Quickseller (OP)
Copper Member
Legendary
Offline
Activity: 2926
Merit: 2347
|
|
June 06, 2015, 07:33:53 PM Last edit: August 08, 2015, 03:24:09 PM by Quickseller |
|
Spammers Profile Link: https://bitcointalk.org/index.php?action=profile;u=350925This person has made 30 posts (including some new threads) with his referral link today Upon closer inspection of the referral links he is posting the domain of the referral link matches his handle which makes be believe that he owns the site. A quick glance of the site he is advertising, makes me believe this is some kind of cloud mining ponzi scam site. edit: it appears he was trying to spread malware, and there have been other cases of this happening. The most recent example is Magic Of Nigeria edit: it appears the most recent example is now Marcy https://bitcointalk.org/index.php?action=profile;u=405552
|
|
|
|
XinXan
|
|
June 06, 2015, 07:37:21 PM |
|
Yep its probably some cloud mining ponzi but he actually posted 2 different websites, its kind of weird that he decided to do this now, maybe his account was sold or hacked?
|
|
|
|
hilariousandco
Global Moderator
Legendary
Offline
Activity: 3864
Merit: 2654
Join the world-leading crypto sportsbook NOW!
|
|
June 06, 2015, 07:57:07 PM Last edit: June 06, 2015, 09:13:51 PM by hilariousandco |
|
His name is EmpoEX but the ref links he's spamming are for a cloud mining company. Likely a hacked account I think. Someone was doing the exact same earlier but for different site I think. Handled what ones I could anyway.
|
|
|
|
DiamondCardz
Legendary
Offline
Activity: 1134
Merit: 1112
|
|
June 06, 2015, 07:58:27 PM |
|
His name is EmpoEX bit the ref links he's spamming are for a cloud mining. Likely a hacked account I think. Someone was doing the exact same earlier but for different site I think. Handled what ones I could anyway.
Yeah. I reported all the posts of the previous guy who seemed to be hacked, and this one (this one about an hour ago I think). There's a looot, I think I've reported at least 50 of these hacked account spambot posts in total now. It's crazy. Edit: Oh my God I love your personal text hilariousandco
|
BA Computer Science, University of Oxford Dissertation was about threat modelling on distributed ledgers.
|
|
|
Quickseller (OP)
Copper Member
Legendary
Offline
Activity: 2926
Merit: 2347
|
|
June 06, 2015, 08:00:46 PM |
|
His name is EmpoEX bit the ref links he's spamming are for a cloud mining. Likely a hacked account I think. Someone was doing the exact same earlier but for different site I think. Handled what ones I could anyway.
Thanks. I swear I thought that I saw one of the domains he was advertising to match his forum handle. It looks like the referral number is always the same across different sites, so I think the various sites are all the same.
|
|
|
|
DiamondCardz
Legendary
Offline
Activity: 1134
Merit: 1112
|
|
June 06, 2015, 08:02:30 PM |
|
It looks like the referral number is always the same across different sites, so I think the various sites are all the same.
Perhaps. Considering that I couldn't find any references on Google to the site this hacked account and the last one were advertising - though I did find one with the same domain but an .eu TLD, so perhaps this site tries to rip-off the trustworthiness of that - I have a feeling that there is no actual referring going on at all, and that this is indeed simply an attempt to scam people.
|
BA Computer Science, University of Oxford Dissertation was about threat modelling on distributed ledgers.
|
|
|
TheButterZone
Legendary
Offline
Activity: 3010
Merit: 1031
RIP Mommy
|
|
June 06, 2015, 08:03:38 PM |
|
Nuke from orbit just to be sure.
|
Saying that you don't trust someone because of their behavior is completely valid.
|
|
|
hilariousandco
Global Moderator
Legendary
Offline
Activity: 3864
Merit: 2654
Join the world-leading crypto sportsbook NOW!
|
|
June 06, 2015, 09:26:11 PM |
|
Seems he's regained control of his account as he's edited all the posts: Apologies for anyone who clicked the link here. Please delete this thread.
Nuke from orbit just to be sure.
