Title: Phishing Alert (Blockchain.name) Post by: escrow.ms on April 23, 2014, 08:37:44 PM If you recently got an email from *fake* blockchain with title "Please sync your account with the new security options", Please report it as phishing.
Quote Please sync your account with the new security options This email contains important information about our new security options. We insist that you register in this program that we will develop soon. This could increase your mining income with 140% as a major increase of our community and will strongly protect your account in case of theft. We need your confirmation for this, and you will be informed as soon as we start the new program. For this, you have to follow the link below and follow the steps in there. Confirmation Link: hxxp://wallet.blockchain.name/index.php Current status: Not confirmed Please note that your details may be required, and you might have to complete the Identifier manual in order to increase your attention about what you are going to do. Your account will receive no changes and will work as usual. Domain Name ID: 12513072_DOMAIN_NAME-VRSN Domain Name: BLOCKCHAIN.NAME Sponsoring Registrar: LLC "Registrar of domain names REG.RU" Sponsoring Registrar ID: 50000525_REGISTRAR_NAME-VRSN Domain Status: clientTransferProhibited Registrant ID: 12001582_CONTACT_NAME-VRSN Admin ID: 12001583_CONTACT_NAME-VRSN Tech ID: 12001584_CONTACT_NAME-VRSN Billing ID: 12001585_CONTACT_NAME-VRSN Name Server: NS1.HOSTING.REG.RU Name Server ID: 1516439_HOST_NAME-VRSN Name Server: NS2.HOSTING.REG.RU Name Server ID: 1516440_HOST_NAME-VRSN Created On: 2014-04-23 T18:30:54Z Expires On: 2015-04-23 T18:30:54Z Updated On: 2014-04-23 T18:30:55Z Domain is registered today. Email source http://pastie.org/9106017 You can report this domain here http://www.google.com/safebrowsing/report_phish/?rd=1 https://submit.symantec.com/antifraud/phish.cgi https://www.phishtank.com/ http://toolbar.netcraft.com/report_url Title: Re: Phishing Alert (Blockchain.name) Post by: studio1one on April 23, 2014, 09:46:30 PM Yeah I got this,
I also got an unexpected, welcome to mywallet from blockchain.info earlier today claiming I had set up a new wallet, which I hadn't. I am assuming the two are linked. The odd thing is the email address it came to has never been used for anything related to bitcoin. Title: Re: Phishing Alert (Blockchain.name) Post by: roslinpl on April 23, 2014, 10:42:13 PM Thanks for a warn.
I reposted this domain too to make it off asap. I hope no one will give them his details ... Phishing is not really nice... don't you think? :) I never was a victim of phishing but I am trying to think before use :) Never know when I will make that small mistake ;) Title: Re: Phishing Alert (Blockchain.name) Post by: Justin00 on April 23, 2014, 10:55:01 PM anyone else getting the email with a .jar file attached?
its made to look like its from btc-e, spendbitcoins, blockchain, bitstamp and a few other popular sites. I'm curious to know what the java file does.... Title: Re: Phishing Alert (Blockchain.name) Post by: roslinpl on April 23, 2014, 11:22:15 PM anyone else getting the email with a .jar file attached? its made to look like its from btc-e, spendbitcoins, blockchain, bitstamp and a few other popular sites. I'm curious to know what the java file does.... I haven't seen it. You can try to open it in some kind of a virtual machine. Title: Re: Phishing Alert (Blockchain.name) Post by: d2dtk on April 23, 2014, 11:59:20 PM Any ideas how they're getting peoples email addresses? I haven't received one of these emails yet, but assume I will.
