.
This is a big flaw in the Bitcoin system and there's no easy way to fix it.
No - that's not a flaw in Bitcoin. Bitcoin works perfectly fine. If you execute untrusted code on a computer that you use for financial transactions it's your own fault.
This is big. Shouldn't this topic be sticked for a while?
A fool and his money are soon parted. If people are silly enough to click on fake/malicious links then they should take that as a lesson and learn from their mistakes. This is a big flaw in the Bitcoin system and there's no easy way to fix it. Even an encrypted wallet would mean nothing if the wallet is open and the password is stored in memory.
Jump to: