Bitcoin Forum
November 02, 2024, 07:50:35 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Malware alert: Listentobitcoins  (Read 2393 times)
Birdy (OP)
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250



View Profile
July 15, 2013, 12:20:09 AM
 #1

According to reddit the website was sold and the new owner put malware in it!

More about this:
http://www.reddit.com/r/Bitcoin/comments/1ia7q2/listen_to_bitcoin_contains_malware/
coinprize
Member
**
Offline Offline

Activity: 98
Merit: 10


Invest NASDAQ in Bitcoin


View Profile WWW
July 15, 2013, 01:41:42 AM
 #2

Thanks! Can google chrome detects the malware?

giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1114


WalletScrutiny.com


View Profile WWW
July 15, 2013, 04:06:38 AM
 #3

ok, so I was at listentobitcoins.com 2 days ago. what should I expect?

I got to go to bed now but is this bad? According to my analysis of this first some lines It does:
eval("") which looks like the really interesting part is in http://www.justice research institute.org/changer.php

(I first tried to just understand this munged part but then decided to debug it after removing the eval part that I had figured out pretty quickly. At my first attempt my box was online, what I highly regret. Kids, don't do that at home. It's playing with fire. Wish I had a separate box that runs off a CD without HD or something for analyzing Viruses.)

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1114


WalletScrutiny.com


View Profile WWW
July 15, 2013, 04:10:54 AM
 #4

This changer.php-thing either is not functional or resists to a simple wget. Hope somebody can find out what the threat is or was two days ago.

Here is what I get with changer.php. Redirects to really fishy stuff and then dies, right?

Code:
$ wget http://www.justiceresearchinstitute.org/changer.php
--2013-07-15 00:08:26--  http://www.justiceresearchinstitute.org/changer.php
Resolving www.justiceresearchinstitute.org (www.justiceresearchinstitute.org)... 70.86.182.49
Connecting to www.justiceresearchinstitute.org (www.justiceresearchinstitute.org)|70.86.182.49|:80... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: http://clisim.memostriamsdays.biz/f2ab0c/meets_weird-justification-telephone/shortest-abuse.php [following]
--2013-07-15 00:08:27--  http://clisim.memostriamsdays.biz/f2ab0c/meets_weird-justification-telephone/shortest-abuse.php
Resolving clisim.memostriamsdays.biz (clisim.memostriamsdays.biz)... 74.63.209.216
Connecting to clisim.memostriamsdays.biz (clisim.memostriamsdays.biz)|74.63.209.216|:80... connected.
HTTP request sent, awaiting response... 502 Bad Gateway
2013-07-15 00:08:28 ERROR 502: Bad Gateway.

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1114


WalletScrutiny.com


View Profile WWW
July 15, 2013, 04:46:37 PM
 #5

Bump: Hargnah, why doesn't this thread get more attention?Huh It should be linked everywhere but instead there is silence.

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
hivewallet
Sr. Member
****
Offline Offline

Activity: 378
Merit: 325


hivewallet.com


View Profile WWW
July 15, 2013, 04:51:48 PM
 #6

Bumping for exactly this reason.

Hive, a beautiful, secure wallet with an app platform for Mac OS X, Android and Mobile Web. Translators wanted! iOS and OS X devs see BitcoinKit.
Tweets @hivewallet. Skype us here. Donations appreciated at 1HLRg9C1GsfEVH555hgcjzDeas14jen2Cn
CurbsideProphet
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500


View Profile
July 15, 2013, 07:09:30 PM
 #7

Reported site to Google Safe Browsing.  Thanks for the heads up.

1ProphetnvP8ju2SxxRvVvyzCtTXDgLPJV
giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1114


WalletScrutiny.com


View Profile WWW
July 15, 2013, 07:53:47 PM
 #8

So, is it likely I have some key logger with my wallet copied to some evil guy? I run a rather freshly installed debian.

Yeah, I tell all my friends with their Windows problems that there are no Linux-Viruses but with my bitcoins at stake I feel a bit paranoid.

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
clearcrystal
Full Member
***
Offline Offline

Activity: 131
Merit: 100


View Profile
July 15, 2013, 08:14:24 PM
 #9

thanks for the heads up

LATOKEN  ●  TRADE REAL ASSETS IN CRYPTO  ●  JOIN ICO NOW
SLACK  |  TELEGRAM
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
btcee
Newbie
*
Offline Offline

Activity: 24
Merit: 0


View Profile
July 16, 2013, 12:38:12 AM
 #10

Wow. I was just there two days ago. Thanks for posting this.
WinVery.com
Full Member
***
Offline Offline

Activity: 235
Merit: 100



View Profile
July 16, 2013, 01:10:44 AM
 #11

That type of shit makes me happy to run a clean tight ship.
hennessyhemp
Hero Member
*****
Offline Offline

Activity: 511
Merit: 500


Hempire Loading...


