[Warning] Phishing, Scam, trojan

[tob101]

A couples of hours ago, at BTC-e trollbox, someone posted this link

http : //bitcointalk.us/index.phptopic=251052.0.htm

please be warned that this is not a real bitcointalk address. note the lack of HTTPS.

I scanned the file to be downloaded and Virustotal.com reports lots of threats, so don't run that file!

What I find really interesting is the amount of work put into this scam! I'm really impressed!

those who tried to log in to reply, please change your bitcointalk password, 'cause your password have been stolen!

I'm posting in this forum 'cause this is the only forum I frequent, please feel free to repost in other forum/subforum.

[Tomatocage]

Please edit the link out so people don't click it.

[tob101]

Please edit the link out so people don't click it.

just edited the link.

[zeta1]

But virus total says its a clean site?! Don't type your password however

[eule]

http://   bitcointalk   .us/



lolwut

edit: Yes, passes.txt is what you think. WTF
edit: the amount of boot.ini and win.ini in that file is interesting, i bet the site has some drive by shit aswell.

[Mitchell]

Thanks for the passwords Or whatever it is.
http://      bitcointalk     .us/passes.txt

[tob101]

I think the .us would be the first sign.

~BCX~

Well, I almost fall for it 
The download was a .zip file, had it be an .exe I would of know it was a scam right away. 
But the "story" was really well done, it was actually an interesting reading 

http://   bitcointalk   .us/

lolwut

edit: Yes, passes.txt is what you think. WTF
edit: the amount of boot.ini and win.ini in that file is interesting, i bet the site has some drive by shit aswell.

I found "http://   bitcointalk   .us/" too, but didn't want to make it public because of the passes.txt
I'm new to bitcointalk so I didn't know who theymos was until I searched his profile. Let's hope those password aren't real   
now that it's public, let's hope those people who tried to log in are aware of the phishing and have changed their password.

[eule]

Yeah I thought about posting it too, but I think disclosure was the way to go, especially since I was sure I wasn't the only one who'd find it. From what i saw the file doesn't contain much legit account info, it even looks like someone let run a script to spam the file (look at all the g00dpa$$w0rd), ofcourse I could be wrong.
Anyways, this looks like the work of an amateur, could be a reverse honeypot though (making us feel safe, then using a 0day on us).
Totally hope affected users noticed the site is fake and changed their passwords.

[zeta1]

I don't get it it is a scam right?