 Show Posts
|
|
Pages: [1] 2 »
|
Good job on finding some evidence. Ill sort this one out  |
|
|
|
...
One of them is then a copy of AutoIt engine, and another is an encrypted AutoIt script.
There's two possibilities. 1.same person spreading same malware 2.both malware have been encrypted using the same method Are the sites still operating? If so can you forward me the domains and ill take them down. Thanks. Glad I took these 2 domains down today, hopefully that will have prevented some potential victims from losing their btc. |
|
|
|
Both websites have been taken down. Mission accomplished.  |
|
|
|
Please have a look at the attached PNG file.  You may notice that not many antiviruses have picked up the file. This is because the file data has been obfuscated, in essence what this does is encrypt the information so that variables/strings which are usually detected by antiviruses are not detected in this case. Although the virus has an equal effect as one which is detected by an antivirus, this bypasses AV detections. Avast has recognised the file as a virus, this is noted. - the virus itself has been compressed and the data has been encrypted, no ordinary file would need this. http://anubis.iseclab.org/?action=result&task_id=14da8ed3789a7a6f40127038770170b4d&format=htmlPDF Version:http://anubis.iseclab.org/?action=result&task_id=14da8ed3789a7a6f40127038770170b4d&format=pdf Anubis is used to analyze malware. It gives an indication of what processes are running / created by the malware itself. Please have a look at the report which indicates what the file "DrivePrice.exe" Does. I will proceed to explain to you what the file does. HKLM\Software\Classes 1 Key Change,Value Change 3
HKLM\Software\Classes\CLSID 1 Key Change,Value Change 2
HKLM\Software\Microsoft\COM3 1 Key Change,Value Change 6
HKU 1 Key Change,Value Change 4 The file upon execution, automatically creates a startup module so that every time the computer opens up, the file will automatically execute without user request. C:\Documents and Settings\Administrator\bbany
C:\Documents and Settings\Administrator\bbany\JkjQmRMVf.QSP
C:\Documents and Settings\Administrator\bbany\UUEROZbb.RXS
C:\Documents and Settings\Administrator\bbany\__tmp_rar_sfx_access_check_416609
C:\Documents and Settings\Administrator\bbany\iRAjSEv.VPC
C:\Documents and Settings\Administrator\bbany\laRO.exe
C:\Documents and Settings\Administrator\bbany\nNCigjkgoI.vbsFiles of the malware are duplicated throughout the computer to increase the chance of the virus staying on the computer. If an antivirus was to delete one instance of the virus, the virus has enough information to duplicate and attack again. There is no reason for a legitimate file to: 1. Create multiple instances of the file 2. Create registry keys in the computer to boot up automatically upon computer startup. 3. Be detected by an antivirus |
|
|
|
Just a quick question? Are you using the same PC which you had been infected on? If so, dependant on the malware itself, you may still be infected. I can provide you with some info on how to make sure you're completely free of any malware if required. Truth is, these websites will operate no matter how hard you try. The best we can do is shut them down before another unsuspecting user falls for the trap. I've managed to file an IC3 report on this. However I need your help. http://who.is/whois/bitcoindriveprice.comhttp://who.is/whois/skyminerlabs.comWhois guard = protected meaning the details of the owner of the site aren't visible to the public eye. However, looking at the info the web hosting company which provided the webhosting/domain has a report email. Please send a report to: abuse@enom.com - make sure to let them know the following. 1.the site is being used for malicious intention with the purpose to steal user data. 2.IC3 complaint form has been initiated. 3.users have lost money from this person. The webhosting company may even decide to pursue their own legal action as what the hacker has done goes against T+C's of the site. P.s - my bad, I thought by obvious standard it was easy to distinguish what is a scam site and what isn't. Nonetheless that's not for me to be debating about, I'm just here trying to get rid of the low life scums who try and benefit from others misfortune. Let me know if anyone needs help related to this topic. |
|
|
|
Hiya, Just a quick question: 1. Are you stupid, or are you stupid? - Downloading an executable file which is just shouting VIRUS VIRUS VIRUS, IM HERE TO STEAL YOUR WALLET ALONG WITH ANY SAVED PASSWORDS ON YOUR COMPUTER TO TAKE ALL YOUR PERSONAL INFORMATION/MONEY AND RUN. Use some common sense. On another note, having used wireshark to trace the connection (In a safe environment ofcourse) I have got a valid IP address. I shall create an IC3 report along with a complaint to the webhosting company to shutdown the site. Have a good day all, if you need help with anything malware related. I'm your man.  |
|
|
|
|
Any proof pics of previous builds with your forum name next to it? It's all good saying things, but without valid proof how do I know you're the real deal?