Only newbies can be nuked. Think this is why we need more active Globals though as well. Edit: Oh my God I love your personal text hilariousandco I laughed when I first saw it.
|
|
|
|
Quickseller (OP)
Copper Member
Legendary
Offline
Activity: 2926
Merit: 2347
|
|
June 06, 2015, 09:28:20 PM |
|
Seems he's regained control of his account as he's edited all the posts: Apologies for anyone who clicked the link here. Please delete this thread.
He probably saw the negative trust he got as well as this thread. It seems that his password was only changed once recently which would really not explain very much.
|
|
|
|
unamis76
Legendary
Offline
Activity: 1512
Merit: 1009
|
|
June 06, 2015, 10:01:35 PM |
|
It seems we have been having a big surge of spammers in the last few hours. I hope the mods have the time to take care of all that, it's big work sometimes... I'm helping anytime I can by reporting, keep it up, mods
|
|
|
|
Cyrus
Ninja
Administrator
Legendary
Offline
Activity: 3808
Merit: 3012
|
|
June 06, 2015, 11:31:04 PM |
|
I hope the mods have the time to take care of all that, it's big work sometimes... I'm helping anytime I can by reporting, keep it up, mods We're on it. And appreciate the help.
|
|
|
|
Grand_Voyageur
|
|
June 07, 2015, 12:57:56 PM |
|
I hope the mods have the time to take care of all that, it's big work sometimes... I'm helping anytime I can by reporting, keep it up, mods We're on it. And appreciate the help. Just reported another possible alt - YourNewGod, uid: 412771 - of the said spammer.
|
██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
|
|
|
hilariousandco
Global Moderator
Legendary
Offline
Activity: 3864
Merit: 2654
Join the world-leading crypto sportsbook NOW!
|
|
June 07, 2015, 01:01:26 PM |
|
Yeah, handled the ones of his that I could. Just keep reporting them.
|
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1520
No I dont escrow anymore.
|
|
June 07, 2015, 01:21:54 PM |
|
Aaand another one: https://bitcointalk.org/index.php?action=profile;u=412771Probably hacked as well. I guess the weak passwords from the leak are broken now.
|
Im not really here, its just your imagination.
|
|
|
Twipple
|
|
June 07, 2015, 02:20:48 PM |
|
I don't think its accounts hacked from the hack. It would be stupid to use the accounts for posting spam to a referral link as that would generate a much smaller profit than using it for other purposes.
|
|
|
|
hilariousandco
Global Moderator
Legendary
Offline
Activity: 3864
Merit: 2654
Join the world-leading crypto sportsbook NOW!
|
|
June 07, 2015, 02:24:36 PM |
|
Yeah, probably the users just clicked a phishing link themselves or got a virus from somewhere else.
|
|
|
|
EcuaMobi
Legendary
Offline
Activity: 1862
Merit: 1469
|
|
June 07, 2015, 02:28:47 PM |
|
Yeah, probably the users just clicked a phishing link themselves or got a virus from somewhere else.
I got this PM from EmpoEX: Hello,
We have noticed that you have left us a negative trust rating for spamming referral links. Our account was hacked by a trojan horse virus that was spread around the last couple of days, resulting in spam being sent out. If you did not notice, we edited all posts to apologise for the inconveniences. They have now since been deleted.
We're asking kindly if you can remove the negative trust from our account.
Thank you very much #EmpoEX Team
I linked him to this thread and asked him to provide more details. If what he says is true he should give as much information as possible to prevent this in the future.
|
|
|
|
Grand_Voyageur
|
|
June 07, 2015, 02:34:13 PM |
|
Yeah, probably the users just clicked a phishing link themselves or got a virus from somewhere else.
I guess it was linked to the phishing attempts reported today by QS & AT101ET. Maybe, You & other Staff have more solid proofs about the issues. Yeah, probably the users just clicked a phishing link themselves or got a virus from somewhere else.
I got this PM from EmpoEX: Hello,
We have noticed that you have left us a negative trust rating for spamming referral links. Our account was hacked by a trojan horse virus that was spread around the last couple of days, resulting in spam being sent out. If you did not notice, we edited all posts to apologise for the inconveniences. They have now since been deleted.
