|
Boing7898
|
 |
June 20, 2011, 01:19:59 PM
Last edit: June 20, 2011, 01:44:30 PM by Boing7898 |
|
I got another malware called Bitcoin-exploit.. if someone wants I'll post it here. It is an AutoIt script (thanks BinText) Dear Mt.Gox user,
There has recently been a private new Bitcoin exploit program released that duplicates transaction fee's from the previous thousands of transactions and sends the BTC to your address.
We're well aware that many Mt. Gox users have lost their Bitcoins due to the security breaches on our website in the last few days, so we decided it would be fair for those users to recoup at least some of their losses:
You may check out the exploit here : URLOFINFECTEDSHIT
**Please read the enclosed tutorials prior to running the program for instructions.**
This is our way of apologizing to our users for the massive problems we've been experiencing as of late, including the users who have lost alot of BTC over the past few days
Thanks,
The Mt.Gox team BIG EDIT: IN THE SAME SERVER THERE WAS SPYEYE!! Spyeye is a bot that STEALS CREDIT CARDS!! Clean your PC now, if you don't want to get your credit card stealed. |
|
|
|
|
mandros
Newbie
 Offline
Activity: 21
Merit: 0
|
|
June 20, 2011, 01:47:07 PM |
|
Anyone have this file, I wish to download it. Don't question my wanting, please if you have the file upload it to mediafire I wish to take a look at it.
Here you have it: http://www.megaupload.com/?d=VWNREX2XIt's zipped with password: virus It's also renamed with extension .virus so no one can execute it by accident. I received it on my yahoo email account and as of right now it still let me download it without detecting it as a virus. I've posted it aswell  Oops, my fault. By the way, do you have any spare glasses ? ;-) |
|
|
|
|
netrin
Sr. Member
Offline
Activity: 322
Merit: 251
FirstBits: 168Bc
|
|
June 21, 2011, 12:37:32 AM |
|
Does this virus send bitcoins to an address or just upload the entire wallet to an email address or what? There are probably a bunch of variations out in the wild, but is there ONE address worth looking at in the block chain? url?
|
|
|
|
jhfire (OP)
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 21, 2011, 12:55:02 AM |
|
Does this virus send bitcoins to an address or just upload the entire wallet to an email address or what? There are probably a bunch of variations out in the wild, but is there ONE address worth looking at in the block chain? url?
It doesn't steal anything, it is a HTTP Rat. Just means the hacker can control your computer through a website. |
|
|
|
|
|
aceman1011
|
|
June 21, 2011, 12:59:43 AM |
|
Lol, I am quite experienced in the malware field.
Looks like some skids learned to use the leaked Zeus code and a crypter... I'll check this out in NET Reflector and see if I can't reverse engineer this skiddy.
|
Rent my 800 + mh/s rig. PM me!
|
|
|
jhfire (OP)
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 21, 2011, 01:04:48 AM |
|
Lol, I am quite experienced in the malware field.
Looks like some skids learned to use the leaked Zeus code and a crypter... I'll check this out in NET Reflector and see if I can't reverse engineer this skiddy.
HAHAHAHAHAHHAHAHAHAHAHAHAHAHAHAHAHHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAH AAAAAAAAAAAAAAAAAAAAAAHAHAHHAHAHAHHAHAHAHAHAHAHHAAHAHAHAHHAHAHAHAHAHAHAHAHHAHAH AHAHA MAAHHDFSDGHouar589yh4uigre9uiter That is what I think about your statement. First little kid, the file is written in C++ and uses port 80 to communicate to the site. I thought it was a stealer until I tracked the IP down to the site. I found the control panel, sql injected to find the username and password. It is a HTTP RAT and the control panel has 9k RATS. This is not Zeus kid and this is not a fucking crypter. It has crypted ST/RT and made a directory in C:\ under the name of win.bin or some shit like that. I already decompiled this virus and got everything out of it. I took down his site and now the game is over. You're to late, please take your kid shit somewhere else. P.S. I like it how you think by saying "Zeus" and "Lol, I am quite experienced in the malware field." makes you some kind of god. Edit: I made a thread about it and it got taken down by mobs. |
|
|
|
|
|
aceman1011
|
|
June 21, 2011, 01:11:43 AM |
|
Lol, you don't know crap. You first say it's a RAT, then a botnet. You claim to have used SQLi on a control panel with 9000 "rats." Hate to break it to ya, but it was probably uBot, umbrella loader, vertexnet, or Blackshades. You are full of BS, and yea you MUST crypt the output of HTTP, Hexing won't work on it. It wouldn't be FUD for a day. GTFO. You're so l33t! Wow, you know what scantime and runtime means...
|
Rent my 800 + mh/s rig. PM me!
|
|
|
jhfire (OP)
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 21, 2011, 01:15:20 AM |
|
Lol, you don't know crap. You first say it's a RAT, then a botnet. You claim to have used SQLi on a control panel with 9000 "rats." Hate to break it to ya, but it was probably uBot, umbrella loader, vertexnet, or Blackshades. You are full of BS, and yea you MUST crypt the output of HTTP, Hexing won't work on it. It wouldn't be FUD for a day. GTFO. You're so l33t! Wow, you know what scantime and runtime means...
Okay kid. Here is a ss of the old thread from yesterday the mods closed down. Now, you GTFO kid. Thread: Proof: You were saying dick? |
|
|
|
|
|
aceman1011
|
|
June 21, 2011, 01:20:34 AM |
|
Lol, you don't know crap. You first say it's a RAT, then a botnet. You claim to have used SQLi on a control panel with 9000 "rats." Hate to break it to ya, but it was probably uBot, umbrella loader, vertexnet, or Blackshades. You are full of BS, and yea you MUST crypt the output of HTTP, Hexing won't work on it. It wouldn't be FUD for a day. GTFO. You're so l33t! Wow, you know what scantime and runtime means...
Okay kid. Here is a ss of the old thread from yesterday the mods closed down. Now, you GTFO kid. Thread: Proof: You were saying dick? Lol, VertexNet 1.1 doesn't even work. The maker even told me. Ask Unremote on HF or Twitter. Neither does 1.0 beta or 1.2. And why would you include Spyeye Tracker? Add Symantec field info.... |
Rent my 800 + mh/s rig. PM me!
|
|
|
jhfire (OP)
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 21, 2011, 01:22:08 AM |
|
Lol, you don't know crap. You first say it's a RAT, then a botnet. You claim to have used SQLi on a control panel with 9000 "rats." Hate to break it to ya, but it was probably uBot, umbrella loader, vertexnet, or Blackshades. You are full of BS, and yea you MUST crypt the output of HTTP, Hexing won't work on it. It wouldn't be FUD for a day. GTFO. You're so l33t! Wow, you know what scantime and runtime means...
Okay kid. Here is a ss of the old thread from yesterday the mods closed down. Now, you GTFO kid. Thread: Proof: You were saying dick? Lol, VertexNet 1.1 doesn't even work. The maker even told me. Ask Unremote on HF or Twitter. Neither does 1.0 beta or 1.2. And why would you include Spyeye Tracker? Add Symantec field info.... Actually VertexNet does work. I'm using it as of right now to see what it is all about. I even tested it on myself. Kid, you really need to start testing and learning. |
|
|
|
|
|
aceman1011
|
|
June 21, 2011, 01:27:32 AM |
|
I have, I added tons of vics on it but the commands suck and don't work. You on openwsc or HF?
|
Rent my 800 + mh/s rig. PM me!
|
|
|
jhfire (OP)
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 21, 2011, 01:33:08 AM |
|
I have, I added tons of vics on it but the commands suck and don't work. You on openwsc or HF?
