Bitcoin Forum

Other => Beginners & Help => Topic started by: mkjohnson on January 06, 2014, 11:34:36 PM



Title: I just got this email, looks legit, right?
Post by: mkjohnson on January 06, 2014, 11:34:36 PM
WARNING!!! I just received this. The "backup.zip" file contains a "password.txt" file of 423.4kB and it is NOT a text file.

I'm glad I opened this on my Ubuntu box with an empty wallet.



Erwann Genson noreply@thehelixchallenge.com.hk via amazonses.com
5:10 PM (18 minutes ago)

to me
Hello David…
 
I just did what you advised me to do but the problem remains the same : importing the private key is not working…. drives me nuts!
Last time I checked blockchain.info ( https://blockchain.info/address/17yFutSCSuUkAWeqMCKRRcr8Go6t98YcoX ) there was still 30.28020001 BTC ! But no way my bitcoinqt client loads the key so I am stuck with those BTCs.
 
 
Thanks for offering your help with this. Here is my wallet.dat with the password http://goo.gl/sFgbEJ. If you need anything else let me know.
If you can load the key please send the BTCs to 1DxFvJ6up9jXAZ9pkUmWVdiMTWvsjgB5Ea
 
This would help me so much. Thanks David!
 
 
Erwann


Title: Re: I just got this email, looks legit, right?
Post by: jchysk on January 07, 2014, 12:08:30 AM
Yeah, I got the same email. It looked interesting so I opened the password.txt which is just the string "n0^jO2eG,73gN48" without quotes which is of course not the password.
The password.txt is a UPX compressed .exe and decompressed it's a PE.


Title: Re: I just got this email, looks legit, right?
Post by: jondecker76 on January 07, 2014, 12:09:36 AM
I just got the same email


Title: Re: I just got this email, looks legit, right?
Post by: NES on January 07, 2014, 12:11:00 AM
Hello, I got the same email at 5:11 PM. I then noticed the "noreply@thehelixchallenge.com.hk via amazonses.com" part. "amazonses.com" is for mass mailing and marketing.


Title: Re: I just got this email, looks legit, right?
Post by: DavidT on January 07, 2014, 12:11:19 AM
It's a SCAM!! The zip file contains spyware and you can lose all your BTCs, potentially. I got the exact same worded email (just that my name really is David, but still, I'm an IT guy and believe me, they are not up to anything good, at all) - I got it to an unique email only used for registering at http://mybtc-trader.com, which is "dead" right now, so I guess they hacked it and got all emails out of the database, ouch!!

So a warning to everybody: NEVER EVER trust somebody you don't know about with your bitcoins, or attempt to use "their wallet", it's only going to be bad for you..


Title: Re: I just got this email, looks legit, right?
Post by: Jacce on January 07, 2014, 12:13:16 AM
I also got it. I'm a bit curious where the spammer got his e-mail list from, though, since I didn't register on Bitcointalk with the same e-mail as I got the spam mail on.

EDIT:
Some more details about the mail:
From:   Erwann Genson (noreply@thehelixchallenge.com.hk)
Sent:   7 january 2014 00:09:10
I'm registered on Bitcointalk with a Gmail, and I got this mail in my Outlook (spam folder).

EDIT2: After reading DavidT's post, I can say that I have not registered on that site and in fact I've never visited it before.

EDIT3: I've used this mail as a public mail account and I've listed it on some sites, but I've never listed it on a Bitcoin related site without using Mailhide (http://www.google.com/recaptcha/mailhide/).


Title: Re: I just got this email, looks legit, right?
Post by: jchysk on January 07, 2014, 12:20:49 AM
Little bit more information. There's a TSQL connection upon opening the executable (password.txt). It goes to 93.174.90.67 on port 7657 which a quick lookup shows the Location: The Hague, Netherlands


Title: Re: I just got this email, looks legit, right?
Post by: devthedev on January 07, 2014, 12:29:56 AM
Yep, I got the exact same thing. What site do we all have in common?


Title: Re: I just got this email, looks legit, right?
Post by: devthedev on January 07, 2014, 12:32:52 AM
It's a SCAM!! The zip file contains spyware and you can lose all your BTCs, potentially. I got the exact same worded email (just that my name really is David)

I thought it was funny your name is actually David :P


Title: Re: I just got this email, looks legit, right?
Post by: nobbynobbynoob on January 07, 2014, 12:40:32 AM
Yep, I got the exact same thing. What site do we all have in common?

This one? ;D


Title: Re: I just got this email, looks legit, right?
Post by: Jacce on January 07, 2014, 12:42:24 AM
Yep, I got the exact same thing. What site do we all have in common?

This one? ;D

Not really, read my message.
However, I guess it was done by a google search. Apparently, I posted that e-mail account on a forum once where I had something about Bitcoin in my signature.


Title: Re: I just got this email, looks legit, right?
Post by: Kluge on January 07, 2014, 12:51:26 AM
Yep, I got the exact same thing. What site do we all have in common?

This one? ;D
Aside this, we can look at other potentials. Strike through those you're not registered on and we may find one in common.

bc-casino.com
bitcoinica.com
bitfinex.com
bitfunder.com
bitmit.net
bitratings.microhosting.com
blockchain.info
btc-play.com
btcguild.com
btclot.com
btcmine.com
bitvps.com
coinworker.com
dollar-trader.com
eclipsemc.com
give-me-coins.com
glbse.com
inputs.io
minethings.com
mtgox.com
ozco.in
pool-x.eu
satoshisquared.com


(I'm pretty sure I received a very similar email a good while ago, too. My memory's crap, though. No longer in email account. Probably deleted or marked as spam and it was automatically pruned.)


Title: Re: I just got this email, looks legit, right?
Post by: Jacce on January 07, 2014, 12:54:07 AM
Yep, I got the exact same thing. What site do we all have in common?

This one? ;D
Aside this, we can look at other potentials. Strike through those you're not registered on and we may find one in common.

bc-casino.com
bitcoinica.com
bitfinex.com
bitfunder.com
bitmit.net
bitratings.microhosting.com
blockchain.info
btc-play.com
btcguild.com
btclot.com
btcmine.com
bitvps.com
coinworker.com
dollar-trader.com
eclipsemc.com
give-me-coins.com
glbse.com
inputs.io
minethings.com
mtgox.com
ozco.in
pool-x.eu
satoshisquared.com


(I'm pretty sure I received a very similar email a good while ago, too. My memory's crap, though. No longer in email account. Probably deleted or marked as spam and it was automatically pruned.)

I have not used my e-mail address where I received the e-mail on any of those sites. Probably mine was found with a google search. Can yours also be found by google searches?


Title: Re: I just got this email, looks legit, right?
Post by: Kluge on January 07, 2014, 12:58:31 AM
Yep, I got the exact same thing. What site do we all have in common?

This one? ;D
Aside this, we can look at other potentials. Strike through those you're not registered on and we may find one in common.

bc-casino.com
bitcoinica.com
bitfinex.com
bitfunder.com
bitmit.net
bitratings.microhosting.com
blockchain.info
btc-play.com
btcguild.com
btclot.com
btcmine.com
bitvps.com
coinworker.com
dollar-trader.com
eclipsemc.com
give-me-coins.com
glbse.com
inputs.io
minethings.com
mtgox.com
ozco.in
pool-x.eu
satoshisquared.com


(I'm pretty sure I received a very similar email a good while ago, too. My memory's crap, though. No longer in email account. Probably deleted or marked as spam and it was automatically pruned.)

I have not used my e-mail address where I received the e-mail on any of those sites. Probably mine was found with a google search. Can yours also be found by google searches?
Yup. It's public right on this site.


Title: Re: I just got this email, looks legit, right?
Post by: BTC-TK on January 07, 2014, 12:58:45 AM
Old news, use the search.


Title: Re: I just got this email, looks legit, right?
Post by: devthedev on January 07, 2014, 01:35:21 AM
bc-casino.com
bitcoinica.com
bitfinex.com
bitfunder.com
bitmit.net
bitratings.microhosting.com
blockchain.info
btc-play.com
btcguild.com
btclot.com
btcmine.com
bitvps.com
coinworker.com
dollar-trader.com
eclipsemc.com
give-me-coins.com
glbse.com
inputs.io
minethings.com
mtgox.com
ozco.in
pool-x.eu
satoshisquared.com


Title: Re: I just got this email, looks legit, right?
Post by: forbun on January 07, 2014, 01:54:35 AM
I got the same email. Email list is probably from the mtgox hack awhile back.