Interested nonetheless.
Ill PM you soon
|
|
|
|
|
I can do this for you.
PM sent
|
|
|
|
Advantages of this website: - Sellers/buyers are able to bypass strict verifications which major exchange sites such as btc-e, mtgox etc hold.
- Build your trust and gain popularity - The one thing people are looking for when trading bitcoins is trust, this is deemed when selling/buying to customers.
- Drive down the price - I have been able to buy bitcoins at a much lower price than market price by using my website, also based on the trust that users have of the site. Good for making a large profit margin
Responsive - nice sleek design on all electronic devices. iPhone/iPad/Laptops etc. Nice HQ Design - easy to read and simple to navigate, perfect for newcomers! Easily editable - I will provide help on how to edit the site, or I will edit the site for you before you buy. Professional - everything runs smooth, loads quickly and SEO friendly! Along with the website/files comes: 1.Domain and hosting which has been paid for, for 2 years. 2. Twitter account with 14,000 followers specified to this website.       Interested? PM me for further details and to discuss. Offers will be taken into account. Thanks. |
|
|
|
|
Well when a company gets so much monopolistic power in a market, it can take advantage of its power and start scamming without much loss of demand from users. It's a shame, this problem still remains unresolved.
|
|
|
|
They thought they could let this slide, this has been ongoing and still not resolved, it's a shame they think they can do this to people. some of us have mouths to feed, stealing like this is an absolute disgrace on behalf of such a big company. Basically, for some unknown reason I couldn't access the BTC-e site whenever I tried, after having sent my IP in, I managed to resolve that, only to find out that they had blocked my account for no reason. Whilst sending btc-e a ticket in relation to this issue I got my ticket closed straight after, they didn't respond, they just immediately closed my ticket. This is outrageous that they can do this to my bitcoins! Proof:  As you can see, upon logging in, my account is banned, I can't access any features of the site  Both tickets are closed, neither of which had been resolved.  look at the status of the ticket, closed. even though no response was given!  Support ticket given me a load of automated c*** This scam accusation stands until the problem is solved, just a heads up to others, it can be you! No idea why they did this to me, no response to my tickets either. Not impressed at all. |
|
|
|
|
It's been over a month since I requested withdrawal of over 700 Euros, it's staying at pending and nothing has gone into my bank.
After having sent them multiple messages, they have all been closed and merged into one. Still no real response from them, absolutely terrible service IMO.
Has anyone had any similar problems withdrawing ££ with them? My previous withdrawal only took about 2 weeks max, this has taken too long now.
Regards
|
|
|
|
My 2 cents (as an experienced systems administrator and bitcoin newbie):
Nothing will help better than safe browsing practices and an up to date anti-virus solution. The cat and mouse game of the virus creators and the anti-virus companies will always be an issue. That virus creator only has to be right once to get his hands on your important data.
I have a blockchain.info account but I keep my main wallet on a Windows 7 Virtual Machine. The VM has full disk encryption (truecrypt), all Microsoft security patches are installed, and it is turned off when not in use. It only runs armory, bitcoin-qt and anti-virus. Only downside is it usually only takes about 30-60 minutes to sync back up with the blockchain after being turned off for a few days
I also plan on setting up a completely offline wallet using ubuntu on an older netbook that I can stash in a safe.