Title: Re: Phishing Alert (Blockchain.name) Post by: roslinpl on April 24, 2014, 11:04:42 AM Any ideas how they're getting peoples email addresses? I haven't received one of these emails yet, but assume I will. 1 idea - they steal addresses from databases 2 idea - they buy addresses from those who steals addresses from databases 3 idea - they buy and steal addresses from databases 4 idea - they are using robots to search for e-mail addresses it is not hard to do - example, search bitcointalk.org for everything like *@*.*. Title: Re: Phishing Alert (Blockchain.name) Post by: escrow.ms on April 24, 2014, 03:55:33 PM anyone else getting the email with a .jar file attached? its made to look like its from btc-e, spendbitcoins, blockchain, bitstamp and a few other popular sites. I'm curious to know what the java file does.... That's a Multi OS Java RAT (adwind aka unrecom), It works on MAC,Windows,Linux,Android. Title: Re: Phishing Alert (Blockchain.name) Post by: bangalore on April 24, 2014, 04:10:42 PM these jobless scammers should be hanged >:(
Title: Re: Phishing Alert (Blockchain.name) Post by: softron on April 24, 2014, 04:27:06 PM Thanks for reporting this
Title: Re: Phishing Alert (Blockchain.name) Post by: Rawted on April 24, 2014, 05:22:35 PM Any ideas how they're getting peoples email addresses? I haven't received one of these emails yet, but assume I will. 1 idea - they steal addresses from databases 2 idea - they buy addresses from those who steals addresses from databases 3 idea - they buy and steal addresses from databases 4 idea - they are using robots to search for e-mail addresses it is not hard to do - example, search bitcointalk.org for everything like *@*.*. Title: Re: Phishing Alert (Blockchain.name) Post by: roslinpl on April 24, 2014, 06:18:16 PM Any ideas how they're getting peoples email addresses? I haven't received one of these emails yet, but assume I will. 1 idea - they steal addresses from databases 2 idea - they buy addresses from those who steals addresses from databases 3 idea - they buy and steal addresses from databases 4 idea - they are using robots to search for e-mail addresses it is not hard to do - example, search bitcointalk.org for everything like *@*.*. This site and not only, and as we know this was a fault OpenSSL. Bank were using bugged OpenSSL. Many many many many "HIGHLY SECURED" services were using bugged SSL. :) But yes indeed... you are right. Maybe this is why I have about 4 different e-mails. And only two of them I use to register my account at any online service. Title: Re: Phishing Alert (Blockchain.name) Post by: roslinpl on April 24, 2014, 06:35:10 PM I must add that there are so many different ways of so called phishing.
For people who are IT related phishing is less dangerous, as most of those issues are obvious. But this is not only as we already know about how we act to stay secure, many services even those most reliable can lost their database... and you can do nothing about it! What is important to remember is that you must think while registering anywhere. I think good methods to stay "secure" is : 1. use different passwords for different services (or you can have 3-5 passwords, and mix them up - but for your Bitcoins or something really important use different password than anywhere else). 2. if a place when you are registering looks not really pro and reliable and you never heard about this service : create new e-mail, new password, and some new username. Never use same as you are using anywhere else. 3. Password : >10 chars uppercases, lowercases, special chars, digits, it shouldn't be a normal word. Maybe something like 7_eR55t_A88Ajxn1092 - bruteforcing password like that one is ... HARD. and nobody can find it in a dict. 4. I do not have to say - never run any attached files to any e-mails you do not know. AND careful with phishing e-mails! there are many more points... but maybe we can figure them out togehter better Title: Re: Phishing Alert (Blockchain.name) Post by: Justin00 on April 27, 2014, 02:06:51 AM ah ok thanks, what it do ?
I opened it in a java decompiler, not to familiar with java so dunno if its the right thing to use.. but it seemed to open it and I could understand parts of the java, but I couldnt actually find anything exciting in it... like where it actually does anything.. it did have something similar to what i'd see in assembly but it looked like all that was commented out.. anyone else getting the email with a .jar file attached? its made to look like its from btc-e, spendbitcoins, blockchain, bitstamp and a few other popular sites. I'm curious to know what the java file does.... That's a Multi OS Java RAT (adwind aka unrecom), It works on MAC,Windows,Linux,Android. got another email from "btc-e.pro' its all owned (or alleged) to be owned by the same guy - Tech Name:Rafael Andrade Barbosa He's kinda retarded if its his real name??...... his name seem to come up as the owner for quite a few scam email domains. |