Author

Topic: [Warning] Phishing, Scam, trojan (Read 1043 times)

full member
Activity: 171
Merit: 100
September 09, 2013, 05:10:57 PM
#9
I don't get it it is a scam right?
hero member
Activity: 756
Merit: 501
September 09, 2013, 04:04:31 PM
#8
Yeah I thought about posting it too, but I think disclosure was the way to go, especially since I was sure I wasn't the only one who'd find it. From what i saw the file doesn't contain much legit account info, it even looks like someone let run a script to spam the file (look at all the g00dpa$$w0rd), ofcourse I could be wrong.
Anyways, this looks like the work of an amateur, could be a reverse honeypot though (making us feel safe, then using a 0day on us).
Totally hope affected users noticed the site is fake and changed their passwords.
member
Activity: 84
Merit: 10
September 09, 2013, 03:55:59 PM
#7

I think the .us would be the first sign.

~BCX~

Well, I almost fall for it  Cheesy
The download was a .zip file, had it be an .exe I would of know it was a scam right away.  Grin
But the "story" was really well done, it was actually an interesting reading  Cheesy


http://   bitcointalk   .us/

lolwut

edit: Yes, passes.txt is what you think. WTF
edit: the amount of boot.ini and win.ini in that file is interesting, i bet the site has some drive by shit aswell.

I found "http://   bitcointalk   .us/" too, but didn't want to make it public because of the passes.txt
I'm new to bitcointalk so I didn't know who theymos was until I searched his profile. Let's hope those password aren't real   Roll Eyes
now that it's public, let's hope those people who tried to log in are aware of the phishing and have changed their password.
copper member
Activity: 3948
Merit: 2201
Verified awesomeness ✔
September 09, 2013, 03:42:24 PM
#6
Thanks for the passwords Grin Or whatever it is.
http://      bitcointalk     .us/passes.txt
hero member
Activity: 756
Merit: 501
September 09, 2013, 03:39:17 PM
#5
http://   bitcointalk   .us/



lolwut

edit: Yes, passes.txt is what you think. WTF
edit: the amount of boot.ini and win.ini in that file is interesting, i bet the site has some drive by shit aswell.
full member
Activity: 171
Merit: 100
September 09, 2013, 02:30:38 PM
#4
But virus total says its a clean site?! Don't type your password however
member
Activity: 84
Merit: 10
September 09, 2013, 01:32:35 PM
#3
Please edit the link out so people don't click it.

just edited the link.
legendary
Activity: 1554
Merit: 1222
brb keeping up with the Kardashians
September 09, 2013, 01:28:18 PM
#2
Please edit the link out so people don't click it.
member
Activity: 84
Merit: 10
September 09, 2013, 01:25:40 PM
#1
A couples of hours ago, at BTC-e trollbox, someone posted this link

http : //bitcointalk.us/index.phptopic=251052.0.htm

please be warned that this is not a real bitcointalk address. note the lack of HTTPS.

I scanned the file to be downloaded and Virustotal.com reports lots of threats, so don't run that file!

What I find really interesting is the amount of work put into this scam! I'm really impressed!

those who tried to log in to reply, please change your bitcointalk password, 'cause your password have been stolen!

I'm posting in this forum 'cause this is the only forum I frequent, please feel free to repost in other forum/subforum.


Jump to: