Bitcoin Forum
December 12, 2024, 09:40:57 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 5 6 7 »  All
  Print  
Author Topic: Bitcoin Mining Accelerator SCAM  (Read 19311 times)
sergio
Sr. Member
****
Offline Offline

Activity: 313
Merit: 258


View Profile WWW
June 29, 2011, 08:53:10 PM
 #21

if you use linux you can use the string command to take a look at ascii characters in the binary, there is a web site listed, however I do not know how it is related to the scam mining software.

minero@dragon:~/Downloads$ strings  -a Coin-Miner-v2.7.exe  |more
!This program cannot be run in DOS mode.
Rich
.text
`.rdata
@.data
.rsrc
http://www.clickteam.com
PVQR
PVQR
QRSP
_^][
_^][
L$,QV
=H0B
[u4j&V
=L0B
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
June 29, 2011, 08:56:04 PM
 #22

Sorry for the slow progress, working as fast as I can.

Compromised addresses:
...
More to come; will update this post as I find more.

Consider spending the coins off to another fresh address of your own, editing your post, and inviting the person come get them from you.  Who knows, the victim could re-run the program and send a fresh copy to the malware author.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
Distribution
Hero Member
*****
Offline Offline

Activity: 711
Merit: 500


Fight fire with photos.


View Profile
June 29, 2011, 09:12:52 PM
 #23

My favorite award is most downloaded May/June. Especially considering that the oldest comments are from June 28.
dacoinminster
Legendary
*
Offline Offline

Activity: 1260
Merit: 1031


Rational Exuberance


View Profile WWW
June 29, 2011, 09:16:00 PM
 #24

Consider spending the coins off to another fresh address of your own, editing your post, and inviting the person come get them from you.  Who knows, the victim could re-run the program and send a fresh copy to the malware author.

Yes - you will be doing the community a huge favor if you secure these coins as you gain access to them.

Justsomeforumuser
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
June 29, 2011, 09:48:10 PM
 #25

I just got an email advertising this wonderfull scam

DO NOT USE THIS SOFTWARE!
www.bitcoin-mining-accelerator.com

This one definitely and 100% got sent to the disclosed MtGox hacked database email. I think I will  deactivate it now, despite all the fun stuff that's been trickling in..

Ho-Hum.
bitcoinminer
Sr. Member
****
Offline Offline

Activity: 322
Merit: 252



View Profile
June 29, 2011, 09:53:12 PM
 #26

I just got an email advertising this wonderfull scam

I thought there already was a topic on it but couldn't find it so i thought i'd put this up as a warning.

It's funny how hard they try to make this look legit, the awards are epic!

DO NOT USE THIS SOFTWARE!
www.bitcoin-mining-accelerator.com



how about you chop-up-the-domain-name so that robots don't pick it up for google?

Be fearful when others are greedy, and greedy when others are fearful.

-Warren Buffett
bitcoinminer
Sr. Member
****
Offline Offline

Activity: 322
Merit: 252



View Profile
June 29, 2011, 09:54:31 PM
 #27

Sorry for the slow progress, working as fast as I can.

EDIT: At the request of several people, I am spending all of the coins in each address I come across to a secure wallet on my machine.  I will publish a complete list of compromised addresses and where the coins they held are after I finish processing the (growing) collection of wallets that I have.  We can iron out claim details later.  I have a process fetching and deleting new wallets automatically now, so hopefully he won't get his hands on any more.

After all the warnings given out, I think you should spend all of these coins to a charity for the mentally retarded

Be fearful when others are greedy, and greedy when others are fearful.

-Warren Buffett
dacoinminster
Legendary
*
Offline Offline

Activity: 1260
Merit: 1031


Rational Exuberance


View Profile WWW
June 29, 2011, 09:59:28 PM
 #28

After all the warnings given out, I think you should spend all of these coins to a charity for the mentally retarded

I want stupid people to be able to use bitcoins safely someday. Plenty of stupid people use cash, and if we limit the bitcoin economy to non-retards, it will be pretty small.

Hopefully future generations of clients will prevent stuff like this.

Distribution
Hero Member
*****
Offline Offline

Activity: 711
Merit: 500


Fight fire with photos.


View Profile
June 29, 2011, 10:01:23 PM
 #29

How could you figure out who the coins belong to?
bitcool
Legendary
*
Offline Offline

Activity: 1441
Merit: 1000

Live and enjoy experiments


View Profile
June 29, 2011, 10:02:44 PM
 #30

awesome.. i just got it too !!!  Thanks Mt.Gox for letting the world have my personal email address.  appreciate it.
Where should we send the thank-you cards to?
Chick
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
June 29, 2011, 10:03:13 PM
 #31

Hey, lets connect to the ftp server and steal the wallets!  Grin

SolarSilver
Legendary
*
Offline Offline

Activity: 1112
Merit: 1000


View Profile
June 29, 2011, 10:05:40 PM
 #32

This one definitely and 100% got sent to the disclosed MtGox hacked database email. I think I will  deactivate it now, despite all the fun stuff that's been trickling in..

