Title: New Virus/Malware! Post by: handmade in CTA on September 11, 2014, 12:15:07 PM If you receive an bogus email from CoinTerra with an attachament (.jar) do not open. Its a bogus email with a virus. CoinTerra do not send emails like this.
Invoice Payment Confirmation Kind regards Mobile: +1 (410) 963-0061 Phone: +1 (430) 487-5488 Fax: +1 (410) 543-1761 Invoice_9985.jar cointerra Technology IQ Ltd.1140 Jollyville Rd. Ste. 354 Austin TX 78659 Title: Re: New Virus/Malware! Post by: MTJ151 on September 11, 2014, 12:35:53 PM I believe that I received this e-mail a few weeks ago. Although it was from a different random company.
The .jar file contained an exe which I did not dare to click/extract. Title: Re: New Virus/Malware! Post by: Jamie_Boulder on September 11, 2014, 01:43:40 PM There's also one for Robyn Williams "tribute video" going around, just a FYI
Title: Re: New Virus/Malware! Post by: arieq on September 12, 2014, 02:49:15 AM I got an email titled "OKCoin Invoice" today with the same malware (jar file) attached. It seems the malware is being widely spread.
More information can be found here www.reddit.com/r/ReverseEngineering/comments/2291z8/how_badly_did_i_get_owned/ Title: Re: New Virus/Malware! Post by: Xiaoxiao on September 12, 2014, 06:52:43 AM If you receive an bogus email from CoinTerra with an attachament (.jar) do not open. Its a bogus email with a virus. CoinTerra do not send emails like this. Invoice Payment Confirmation Kind regards Mobile: +1 (410) 963-0061 Phone: +1 (430) 487-5488 Fax: +1 (410) 543-1761 Invoice_9985.jar cointerra Technology IQ Ltd.1140 Jollyville Rd. Ste. 354 Austin TX 78659 This happend to me in fact. Since I was with gmail, gmail even offered to open the file within gmail. similar to how you can open pdf's and other documents by gmail without having to download 1st. Title: Re: New Virus/Malware! Post by: handmade in CTA on September 13, 2014, 08:28:38 AM One more... :) This bastards never stops.
Dear Users we make program Google Authenticator security For Cloud Hashing . you need to setup the program in computer then make Google Code we attach Google Authenticator Program Sincerely, Cloud Hashing google@cloudhashing.com Google Authenticator.jar Title: Re: New Virus/Malware! Post by: xcapator on September 14, 2014, 03:07:12 AM Jar files should have been blocked and
One more... :) This bastards never stops. Dear Users we make program Google Authenticator security For Cloud Hashing . you need to setup the program in computer then make Google Code we attach Google Authenticator Program Sincerely, Cloud Hashing google@cloudhashing.com Google Authenticator.jar I also got an email that appeared to be sent from Cloudhashing : Quote Subject: Invoice 764 Date: Wed, 10 Sep 2014 02:19:01 +1100 From: CloudHashing <no_reply@cloudhashing.com> Invoice Payment Confirmation Kind regards Mobile: +1 (510) 973-1050 Phone: +1 (530) cloudhashing Fax: +1 (510) 573-2760 Technology IQ Ltd. 11130 Jollyville Rd. Ste. 304 Austin TX 78759 The email contained a so-called invoice payment confirmation (Invoice_764.jar) as an attachment. I immediately deleted the email before my system getting infected Title: Re: New Virus/Malware! Post by: giveBTCpls on September 14, 2014, 11:05:28 PM I always double check the email addreses for something suspicious, but this one seems pretty well done. In any case, I would contact the original source about them sending jar files with executables first... suspicious.
Title: Re: New Virus/Malware! Post by: phantomcircuit on September 15, 2014, 02:10:23 AM Jar files should have been blocked and One more... :) This bastards never stops. Dear Users we make program Google Authenticator security For Cloud Hashing . you need to setup the program in computer then make Google Code we attach Google Authenticator Program Sincerely, Cloud Hashing google@cloudhashing.com Google Authenticator.jar I also got an email that appeared to be sent from Cloudhashing : Quote Subject: Invoice 764 Date: Wed, 10 Sep 2014 02:19:01 +1100 From: CloudHashing <no_reply@cloudhashing.com> Invoice Payment Confirmation Kind regards Mobile: +1 (510) 973-1050 Phone: +1 (530) cloudhashing Fax: +1 (510) 573-2760 Technology IQ Ltd. 11130 Jollyville Rd. Ste. 304 Austin TX 78759 The email contained a so-called invoice payment confirmation (Invoice_764.jar) as an attachment. I immediately deleted the email before my system getting infected If you check the headers you'll find that the email was sent from smtp.com. The email does NOT come from cloudhashing. Please forward the email with a complaint to abuse@smtp.com |