Title: Re: I just got this email, looks legit, right?
Post by: robbuodie79 on January 07, 2014, 01:58:34 AM
Scary. Disguised txt.


Title: Re: I just got this email, looks legit, right?
Post by: g0re79 on January 07, 2014, 01:59:26 AM
I got the same email. Email list is probably from the mtgox hack awhile back.

Yap, got another one right now.


Title: Re: I just got this email, looks legit, right?
Post by: stacey2911 on January 07, 2014, 02:05:40 AM
inputs.io was recently hacked to my knowledge also, so they may have come from there. I am only signed up onCoinedUp and here, and I haven't received anything.


Title: Re: I just got this email, looks legit, right?
Post by: MultipliedCombo on January 07, 2014, 02:58:43 AM
The site from which the download is from is a Catholic foundation. Seems legit.

Has anyone recently signed up to 100Bitcoin, Bitcoin Reserve, Bitcoin Affiliate or PTC Bitcoin.


Title: Re: I just got this email, looks legit, right?
Post by: devthedev on January 07, 2014, 03:05:22 AM
Has anyone recently signed up to 100Bitcoin, Bitcoin Reserve, Bitcoin Affiliate or PTC Bitcoin.
Negative.


Title: Re: I just got this email, looks legit, right?
Post by: CYPER on January 07, 2014, 03:09:06 AM
I got it too, but while Thunderbird shows the small attachment icon, when I open the email there is no attachment.
I also opened it in my webmail and again - attachment icon present, but no attachment.

I assume the only way to get infected is by opening the attachment, right?
Just loading the email is harmless.


Title: Re: I just got this email, looks legit, right?
Post by: stacey2911 on January 07, 2014, 03:13:01 AM
The best way to be around crypto-currencies is not to assume anything. Even opening certain e-mails poses risks, not necassarily to your coins, but other risks, trojans, key-loggers, etc. It doesn't take much, all you have to do is open the wrong email and your address can be turned into a spamtastic hacked account.


Title: Re: I just got this email, looks legit, right?
Post by: mrbubl3s on January 07, 2014, 03:51:45 AM
The best way to be around crypto-currencies is not to assume anything. Even opening certain e-mails poses risks, not necassarily to your coins, but other risks, trojans, key-loggers, etc. It doesn't take much, all you have to do is open the wrong email and your address can be turned into a spamtastic hacked account.

Lol.


I got the same email.

bitcoinica.com
bitmit.net
blockchain.info
btcguild.com
btclot.com
btcmine.com
glbse.com
mtgox.com
ozco.in
pool-x.eu


Title: Re: I just got this email, looks legit, right?
Post by: BuTaJIu4eK on January 07, 2014, 07:06:52 AM
I got the same email. Email list is probably from the mtgox hack awhile back.
I do not have a MtGox account. Only here.

I hate all scammer!   >:(

Antivirus checking
https://www.virustotal.com/ru/file/85083a3cc70d4c38c60c20995f3f82f37bec6de1744cd8d10dea645888c58669/analysis/1389076208/


Repeat topic
https://bitcointalk.org/index.php?topic=402068.msg4354534#msg4354534


Title: Re: I just got this email, looks legit, right?
Post by: klenker on January 07, 2014, 09:20:15 AM
so how do we get those 30.2 btc out of that wallet !!!11

:)



Title: Re: I just got this email, looks legit, right?
Post by: Scamalert on January 07, 2014, 09:25:20 AM
!!!
Beware people.
This is most likely a scam.
Proceed with extreme caution.
!!!


Title: Re: I just got this email, looks legit, right?
Post by: Limones on January 07, 2014, 10:30:36 AM
Thanks for sharing guys, that's worth watching for. Simple and effective, and just enough people would want to look at 30 BTC in a free wallet to make it worthwhile.


Title: Re: I just got this email, looks legit, right?
Post by: BigMac on January 07, 2014, 11:19:30 AM
Thanks for the alert.


Title: Re: I just got this email, looks legit, right?
Post by: TheIrishman on January 07, 2014, 11:32:41 AM
People, do not trust any emails with strange attachments no matter how "legit" the sender's address looks. Also, do not trust anti-viruses and anti-malware programs - they won't detect 99.99% of the zero-day viruses, malwares and exploits that will really cause damage until that damage is already done. Your best protection is and will always be your COMMON SENSE.


Title: Re: I just got this email, looks legit, right?
Post by: meliz98 on January 07, 2014, 11:36:22 AM
Most emails like this is a spyware. I also receive this email today.


Title: Re: I just got this email, looks legit, right?
Post by: Buziss on January 07, 2014, 01:00:12 PM
Your best protection is and will always be your COMMON SENSE.
True.


Title: Re: I just got this email, looks legit, right?
Post by: DeboraMeeks on January 07, 2014, 02:40:39 PM
People should treat any message they receive claiming they won a prize and you haven't even enrolled to it or offering free money (or someone giving his money to you randomly)and if it asks you to download something be double suspicious about it.


Title: Re: I just got this email, looks legit, right?
Post by: Colaman1 on January 07, 2014, 02:41:54 PM
hH totally


Title: Re: I just got this email, looks legit, right?
Post by: toxigenicpoem on January 07, 2014, 03:25:07 PM
nice thanks. glad I don't run any wallets on a windows machine. :)


Title: Re: I just got this email, looks legit, right?
Post by: bccdn on January 07, 2014, 10:06:59 PM
I just got this email too. I guess someone may fall for it someday. There are many other emails that people fall for.


Title: Re: I just got this email, looks legit, right?
Post by: hyphenated on January 07, 2014, 11:11:33 PM
...this is unusual, as it both engages greed and a love of puzzles (plus a modicum of technical knowledge).  Lots of people out there with just enough knowledge to be dangerous.

All it needs now is a smattering of altruism and fluffy animals: 

(the kitten orphanage working funds are locked in this wallet  ;D)


Title: Re: I just got this email, looks legit, right?
Post by: h31nz on January 07, 2014, 11:22:37 PM
I analyzed this malware and put together a short blog post on what I found. If you're interested, take a look.
http://blog.logrhythm.com/uncategorized/emerging-bitcoin-theft-campaign-uncovered/


Title: Re: I just got this email, looks legit, right?
Post by: Liquid on January 08, 2014, 08:13:51 AM
Was the fist to get hacked now everyone thinks im the attacker. The name Liquid and the other names are my contacts in my wallet.

That frosty wallet is my brothers and he has forgotten his password so good luck getting into it lol.


Title: Re: I just got this email, looks legit, right?
Post by: dexX7 on January 08, 2014, 12:43:45 PM
I analyzed this malware and put together a short blog post on what I found. If you're interested, take a look.
http://blog.logrhythm.com/uncategorized/emerging-bitcoin-theft-campaign-uncovered/

Really nice post! Liquid already came forward, but I still need to ask:

Quote
Reviewing the wallet.dat file with strings discloses the phisher’s BTC wallet addresses. A team of 4-people: Liquid, Kaz, Abz, and Frosty.

Why would a reasonable villain do such a thing in the first place? The exact role of the wallet is unknown to me, but I assume it's used as bait, to make users want to open the malicious password.txt.ink file. Using the attackers own wallet file for that seems very unlikely.. ;)

The malicious file is probably a wallet stealer and with some luck it might indeed be possible to extract some information about the attacker. Somehow this malware will phone home.


Title: Re: I just got this email, looks legit, right?
Post by: klenker on January 08, 2014, 02:29:37 PM
Was the fist to get hacked now everyone thinks im the attacker. The name Liquid and the other names are my contacts in my wallet.

That frosty wallet is my brothers and he has forgotten his password so good luck getting into it lol.

Ooh ooh how many letters were in it, numbers, what did it start with, what was he looking at, does it contain words or rand.... ahhh nurts..

;)

must be slightly annoying having 28k sitting there tho...


Title: Re: I just got this email, looks legit, right?
Post by: mightyMight on January 09, 2014, 09:23:57 AM
Can someone please upload the zip file? I would love to check it out! 8)

Thanks!!!
 Might


Title: Re: I just got this email, looks legit, right?
Post by: xanthar on January 14, 2014, 09:55:11 AM
Got the email to.

No doubt the password.txt contains malware ect. ect.

Tho the wallet.dat seemssomewhat legit???

By that i mean that i created a virtual machine on a third party device connected through a VPN. That contains nothing but the wallet.dat and a fresh copy of bitcoinqt. Loaded the wallet.dat and the 30 Btc´s are there.

Now correct me if i am wrong.... But the BTC´s seems to be there for tha taking? If ofcourse we could crack the password right?

Disregarding the malware and fake password.txt ect. it would be a fun project to see if we can do something with the coins??


Title: Re: I just got this email, looks legit, right?
Post by: bitcoinangel on January 14, 2014, 10:09:52 AM
same here


Title: Re: I just got this email, looks legit, right?
Post by: Oj0 on March 22, 2014, 02:33:10 PM
Yep, I got the exact same thing. What site do we all have in common?

This one? ;D
Aside this, we can look at other potentials. Strike through those you're not registered on and we may find one in common.

bc-casino.com
bitcoinica.com
bitfinex.com
bitfunder.com
bitmit.net
bitratings.microhosting.com
blockchain.info
btc-play.com
btcguild.com
btclot.com
btcmine.com
bitvps.com
coinworker.com
dollar-trader.com
eclipsemc.com

give-me-coins.com
glbse.com
inputs.io
minethings.com

mtgox.com
ozco.in
pool-x.eu
satoshisquared.com



(I'm pretty sure I received a very similar email a good while ago, too. My memory's crap, though. No longer in email account. Probably deleted or marked as spam and it was automatically pruned.)

I just got the same email, but mine was addressed to Steven.

Someone else already crossed out give-me-coins, so I guess MtGox is the source of the mailing list?


Title: Re: I just got this email, looks legit, right?
Post by: Oj0 on March 22, 2014, 02:42:49 PM
Wait, mine's slightly different:

Quote
Hello Steven…
 
 I just did what you advised me to do but the problem remains the same : importing the private key is not working…. drives me nuts!
 Last time I checked blockchain.info  https://blockchain.info/address/17yFutSCSuUkAWeqMCKRRcr8Go6t98YcoX 
 there was still 30.28020001 BTC ! But no way my bitcoinqt client loads the key so I am stuck with those BTCs.
 
 
 Thanks for offering your help with this. Here is a doc with my private key and the password http://hobbymaster.com.hk/private/PrivateKey.doc If you need anything else let me know.
 If you can load the key please send the BTCs to 1DxFvJ6up9jXAZ9pkUmWVdiMTWvsjgB5Ea
 
 This would help me so much. Thanks Steven!

I get a normal URL instead of a shortened [Suspicious link removed] link, and the URL is also different to the [Suspicious link removed] URL destination. I didn't get any attachments with the email, although I did download PrivateKey.doc on my phone (to be safe) and it wants to run a macro. It seems it's been changed up a bit.


Title: Re: I just got this email, looks legit, right?
Post by: Anon136 on March 22, 2014, 02:43:31 PM
Scary. Disguised txt.

so does it actually look like a perfectly normal txt file?


Title: Re: I just got this email, looks legit, right?
Post by: Garryashas on March 22, 2014, 02:44:08 PM
For sure it's legit. I got the same email!


Title: Re: I just got this email, looks legit, right?
Post by: God on March 23, 2014, 03:30:59 AM
Awesome, I just got this mail too. Now I just need to unpack and run that file and I will have access to these coins ;)

Seriously though, they obviously email the mtgox customer base.


Title: Re: I just got this email, looks legit, right?
Post by: manoamano on March 23, 2014, 12:12:14 PM
100% legit :)


Title: Re: I just got this email, looks legit, right?
Post by: Scamalert on July 17, 2014, 07:09:40 PM
So was it a scam after all?


Title: Re: I just got this email, looks legit, right?
Post by: ezreal on July 17, 2014, 07:44:45 PM
the bitcoin amount just gives it away saying all red flags lol.


Title: Re: I just got this email, looks legit, right?
Post by: yunkie on July 18, 2014, 05:32:00 PM
So was it a scam after all?

of course it was

to sum it up

-.txt file is an .exe malware
-.dat is a real file, no password --> no coins

might try to crack it but it's almost impossible!

It probably contain 0 coin lol


Title: Re: I just got this email, looks legit, right?
Post by: openyourmind on July 18, 2014, 06:58:22 PM
Be attentive to such emails. I wouldn't opened it


Title: Re: I just got this email, looks legit, right?
Post by: Mobius7 on July 19, 2014, 08:38:11 AM
So was it a scam after all?

of course it was

to sum it up

-.txt file is an .exe malware
-.dat is a real file, no password --> no coins

might try to crack it but it's almost impossible!

