|
Title: malware spam targeting bitcointalk users Post by: trixter on September 08, 2014, 01:33:11 AM purportedly from CloudHashing zac@cloudhashing.com is a .jar malware targeted at bitcoin talk emails (its the only place I use that particular address)
Invoice Payment Thanks , Kind regards Mobile: +1 (511) 983-1650 Phone: +1 (531) cloudhashing Fax: +1 (513) 593-2790 There is a .JAR attachment (I have yet to actually analyze it malware is just a guess) area code 511 is invalid flat out. Received: from [110.4.46.35] ([110.4.46.35:2486] helo=jamilghani.com) I already notified smtp.com who relayed this. original with my email redacted http://pastebin.com/niDWs1r2 Title: Re: malware spam targeting bitcointalk users Post by: b!z on September 08, 2014, 02:46:12 AM You might want to post this in Scam Accusations.
Title: Re: malware spam targeting bitcointalk users Post by: trixter on September 08, 2014, 04:18:08 AM I will later if a mod does not move it. no sense having 2 unless that is the only way.
Title: Re: malware spam targeting bitcointalk users Post by: shorena on September 08, 2014, 05:50:37 AM Cant confirm, been here since Nov '13 and never got bitcoin related spam/phishing mails.
Its more likely that you published your mail address somewhere else. Title: Re: malware spam targeting bitcointalk users Post by: trixter on September 08, 2014, 07:03:40 AM this might shed some insight into that specific jar file. It appears to also be using a similar modus operandi.
http://n-pn.info/forum/showthread.php?tid=3730 (french) I have confirmed that it connects to the same hooka.noip.us host that is listed in that analysis. port 97 and 98. Title: Re: malware spam targeting bitcointalk users Post by: trixter on September 08, 2014, 07:06:15 AM Cant confirm, been here since Nov '13 and never got bitcoin related spam/phishing mails. Its more likely that you published your mail address somewhere else. Not likely. I have different email addresses for every website I go to, I do not reuse them. Would I post it I would have used a different one for exactly that reason. It lets me track where I am getting emails from, its a thing I have done for years. That however is not the larger point. This person is targeting bitcoin related people it seems since the analysis that I posted included someone else that appears to have a bitcoin affiliation getting the same jar file. Regardless of where he got the email from he is targeting bitcoin people presumably for the purposes of violating wallets which is bad for the community. edit: to be clear the "analysis that I posted" refers to the url which has analysis done by someone else. I just reread this and it could be interpreted that I was trying to take credit for someone elses work. That was not my intent. |