Bitcoin Forum

Economy => Scam Accusations => Topic started by: escrow.ms on April 23, 2014, 08:37:44 PM



Title: Phishing Alert (Blockchain.name)
Post by: escrow.ms on April 23, 2014, 08:37:44 PM
If you recently got an email from *fake* blockchain with title  "Please sync your account with the new security options", Please report it as phishing.


Quote
Please sync your account with the new security options

This email contains important information about our new security options. We insist that you register in this program that we will develop soon. This could increase your mining income with 140% as a major increase of our community and will strongly protect your account in case of theft. We need your confirmation for this, and you will be informed as soon as we start the new program. For this, you have to follow the link below and follow the steps in there.
Confirmation Link: hxxp://wallet.blockchain.name/index.php
Current status: Not confirmed
Please note that your details may be required, and you might have to complete the Identifier manual in order to increase your attention about what you are going to do. Your account will receive no changes and will work as usual.


Domain Name ID: 12513072_DOMAIN_NAME-VRSN
   Domain Name: BLOCKCHAIN.NAME
   Sponsoring Registrar: LLC "Registrar of domain names REG.RU"
   Sponsoring Registrar ID: 50000525_REGISTRAR_NAME-VRSN
   Domain Status: clientTransferProhibited
   Registrant ID: 12001582_CONTACT_NAME-VRSN
   Admin ID: 12001583_CONTACT_NAME-VRSN
   Tech ID: 12001584_CONTACT_NAME-VRSN
   Billing ID: 12001585_CONTACT_NAME-VRSN
   Name Server: NS1.HOSTING.REG.RU
   Name Server ID: 1516439_HOST_NAME-VRSN
   Name Server: NS2.HOSTING.REG.RU
   Name Server ID: 1516440_HOST_NAME-VRSN
   Created On: 2014-04-23 T18:30:54Z
   Expires On: 2015-04-23 T18:30:54Z
   Updated On: 2014-04-23 T18:30:55Z

Domain is registered today.

Email source
http://pastie.org/9106017

You can report this domain here
http://www.google.com/safebrowsing/report_phish/?rd=1
https://submit.symantec.com/antifraud/phish.cgi
https://www.phishtank.com/
http://toolbar.netcraft.com/report_url


Title: Re: Phishing Alert (Blockchain.name)
Post by: studio1one on April 23, 2014, 09:46:30 PM
Yeah I got this,

I also got an unexpected, welcome to mywallet from blockchain.info earlier today claiming I had set up a new wallet, which I hadn't.

I am assuming the two are linked.

The odd thing is the email address it came to has never been used for anything related to bitcoin.


Title: Re: Phishing Alert (Blockchain.name)
Post by: roslinpl on April 23, 2014, 10:42:13 PM
Thanks for a warn.

I reposted this domain too to make it off asap.

I hope no one will give them his details ...
Phishing is not really nice... don't you think? :)

I never was a victim of phishing but I am trying to think before use :)
Never know when I will make that small mistake ;)


Title: Re: Phishing Alert (Blockchain.name)
Post by: Justin00 on April 23, 2014, 10:55:01 PM
anyone else getting the email with a .jar file attached?

its made to look like its from btc-e, spendbitcoins, blockchain, bitstamp and a few other popular sites.

I'm curious to know what the java file does....


Title: Re: Phishing Alert (Blockchain.name)
Post by: roslinpl on April 23, 2014, 11:22:15 PM
anyone else getting the email with a .jar file attached?

its made to look like its from btc-e, spendbitcoins, blockchain, bitstamp and a few other popular sites.

I'm curious to know what the java file does....


I haven't seen it.  You can try to open it in some kind of a virtual machine.


Title: Re: Phishing Alert (Blockchain.name)
Post by: d2dtk on April 23, 2014, 11:59:20 PM
Any ideas how they're getting peoples email addresses? I haven't received one of these emails yet, but assume I will.


Title: Re: Phishing Alert (Blockchain.name)
Post by: roslinpl on April 24, 2014, 11:04:42 AM
Any ideas how they're getting peoples email addresses? I haven't received one of these emails yet, but assume I will.

1 idea - they steal addresses from databases
2 idea - they buy addresses from those who steals addresses from databases
3 idea - they buy and steal addresses from databases
4 idea - they are using robots to search for e-mail addresses it is not hard to do - example, search bitcointalk.org for everything like *@*.*.