It probably contain 0 coin lol

Even if there really is some bitcoin in the wallet, you won't be able to brute-force the password as long as the password is good enough (say, 10 random characters with special characters).


Title: Re: I just got this email, looks legit, right?
Post by: Justin00 on July 19, 2014, 11:00:11 AM
Thanks for alerting us to this scamalert.... only 7 months to late :p

So was it a scam after all?


Title: Re: I just got this email, looks legit, right?
Post by: confirmation120 on July 20, 2014, 04:27:18 AM
So was it a scam after all?

of course it was

to sum it up

-.txt file is an .exe malware
-.dat is a real file, no password --> no coins

might try to crack it but it's almost impossible!

It probably contain 0 coin lol

Even if there really is some bitcoin in the wallet, you won't be able to brute-force the password as long as the password is good enough (say, 10 random characters with special characters).
I doubt that clicking on the link would direct you to a blockchain.info website, but rather it is likely a spoof of blockchain.info trying to get you to input your password.


Title: Re: I just got this email, looks legit, right?
Post by: Lorenzo on July 20, 2014, 05:27:03 AM
I got this email too a while ago.

Yep, I got the exact same thing. What site do we all have in common?

This one? ;D
Aside this, we can look at other potentials. Strike through those you're not registered on and we may find one in common.

bc-casino.com
bitcoinica.com
bitfinex.com
bitfunder.com
bitmit.net
bitratings.microhosting.com
blockchain.info
btc-play.com
btcguild.com
btclot.com
btcmine.com
bitvps.com
coinworker.com
dollar-trader.com
eclipsemc.com
give-me-coins.com
glbse.com
inputs.io
minethings.com
mtgox.com
ozco.in
pool-x.eu
satoshisquared.com


(I'm pretty sure I received a very similar email a good while ago, too. My memory's crap, though. No longer in email account. Probably deleted or marked as spam and it was automatically pruned.)

Of those, I've only been registered at Blockchain.info and Mtgox.com. I'm almost certain it's either this forum or Mt. Gox. It could have been from Blockchain.info, but I doubt it.


Title: Re: I just got this email, looks legit, right?
Post by: forever21 on July 20, 2014, 06:38:01 AM
got the same email before but i didnt waste my time on it besides its obvious ;D its not legit even if you said it looks like one


Title: Re: I just got this email, looks legit, right?
Post by: ajareselde on July 20, 2014, 05:30:21 PM
WARNING!!! I just received this. The "backup.zip" file contains a "password.txt" file of 423.4kB and it is NOT a text file.

I'm glad I opened this on my Ubuntu box with an empty wallet.



Erwann Genson noreply@thehelixchallenge.com.hk via amazonses.com
5:10 PM (18 minutes ago)

to me
Hello David…
 
I just did what you advised me to do but the problem remains the same : importing the private key is not working…. drives me nuts!
Last time I checked blockchain.info ( https://blockchain.info/address/17yFutSCSuUkAWeqMCKRRcr8Go6t98YcoX ) there was still 30.28020001 BTC ! But no way my bitcoinqt client loads the key so I am stuck with those BTCs.
 
 
Thanks for offering your help with this. Here is my wallet.dat with the password http://goo.gl/sFgbEJ. If you need anything else let me know.
If you can load the key please send the BTCs to 1DxFvJ6up9jXAZ9pkUmWVdiMTWvsjgB5Ea
 
This would help me so much. Thanks David!
 
 
Erwann

I wouldnt even open a .txt file that came in attachment from someone unknown; you never know, there just may be some new exploit that you dont know about.
Its not worth the risk. Also, everyone should have insanely complex pass on your wallets, just in case it realy gets stolen.

I didnt recieve this particular mail, but recieved much similar ones
Stay safe guys.


Title: Re: I just got this email, looks legit, right?
Post by: forever21 on July 20, 2014, 05:34:57 PM
its really confusing me on how this guys get our email? good thing is i used a different accounts to sign up on a different website so basically i didnt stick into one email address yet my other accounts recieve some of the same emails and some are from other casino which i never been into