Bitcoin Forum

Ok;  So this guy posted something suspicious....

He posted a link to a .doc file with quite an unambiguous name (direct quote at the bottom)

So I looked into it:

Downloaded a copy and 7zipped it for the archive...
opened in nano.   Looks like a photograph for the most part... but with a bunch extra tacked on;  just very little word formatting.  Ok, dig deeper.
Went to the weboffice and generated this link: https://view.officeapps.live.com/op/view.aspx?src=http%3A%2F%2Faziznews.ru%2Ffoto%2FCoins_Pump_Today.doc

Now I can safely see the photo and contents of the document through the link;  and what you see.... is a blurred photo asking you to disable some security features in office.
https://i.imgur.com/CPICgFH.jpg

Yikes.


So;

You guys;  I know you are resourceful.   What can you get out of that .doc file to see what its trying to do extra?  That part is slightly out of my realm, plus I don't have VM's to test with or anything at the moment.

Can we get enough on this guy to get him a permaban?  

This guys type of posting, trade rating... and not to mention;  the last 117 posts of his were spamming this .doc file.    so... there must be something I am onto here...

He was already banned. I've just removed all the posts though.

Good to have quick response. There is one left to remove though: http://archive.is/nRQm6

im interested in what he was trying to steal....

Good he got tossed.  Many thanks ;)

Removed.

Bitcoins or your bitcointalk account most likely (possibly even both).