We're asking kindly if you can remove the negative trust from our account.
Thank you very much #EmpoEX Team
I linked him to this thread and asked him to provide more details. If what he says is true he should give as much information as possible to prevent this in the future. +1. It would be great to learn some lessons from it & maybe we can also turn it in a distributed digital forensics effort.
|
██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
|
|
|
EmpoEX
|
|
June 07, 2015, 03:41:09 PM Last edit: June 07, 2015, 03:52:26 PM by EmpoEX |
|
The link that was spammed by this account was spammed by others in the Altcoin ANN section. The thread which I saw was yesterday at about 2-3 PM here: https://bitcointalk.org/index.php?topic=1082561.msg11550385#msg11550385 (since deleted). Here is a backup of the thread: Link was clicked and visited showing a site which downloads a miner exe. Upon double clicking it, nothing appeared to have happened. A few hours later, our accounts started getting logged into such as here, twitter and other sites. Security emails were received, and we tracked it to this IP: 37.123.112.27. After this, posts were made throughout every section on the forum with a referral link + a locked thread. We promptly went through and edited all posts to request them to be deleted. Not entirely sure how the passwords were leaked but it seems the trojan gained access to stored passwords in Google Chrome, as all passwords in use were 30+ chars long and not guessable or weak by any means. Upon closer inspection of the referral links he is posting the domain of the referral link matches his handle
The link that was spammed contained an ID on the end of the URL specifically "?ref=271292" for a hashminer.net site, which does not in any way match our handle. Here is a backup of the thread which was posted by us into the Altcoin ANN section yesterday showing a totally different ref number, for cloudminer.biz domain: Please refrain from unnecessary accusations. I would like to clarify that we do not own and are not associated with the site that was linked. You can check the history of our account, we are running a professional exchange. It would be greatly appreciated that anyone who has placed negative trust to edit their trust to restore our account to good standing. Hopefully this helps clear up the situation. #EmpoEX Team
|
|
|
|
Muhammed Zakir
|
|
June 07, 2015, 04:10:10 PM |
|
The link that was spammed by this account was spammed by others in the Altcoin ANN section. The thread which I saw was yesterday at about 2-3 PM here: https://bitcointalk.org/index.php?topic=1082561.msg11550385#msg11550385 (since deleted).
Here is a backup of the thread:
[img]https://i.imgur.com/DAL6Rpv.png[/img]
Link was clicked and visited showing a site which downloads a miner exe. Upon double clicking it, nothing appeared to have happened. A few hours later, our accounts started getting logged into such as here, twitter and other sites. Security emails were received, and we tracked it to this IP: 37.123.112.27. After this, posts were made throughout every section on the forum with a referral link + a locked thread. We promptly went through and edited all posts to request them to be deleted.
Not entirely sure how the passwords were leaked but it seems the trojan gained access to stored passwords in Google Chrome, as all passwords in use were 30+ chars long and not guessable or weak by any means.
[quote author=Quickseller link=topic=1082790.msg11552287#msg11552287 date=1433619233] Upon closer inspection of the referral links he is posting the domain of the referral link matches his handle [/quote]
The link that was spammed contained an ID on the end of the URL specifically "?ref=271292" for a hashminer.net site, which does not in any way match our handle.
[img]https://i.imgur.com/WEMOjep.png[/img]
Here is a backup of the thread which was posted by us into the Altcoin ANN section yesterday showing a totally different ref number, for cloudminer.biz domain:
[img]https://i.imgur.com/08Yuj5n.png[/img]
Please refrain from unnecessary accusations.
I would like to clarify that we do not own and are not associated with the site that was linked. You can check the history of our account, we are running a professional exchange. It would be greatly appreciated that anyone who has placed negative trust to edit their trust to restore our account to good standing.
Hopefully this helps clear up the situation. #EmpoEX Team
Cloudminer.biz referral ID will be different from Bitcointalk UID. Edit: I think we need more Global Mods. YourNewGod excessively spamming. Hope these accounts will be banned soon.
|
|
|
|
|