|
Title: Malware alert: Listentobitcoins Post by: Birdy on July 15, 2013, 12:20:09 AM According to reddit the website was sold and the new owner put malware in it!
More about this: http://www.reddit.com/r/Bitcoin/comments/1ia7q2/listen_to_bitcoin_contains_malware/ Title: Re: Malware alert: Listentobitcoins Post by: coinprize on July 15, 2013, 01:41:42 AM Thanks! Can google chrome detects the malware?
Title: Re: Malware alert: Listentobitcoins Post by: giszmo on July 15, 2013, 04:06:38 AM ok, so I was at listentobitcoins.com 2 days ago. what should I expect?
I got to go to bed now but is this bad? According to my analysis of this first some lines It does: eval("http://lw2.leowandersleb.de/tmp/bitcoin/changer.png") which looks like the really interesting part is in http://www.justice research institute.org/changer.php (I first tried to just understand this munged part but then decided to debug it after removing the eval part that I had figured out pretty quickly. At my first attempt my box was online, what I highly regret. Kids, don't do that at home. It's playing with fire. Wish I had a separate box that runs off a CD without HD or something for analyzing Viruses.) Title: Re: Malware alert: Listentobitcoins Post by: giszmo on July 15, 2013, 04:10:54 AM This changer.php-thing either is not functional or resists to a simple wget. Hope somebody can find out what the threat is or was two days ago.
Here is what I get with changer.php. Redirects to really fishy stuff and then dies, right? Code: $ wget http://www.justiceresearchinstitute.org/changer.php Title: Re: Malware alert: Listentobitcoins Post by: giszmo on July 15, 2013, 04:46:37 PM Bump: Hargnah, why doesn't this thread get more attention???? It should be linked everywhere but instead there is silence.
Title: Re: Malware alert: Listentobitcoins Post by: hivewallet on July 15, 2013, 04:51:48 PM Bumping for exactly this reason.
Title: Re: Malware alert: Listentobitcoins Post by: CurbsideProphet on July 15, 2013, 07:09:30 PM Reported site to Google Safe Browsing. Thanks for the heads up.
Title: Re: Malware alert: Listentobitcoins Post by: giszmo on July 15, 2013, 07:53:47 PM So, is it likely I have some key logger with my wallet copied to some evil guy? I run a rather freshly installed debian.
Yeah, I tell all my friends with their Windows problems that there are no Linux-Viruses but with my bitcoins at stake I feel a bit paranoid. Title: Re: Malware alert: Listentobitcoins Post by: clearcrystal on July 15, 2013, 08:14:24 PM thanks for the heads up
Title: Re: Malware alert: Listentobitcoins Post by: btcee on July 16, 2013, 12:38:12 AM Wow. I was just there two days ago. Thanks for posting this.
Title: Re: Malware alert: Listentobitcoins Post by: WinVery.com on July 16, 2013, 01:10:44 AM That type of shit makes me happy to run a clean tight ship.
Title: Re: Malware alert: Listentobitcoins Post by: hennessyhemp on September 19, 2013, 09:26:17 PM This may be how my Bitcointalk forum account was hacked...I just saw this thread, and considering the guy that hacked my account was clearly a forum member already...this makes some level of sense. My account was hacked back on July 10th, and I had been using the listen to bitcoins site prior to that at work because I thought it was cool to hear my money becoming worth more with the low tones indicating large purchases.
Thought that mystery would stay a mystery, but I have a strong feeling this is how he got in. Now if only we could figure out who he is...tar and feathers at the ready men! Title: Re: Malware alert: Listentobitcoins Post by: btcinstant on September 19, 2013, 10:18:24 PM This may be how my Bitcointalk forum account was hacked...I just saw this thread, and considering the guy that hacked my account was clearly a forum member already...this makes some level of sense. My account was hacked back on July 10th, and I had been using the listen to bitcoins site prior to that at work because I thought it was cool to hear my money becoming worth more with the low tones indicating large purchases. Thought that mystery would stay a mystery, but I have a strong feeling this is how he got in. Now if only we could figure out who he is...tar and feathers at the ready men! Currently I have a bitcointalk account that was hacked and still waiting to get into it. Title: Re: Malware alert: Listentobitcoins Post by: uk1 on September 19, 2013, 10:20:35 PM thanks for the heads up
Title: Re: Malware alert: Listentobitcoins Post by: hennessyhemp on September 19, 2013, 10:54:54 PM This all occurred right around the same time lots of forum members started putting up sock puppets as their picture, as many accounts became sock puppets after passwords became compromised.
The posts made with my account lead me to believe the hacker was obviously a forum member, and possibly fairly good at coding...or at least using vicious code capable of stealing your shit. He also appeared to have a fascination with all things gambling. I'll bet some of the senior members are starting to recognize his poor grammar and continued unpleasant posts. He also posted on some rather shady threads already on this site...like forum account purchasing threads and debt threads where he talked about getting information illegally. If he's capable of doing this to a bunch of bitcoin nerds...lookout real world...cause this bastard is smarter than a malicious person should be. Probably lacking in the hugs department as a child. Title: Re: Malware alert: Listentobitcoins Post by: gacr on September 20, 2013, 09:09:46 AM guys stop using ie and opera as main browsers -these two can be exploited and can be infected with a malware or btc stealer and you dont loose only your btc ... you can loose your cc details , passwords , bank accounts etc etc .... use chrome or firefox ..... cant be exploited by exploit packs . also when you visit some sites you are asked to download updates for flash player or something like that .... if the upgrade is nor from adobe , you can download a malware for sure.
i'm waiting for a mod to tell me where i can open a thread and explain how the malware thing works like. Title: Re: Malware alert: Listentobitcoins Post by: hennessyhemp on September 20, 2013, 03:06:16 PM Definitely using Chrome at the time. I don't know how the guy got in exactly...but I had been on this site...and reading about how it was sold to someone who infected it with malware made much more sense than any other thing I've done that might have left me vulnerable.
Title: Re: Malware alert: Listentobitcoins Post by: MPOE-PR on September 20, 2013, 11:29:19 PM guys stop using ie and opera as main browsers -these two can be exploited and can be infected with a malware or btc stealer and you dont loose only your btc ... you can loose your cc details , passwords , bank accounts etc etc .... use chrome or firefox ..... cant be exploited by exploit packs . also when you visit some sites you are asked to download updates for flash player or something like that .... if the upgrade is nor from adobe , you can download a malware for sure. i'm waiting for a mod to tell me where i can open a thread and explain how the malware thing works like. Hey, not a bad post idea. Link us when you find a spot (what's wrong with just putting it in Bitcoin Discussion?). Title: Re: Malware alert: Listentobitcoins Post by: b!z on September 22, 2013, 06:46:05 AM guys stop using ie and opera as main browsers -these two can be exploited and can be infected with a malware or btc stealer and you dont loose only your btc ... you can loose your cc details , passwords , bank accounts etc etc .... use chrome or firefox ..... cant be exploited by exploit packs . also when you visit some sites you are asked to download updates for flash player or something like that .... if the upgrade is nor from adobe , you can download a malware for sure. Exploit kits do target Firefox. FF hits are much more common than Opera. Where did you get this nonsense from?i'm waiting for a mod to tell me where i can open a thread and explain how the malware thing works like. |