I don't have too much money in bitcoin right now but I hope to see my mining and monthly deposits reach some serious worth.
I like to think I am very security conscious but maybe I am just paranoid
Hi sir, I take it you're not fully aware of remote administration tools? If you are sorry.. Ok, an up to date anti-virus will be near to nothing when it comes to being effective against a virus. Those who create viruses are also aware of how to change variables and methods of injecting a file so that the anti-virus will not pick up any data, this can vary from simply changing icon to binding a program so that when virus is ran a fake program is ran too. My point is that you can still be infected if you have up to date antivirus. On the discussion of a remote administration tool, it gains unathorised access to your whole computer, meaning the hacker can scavage throughout all your files, and search for files which the hacker may deem valuable, in this case wallet.dat or whatever other crypto-currency data files you may have. Your idea of keeping the wallet offline is the only true method of being 100% protected, where the computer doesn't have an internet connection it is more likely to remain safe. Yeah, but it is very unlikely unless you are constantly using remote administration tools and happen to give someone access accidentally. Which in that case I would not keep any source of bitcoin on that computer regardless. Even something as simple as letting someone you know use teamviewer or even they just have your network password. Usually it is the USER that puts themselves in that spot to begin with. Not always, but most the time in that kind of scenario. You don't quite understand what a RAT is. It is an illegal method for hackers to gain unpriviledged access to ones PC, gaining full access doing everything possibly bad that you could think of. You don't give someone access to a RAT, rather they gain without your permission. |
|
|
|
For top security and ensuring your wallet is only touched by yourself keep it offline, don't send your funds to online wallets. Many of those who develop these sites take no precautionary measures into vigorously testing the security of the website and can be easily exploited as has been seen in the past, I'm sure you wouldn't want your valuable money to vanish in thin air, keep it offline. Make sure you have up-to-date antivirus and your system is clean of any malware. (Although this merely helps, it will help get rid of the obvious malware but not any advanced malware, as discussed in my thread https://bitcointalk.org/index.php?topic=221267) Have a great day |
|
|
|
So what you're saying is that running noscript wouldn't be enough to defend against this?
No not necessarily, noscript functions by blocking javascript/java/flash and only allowing it on a list of trusted websites. Malware (especially RAT's) can spread many other ways, whether this be through simply inserting your USB into an infected computer and then inserting that same USB into a non-infected computer and at the same time infecting the computer which was clean before. There's many ways such files can be spreaded, even through being binded onto real applications which would lower suspicions drastically. It's a hard game trying to be protected when such malware exists, but it is you as an individual's responsibility to ensure you take sufficient steps into preventing such attacks onto your computer. |
|
|
|
Make sure to encrypt your wallet with a very long, complex password.
Makes no difference if you encrypted your wallet with the password Password1 or encrypted your wallet with the Password vutHAspaSPaf3#J A keylogger records all strokes and thus the hacker if gains remote access can not only steal your wallet but also know your encryption password. Thanks Bit of a noob question, but when I have to enter a password I tend to create it by cutting/pasting/rearranging from existing text. Am I wasting my time or does this help to throw keyloggers? Hi since keyloggers only record keystrokes, what you're doing is a very good idea, something I do myself too. Also, I tend to use on-screen keyboard which can be found on all computers running windows. It prevents any keyloggers from recording precious data, I only use this when entering passwords (obviously) This may seem a bit over the top.. but remote administration tools can view your whole computer screen, a few youtube searches of RAT's will reveal to you just how powerful they are once hackers have access to your computer. So cutting and pasting there's still that risk thrown in |
|
|
|
Make sure to encrypt your wallet with a very long, complex password.
Makes no difference if you encrypted your wallet with the password Password1 or encrypted your wallet with the Password vutHAspaSPaf3#J A keylogger records all strokes and thus the hacker if gains remote access can not only steal your wallet but also know your encryption password. Thanks |
|
|
|
A warning to all of those using this app, android is open root software so you are prone to malware, be careful what you downlaod and only run if it is trusted. Good day to you all |
|
|
|
|