I only use the VertexNet temp and then I move them to CG. I'm on both forums. |
|
|
|
|
|
SomeoneWeird
|
|
June 21, 2011, 01:33:51 AM |
|
I have, I added tons of vics on it but the commands suck and don't work. You on openwsc or HF?
I only use the VertexNet temp and then I move them to CG. I'm on both forums. Ok guys, take your hacker talk somewhere else. |
|
|
|
|
jhfire (OP)
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 21, 2011, 01:49:40 AM |
|
I have, I added tons of vics on it but the commands suck and don't work. You on openwsc or HF?
I only use the VertexNet temp and then I move them to CG. I'm on both forums. Ok guys, take your hacker talk somewhere else. You know you like it  . |
|
|
|
|
|
SomeoneWeird
|
|
June 21, 2011, 01:50:57 AM |
|
I have, I added tons of vics on it but the commands suck and don't work. You on openwsc or HF?
I only use the VertexNet temp and then I move them to CG. I'm on both forums. Ok guys, take your hacker talk somewhere else. You know you like it . Maybe, but no offence, from what I've seen you are both skids. Go talk on HF. |
|
|
|
|
jhfire (OP)
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 21, 2011, 02:01:22 AM |
|
I have, I added tons of vics on it but the commands suck and don't work. You on openwsc or HF?
I only use the VertexNet temp and then I move them to CG. I'm on both forums. Ok guys, take your hacker talk somewhere else. You know you like it . Maybe, but no offence, from what I've seen you are both skids. Go talk on HF. Cool story bro, but usually when someone uses the term skid they are the true skid. I don't go on HF, I only sell there. |
|
|
|
|
|
SomeoneWeird
|
|
June 21, 2011, 02:13:05 AM |
|
I have, I added tons of vics on it but the commands suck and don't work. You on openwsc or HF?
I only use the VertexNet temp and then I move them to CG. I'm on both forums. Ok guys, take your hacker talk somewhere else. You know you like it . Maybe, but no offence, from what I've seen you are both skids. Go talk on HF. Cool story bro, but usually when someone uses the term skid they are the true skid. I don't go on HF, I only sell there. ha, if you say so. |
|
|
|
|
|
aceman1011
|
|
June 21, 2011, 02:25:32 AM |
|
I have, I added tons of vics on it but the commands suck and don't work. You on openwsc or HF?
I only use the VertexNet temp and then I move them to CG. I'm on both forums. Ok guys, take your hacker talk somewhere else. You know you like it . Maybe, but no offence, from what I've seen you are both skids. Go talk on HF. Cool story bro, but usually when someone uses the term skid they are the true skid. I don't go on HF, I only sell there. ha, if you say so. From what you've said, you're the one who still uses HF. Why would you even start posting? |
Rent my 800 + mh/s rig. PM me!
|
|
|
|
SomeoneWeird
|
|
June 21, 2011, 02:31:49 AM |
|
I have, I added tons of vics on it but the commands suck and don't work. You on openwsc or HF?
I only use the VertexNet temp and then I move them to CG. I'm on both forums. Ok guys, take your hacker talk somewhere else. You know you like it . Maybe, but no offence, from what I've seen you are both skids. Go talk on HF. Cool story bro, but usually when someone uses the term skid they are the true skid. I don't go on HF, I only sell there. ha, if you say so. From what you've said, you're the one who still uses HF. Why would you even start posting? I havn't been on HF in over 2 years. I'm not a blackhat. |
|
|
|
|
jhfire (OP)
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 21, 2011, 02:32:07 AM |
|
I have, I added tons of vics on it but the commands suck and don't work. You on openwsc or HF?
I only use the VertexNet temp and then I move them to CG. I'm on both forums. Ok guys, take your hacker talk somewhere else. You know you like it . Maybe, but no offence, from what I've seen you are both skids. Go talk on HF. Cool story bro, but usually when someone uses the term skid they are the true skid. I don't go on HF, I only sell there. ha, if you say so. Go search my username on HF. Not lieing. |
|
|
|
|
|