Title: Re: Phishing Alert (Blockchain.name)
Post by: escrow.ms on April 24, 2014, 03:55:33 PM
anyone else getting the email with a .jar file attached?

its made to look like its from btc-e, spendbitcoins, blockchain, bitstamp and a few other popular sites.

I'm curious to know what the java file does....


That's a  Multi OS Java RAT (adwind aka unrecom), It works on MAC,Windows,Linux,Android.


Title: Re: Phishing Alert (Blockchain.name)
Post by: bangalore on April 24, 2014, 04:10:42 PM
these jobless scammers should be hanged  >:(


Title: Re: Phishing Alert (Blockchain.name)
Post by: softron on April 24, 2014, 04:27:06 PM
Thanks for reporting this


Title: Re: Phishing Alert (Blockchain.name)
Post by: Rawted on April 24, 2014, 05:22:35 PM
Any ideas how they're getting peoples email addresses? I haven't received one of these emails yet, but assume I will.

1 idea - they steal addresses from databases
2 idea - they buy addresses from those who steals addresses from databases
3 idea - they buy and steal addresses from databases
4 idea - they are using robots to search for e-mail addresses it is not hard to do - example, search bitcointalk.org for everything like *@*.*.

This site's DB has been dumped online on more than one occasion itself. The info is all out there.


Title: Re: Phishing Alert (Blockchain.name)
Post by: roslinpl on April 24, 2014, 06:18:16 PM
Any ideas how they're getting peoples email addresses? I haven't received one of these emails yet, but assume I will.

1 idea - they steal addresses from databases
2 idea - they buy addresses from those who steals addresses from databases
3 idea - they buy and steal addresses from databases
4 idea - they are using robots to search for e-mail addresses it is not hard to do - example, search bitcointalk.org for everything like *@*.*.

This site's DB has been dumped online on more than one occasion itself. The info is all out there.

This site and not only, and as we know this was a fault OpenSSL.
Bank were using bugged OpenSSL. Many many many many "HIGHLY SECURED" services were using bugged SSL.

:) But yes indeed... you are right.
Maybe this is why I have about 4 different e-mails. And only two of them I use to register my account at any online service.


Title: Re: Phishing Alert (Blockchain.name)
Post by: roslinpl on April 24, 2014, 06:35:10 PM
I must add that there are so many different ways of so called phishing.

For people who are IT related phishing is less dangerous, as most of those issues are obvious.

But this is not only as we already know about how we act to stay secure, many services even those most reliable can lost their database... and you can do nothing about it!

What is important to remember is that you must think while registering anywhere.

I think good methods to stay "secure" is :

1. use different passwords for different services (or you can have 3-5 passwords, and mix them up - but for your Bitcoins or something really important use different password than anywhere else).

2. if a place when you are registering looks not really pro and reliable and you never heard about this service : create new e-mail, new password, and some new username. Never use same as you are using anywhere else.

3. Password : >10 chars    uppercases, lowercases, special chars, digits, it shouldn't be a normal word. Maybe something like
7_eR55t_A88Ajxn1092       - bruteforcing password like that one is ... HARD. and nobody can find it in a dict.


4. I do not have to say - never run any attached files to any e-mails you do not know.  AND careful with phishing e-mails!


there are many more points... but maybe we can figure them out togehter better


Title: Re: Phishing Alert (Blockchain.name)
Post by: Justin00 on April 27, 2014, 02:06:51 AM
ah ok thanks, what it do ?
I opened it in a java decompiler, not to familiar with java so dunno if its the right thing to use.. but it seemed to open it and I could understand parts of the java, but I couldnt actually find anything exciting in it... like where it actually does anything..
it did have something similar to what i'd see in assembly but it looked like all that was commented out..

anyone else getting the email with a .jar file attached?

its made to look like its from btc-e, spendbitcoins, blockchain, bitstamp and a few other popular sites.

I'm curious to know what the java file does....


That's a  Multi OS Java RAT (adwind aka unrecom), It works on MAC,Windows,Linux,Android.

got another email from "btc-e.pro'
its all owned (or alleged) to be owned by the same guy -
Tech Name:Rafael Andrade Barbosa
He's kinda retarded if its his real name??...... his name seem to come up as the owner for quite a few scam email domains.