Project-Bit (@ProjectBitCOM) confirmed MALICIOUS Software: Proof & documentation

[Zooey]

Project-Bit which promotes software that claims to give away Bitcoins daily is here documented to be maliciously distributing malware executed through disguised requests in the links they spam all over the place.  To help out the Google Bot:  Project-Bit is a scam.


Links for info:
Owner of Youtube and linked Google + accounts:  Benjamin Dimitriou
https://twitter.com/ProjectBitCOM  aka @ProjectBitCOM
http://www.youtube.com/user/TheDykeMinglingFag
https://plus.google.com/u/0/117408554505736965633/about

2 active/recent posts linking malware:
http://www.youtube.com/watch?v=bF6JnszmzaE
https://twitter.com/ProjectBitCOM/status/330684568103448576


Identification and documentation of distributed malicious software

HIGHLIGHTED LINKS ARE CONFIRMED DANGEROUS: DO NOT CLICK.
The supposed 'free Bitcoin' injector has been such an obviously bogus idea that only the most greedy and stupid will have made a personal choice to download it...  and so it's been fairly uninteresting to pay much attention to it even if some morons do download the program.   But the critical threat I have identified today lies not in the bullshit software you knew not to download, but is instead heavily obfuscated as a hidden request in the very first link so that none of the mainstream URLscanners detect it.  These links have not been flagged as containing malicious software by scans or members of the community until now:

http://bit.ly/ZLxxiw
http://bit.ly/158O6sB

Expanded URL (same for both):  http://ge.tt/api/1/files/7B5eMhf/0/blob?download


Analyses below report specific malicious software threat:

WEPAWET Analysis report of expanded URL: http://wepawet.iseclab.org/view.php?hash=70746858ea93d8542f8fd780e45d47bc&t=1367926099&type=js

• DETECTED obfuscated REQUEST:  http://s3.kkloud.com/gett/38Mvgvf/ProjectBit.exe?response-content-disposition=attachmen%3B&AWSAccessKeyId=AKIAI7XHZJPL62V2UOVA&Signature=OHrIHgNqcohDn90Vkc%2BUynx8Ku0%3D&Expires=1367926132
• TYPE:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit
• HASH: 33f9d0e68c5e836e44e9da4a82084dca

ANUBIS Analysis: 70746858ea93d8542f8fd780e45d47bc-3cd7ba7aae4c5c81fea54eb9810cf8b4-1367926099
MD5: 33f9d0e68c5e836e44e9da4a82084dca

FRONTPAGE / TASK OVERVIEW: http://anubis.iseclab.org/?action=result&task_id=100c823f931708fd4f906028da5da5e66
ANALYSIS Report (Direct links by format):

• HTML: http://anubis.iseclab.org/?action=result&task_id=100c823f931708fd4f906028da5da5e66&format=html
• PDF: http://anubis.iseclab.org/?action=result&task_id=100c823f931708fd4f906028da5da5e66&format=pdf
• TXT: http://anubis.iseclab.org/?action=result&task_id=100c823f931708fd4f906028da5da5e66&format=txt
  

[1714898553]

1714898553

[1714898553]

1714898553

[Luke-Jr]

Zooey asked me to look at this.
I'm no security expert, so who knows if I'm missing something, but...

I don't see any evidence of malware here or in the reports, just a lot of technical information that tells nothing about the nature of the webpage/software.

Since I could be wrong, I did not personally open the "malicious" links in question, just in case, so there may be something obvious there I didn't see too.

Also, even if an antivirus vendor told me there was something malicious (which again, I don't see), I would take it with a grain of salt.
One thing anyone involved with Bitcoin mining should know, is that most antivirus software is itself malicious, labelling even legit mining software as viruses and malware when they are not.

Finally, I hate spam as much as the next person.
Please don't support spammers, whether their products/services are malicious or not.

Edit: Ok, I clicked the "malicious" link, and it's just a redirect to an EXE download. Obviously it'd be stupid to run it.
Edit: VirusTotal accuses this EXE of being a virus

[grue]

spawning random processes is pretty suspicious.