View Profile WWW
September 19, 2013, 09:26:17 PM
 #12

This may be how my Bitcointalk forum account was hacked...I just saw this thread, and considering the guy that hacked my account was clearly a forum member already...this makes some level of sense.  My account was hacked back on July 10th, and I had been using the listen to bitcoins site prior to that at work because I thought it was cool to hear my money becoming worth more with the low tones indicating large purchases.

Thought that mystery would stay a mystery, but I have a strong feeling this is how he got in.  Now if only we could figure out who he is...tar and feathers at the ready men!

Please add more BTC here (my son will apprecciate it when he's older): 14WsxbeRcgsSYZyNSRJqEAmB1MKAzHhsCT
btcinstant
Full Member
***
Offline Offline

Activity: 180
Merit: 100



View Profile
September 19, 2013, 10:18:24 PM
 #13

This may be how my Bitcointalk forum account was hacked...I just saw this thread, and considering the guy that hacked my account was clearly a forum member already...this makes some level of sense.  My account was hacked back on July 10th, and I had been using the listen to bitcoins site prior to that at work because I thought it was cool to hear my money becoming worth more with the low tones indicating large purchases.

Thought that mystery would stay a mystery, but I have a strong feeling this is how he got in.  Now if only we could figure out who he is...tar and feathers at the ready men!

Currently I have a bitcointalk account  that was hacked  and still waiting to get into it.
uk1
Copper Member
Hero Member
*****
Offline Offline

Activity: 546
Merit: 500


View Profile WWW
September 19, 2013, 10:20:35 PM
 #14

thanks for the heads up

hennessyhemp
Hero Member
*****
Offline Offline

Activity: 511
Merit: 500


Hempire Loading...


View Profile WWW
September 19, 2013, 10:54:54 PM
 #15

This all occurred right around the same time lots of forum members started putting up sock puppets as their picture, as many accounts became sock puppets after passwords became compromised. 

The posts made with my account lead me to believe the hacker was obviously a forum member, and possibly fairly good at coding...or at least using vicious code capable of stealing your shit.  He also appeared to have a fascination with all things gambling.  I'll bet some of the senior members are starting to recognize his poor grammar and continued unpleasant posts.

He also posted on some rather shady threads already on this site...like forum account purchasing threads and debt threads where he talked about getting information illegally. 

If he's capable of doing this to a bunch of bitcoin nerds...lookout real world...cause this bastard is smarter than a malicious person should be.  Probably lacking in the hugs department as a child.

Please add more BTC here (my son will apprecciate it when he's older): 14WsxbeRcgsSYZyNSRJqEAmB1MKAzHhsCT
gacr
Full Member
***
Offline Offline

Activity: 141
Merit: 100



View Profile
September 20, 2013, 09:09:46 AM
 #16

guys stop using ie and opera as main browsers -these two can be exploited and can be infected with a malware or btc stealer and you dont loose only your btc ... you can loose your cc details , passwords , bank accounts etc etc  .... use chrome or firefox ..... cant be exploited by exploit packs . also when you visit some sites you are asked to download updates for flash player or something like that .... if the upgrade is nor from adobe , you can download a malware for sure.

i'm waiting for a mod to tell me where i can open a thread and explain how the malware thing works like.

hennessyhemp
Hero Member
*****
Offline Offline

Activity: 511
Merit: 500


Hempire Loading...


View Profile WWW
September 20, 2013, 03:06:16 PM
 #17

Definitely using Chrome at the time.  I don't know how the guy got in exactly...but I had been on this site...and reading about how it was sold to someone who infected it with malware made much more sense than any other thing I've done that might have left me vulnerable.

Please add more BTC here (my son will apprecciate it when he's older): 14WsxbeRcgsSYZyNSRJqEAmB1MKAzHhsCT
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756
Merit: 522



View Profile
September 20, 2013, 11:29:19 PM
 #18

guys stop using ie and opera as main browsers -these two can be exploited and can be infected with a malware or btc stealer and you dont loose only your btc ... you can loose your cc details , passwords , bank accounts etc etc  .... use chrome or firefox ..... cant be exploited by exploit packs . also when you visit some sites you are asked to download updates for flash player or something like that .... if the upgrade is nor from adobe , you can download a malware for sure.

i'm waiting for a mod to tell me where i can open a thread and explain how the malware thing works like.

Hey, not a bad post idea. Link us when you find a spot (what's wrong with just putting it in Bitcoin Discussion?).

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
b!z
Legendary
*
Offline Offline

Activity: 1582
Merit: 1010



View Profile
September 22, 2013, 06:46:05 AM
 #19

guys stop using ie and opera as main browsers -these two can be exploited and can be infected with a malware or btc stealer and you dont loose only your btc ... you can loose your cc details , passwords , bank accounts etc etc  .... use chrome or firefox ..... cant be exploited by exploit packs . also when you visit some sites you are asked to download updates for flash player or something like that .... if the upgrade is nor from adobe , you can download a malware for sure.

i'm waiting for a mod to tell me where i can open a thread and explain how the malware thing works like.
Exploit kits do target Firefox. FF hits are much more common than Opera. Where did you get this nonsense from?
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!