I got the message twice sent to the same address I used specifically for MtGox:

Received: from o1.bn.sendgrid.net (o1.bn.sendgrid.net [75.126.253.211])
Received: from o1.bn.sendgrid.net ([75.126.253.211])

Thank you MtGox for leaking out this address, can I send a bill for each received spam and you can pay in BTC? Or perhaps you should spend the money on data security.

xenon481
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250



View Profile
June 29, 2011, 10:07:42 PM
 #33

When refreshing the FTP directory periodically, three .dat files appeared.  I have downloaded them and removed them from the FTP server.  After starting up bitcoind with them I will report on any addresses they contain that have been seen in the block chain.  If they turn out to be your addresses, create a new wallet on a secure machine and spend all of your coins to one of its addresses ASAP.

EDIT: More keep popping up every so often.  I am downloading and deleting all that I find.

You might want to also set up something that periodically checks to see if the mal-executable changes. The author may change the destination details.

Tips Appreciated: 171TQ2wJg7bxj2q68VNibU75YZB22b7ZDr
Chick
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
June 29, 2011, 10:10:46 PM
 #34

This one definitely and 100% got sent to the disclosed MtGox hacked database email. I think I will  deactivate it now, despite all the fun stuff that's been trickling in..

I got the message twice sent to the same address I used specifically for MtGox:

Received: from o1.bn.sendgrid.net (o1.bn.sendgrid.net [75.126.253.211])
Received: from o1.bn.sendgrid.net ([75.126.253.211])

Thank you MtGox for leaking out this address, can I send a bill for each received spam and you can pay in BTC? Or perhaps you should spend the money on data security.



You should definitely report this to abuse@sendgrid.net.

cdhowie
Full Member
***
Offline Offline

Activity: 182
Merit: 107



View Profile WWW
June 29, 2011, 10:19:48 PM
 #35

When refreshing the FTP directory periodically, three .dat files appeared.  I have downloaded them and removed them from the FTP server.  After starting up bitcoind with them I will report on any addresses they contain that have been seen in the block chain.  If they turn out to be your addresses, create a new wallet on a secure machine and spend all of your coins to one of its addresses ASAP.

EDIT: More keep popping up every so often.  I am downloading and deleting all that I find.

You might want to also set up something that periodically checks to see if the mal-executable changes. The author may change the destination details.

Yup, already doing that too.

Tips are always welcome and can be sent to 1CZ8QgBWZSV3nLLqRk2BD3B4qDbpWAEDCZ

Thanks to ye, we have the final piece.

PGP key fingerprint: 2B7A B280 8B12 21CC 260A  DF65 6FCE 505A CF83 38F5

SerajewelKS @ #bitcoin-otc
Chick
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
June 29, 2011, 10:31:34 PM
 #36

Where does it install? I don't see anything relating to Coin_Miner in the Program Files directory.

I'm running this on a crappy 5 year old computer, hoping to log it's connections. Tongue

mouse
Newbie
*
Offline Offline

Activity: 56
Merit: 0



View Profile
June 29, 2011, 10:42:21 PM
 #37

It's pretty depressing that virus scam sites have better designs than the legit bitcoin ones :-(
andes
Jr. Member
*
Offline Offline

Activity: 42
Merit: 2


View Profile
June 29, 2011, 10:48:19 PM
 #38

It's pretty depressing that virus scam sites have better designs than the legit bitcoin ones :-(
Defininitely, we need better marketing for legitimate bitcoin uses.
bitplane
Sr. Member
****
Offline Offline

Activity: 321
Merit: 250

Firstbits: 1gyzhw


View Profile WWW
June 29, 2011, 10:49:09 PM
 #39

if you use linux you can use the string command to take a look at ascii characters in the binary, there is a web site listed, however I do not know how it is related to the scam mining software.

minero@dragon:~/Downloads$ strings  -a Coin-Miner-v2.7.exe  |more
!This program cannot be run in DOS mode.
Rich
.text
`.rdata
@.data
.rsrc
http://www.clickteam.com
Haha, newbs. Made in one of clickteam's game creation kits, might even be traceable back to their serial number if they actually bought it.

I suggest submitting this to all the AV companies ASAP. I am submitting it to Microsoft now.

edit: also reported to Google's safe browsing
BitcoinPorn
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500


Posts: 69


View Profile WWW
June 29, 2011, 10:51:40 PM
 #40

Defininitely, we need better marketing for legitimate bitcoin uses.

On a very real note that has nothing to do with this thread.  I've only charged one user for a graphic (suuuper cheap mind you), made a few for free, and honestly if I didn't have more work myself, I'd do more.  I'd ask for donations on all that shit, but obviously the start up people don't have it, so it comes down to, if any graphic designer has invested in coin, they should further seal their investment by helping out the stores that would make Bitcoin have that look legitimacy that is lacking on most these place.  I trust so few based on looks alone.

Pages: « 1 [2] 3 4 5 6 7 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!