Bitcoin Forum
August 16, 2018, 01:45:29 AM *
News: Latest stable version of Bitcoin Core: 0.16.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: ANN: Someone made a PD clone and put a virus on their clone. Please Report  (Read 1002 times)
Stunna
Legendary
*
Offline Offline

Activity: 2002
Merit: 1051


Advisor @ Primedice.com, Stake.com


View Profile WWW
October 12, 2013, 04:49:44 AM
 #1

Re-Posting http://www.reddit.com/r/Bitcoin/comments/1o9tmi/ann_someone_has_cloned_my_bitcoin_website_and_put/   for increased awareness.

Hey Everyone,

I run www.primedice.com , unfortunately right now when you google primedice the first result is a google ad for a clone called [PLEASE DO NOT VISIT THIS SITE]: (Primedicebot.com) which prompts you to download the latest version of java which will thus infect your computer. They even appear slightly convincing as they have copy and pasted the source to our site.
I'd strongly appreciate it if everyone could report that malware/clone website (primedicebot.com) to http://www.google.com/safebrowsing/report_badware/

Thank you

      ▄▄████████▄▄
   ▄████████████████▄
 ▄█████▀▀       ▀▀████                              
▄████▀            ████      ████                  ████
█████           ▄████▀     ████▌                 ▐████
█████           ▀▀▀▀      ▐████                  ████▌    ▄▄
 █████▄                  ▄█████████▀            ▐████   ▄███▀
   ▀█████▄▄        ▄▄███████████▀▀   ▄▄▄▄       ████  ▄███▀     ▄▄▄▄
      ▀███████▄    ▀████▀████▀     ▄████▀███   ▐███████▀▀    ▄███▀ ██▌
         ▀▀██████▄▄     ▐████    ▄████  ▐██▌   ███████     ▄███▀  ▄██▌
    ▄▄▄▄     ▀▀█████    ████    ▄███▀   ███   ▐███▌███    ▐████▄▄███▀
  █████▀▀      ▀████▌  ▐████    ████   ▄███   ████ ▐███   ████
 ████▀          ████▌  ▐████▄▄██████▄▄█████▄▄█████  ▀███  ▀████▄▄▄▄██           ▄████▄  ▄████▄  ██▄██▄██▄
████▌          █████    ▀████▀▀  ▀████▀  ▀██▀ ███▀   ▀███   ▀▀████▀▀           ██▀     ██▀  ▀██ ██  ██  ██
████▄       ▄▄████▀                                   ▀███▄▄      ▄▄██  ▄████▄ ██▄     ██▄  ▄██ ██  ██  ██
 ██████████████▀▀                                       ▀▀█████████▀▀   ▀████▀  ▀████▀  ▀████▀  ██  ██  ██
   ▀██████▀▀▀



▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
The Bitcoin Casino
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█                         █
█       ██                █
█      █▄▄█               █
█     █▀  ▀█              █
█                         █
█       ▄▄                █
█     ▄████▄              █
█   ▄████████▄            █
█   ▀████████▀            █
█     ▀████▀              █
█       ▀▀                █
█                         █
█                         █
█                         █
█                         █
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
Provably fair
Free faucet

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
12 exclusive games
And many more...

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬



                ▄▄
               ▄▀▀
               ▀█
      █▀▄  ▄▄▄▄█▀▀█▄▄ ▄▀█
      █  ▀▀          ▀  █
      █▌        ██▌ █   █▌
      ▐█       ▐█████   ▐█ ▄▄ ▄▄▄
      █▌        ▀▀▀▀     █ █ ▀   █
      █       ▀▄▄▄▄▄▀     ▀    ▄▀
      █         ▀▀           ▄▀
     ▄▀                    ▄▀
   ▄▀                     █
 ▄▀                       █
█   █▄█                   █
 ▀▀▀  █       ▄▄▄▄▄       █
      █       █   █       █
      ▀▄▄▄▄▄▄▄▀   ▀▄▄▄▄▄▄▄▀
1534383929
Hero Member
*
Offline Offline

Posts: 1534383929

View Profile Personal Message (Offline)

Ignore
1534383929
Reply with quote  #2

1534383929
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1534383929
Hero Member
*
Offline Offline

Posts: 1534383929

View Profile Personal Message (Offline)

Ignore
1534383929
Reply with quote  #2

1534383929
Report to moderator
Shallow
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250


View Profile
October 12, 2013, 04:52:17 AM
 #2

Wow. Well at least you know you've made it when people start trying to impersonate you Tongue

yourofl10
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
October 12, 2013, 05:11:02 AM
 #3

Like they say, imitation is the best form of flattery.  Grin

escrow.ms
Legendary
*
Offline Offline

Activity: 1190
Merit: 1002

GPG Key-ID: B82BA7E1 | I don't use skype.


View Profile
October 12, 2013, 07:21:52 AM
 #4

Reported to google and godaddy.
cowandtea
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250


View Profile
October 12, 2013, 07:30:30 AM
 #5

Reported, hopefully google take down the website before someone lost their wallet.

Stunna
Legendary
*
Offline Offline

Activity: 2002
Merit: 1051


Advisor @ Primedice.com, Stake.com


View Profile WWW
October 12, 2013, 07:36:16 AM
 #6

Reported to google and godaddy.

Reported, hopefully google take down the website before someone lost their wallet.

Really appreciate it, thanks

      ▄▄████████▄▄
   ▄████████████████▄
 ▄█████▀▀       ▀▀████                              
▄████▀            ████      ████                  ████
█████           ▄████▀     ████▌                 ▐████
█████           ▀▀▀▀      ▐████                  ████▌    ▄▄
 █████▄                  ▄█████████▀            ▐████   ▄███▀
   ▀█████▄▄        ▄▄███████████▀▀   ▄▄▄▄       ████  ▄███▀     ▄▄▄▄
      ▀███████▄    ▀████▀████▀     ▄████▀███   ▐███████▀▀    ▄███▀ ██▌
         ▀▀██████▄▄     ▐████    ▄████  ▐██▌   ███████     ▄███▀  ▄██▌
    ▄▄▄▄     ▀▀█████    ████    ▄███▀   ███   ▐███▌███    ▐████▄▄███▀
  █████▀▀      ▀████▌  ▐████    ████   ▄███   ████ ▐███   ████
 ████▀          ████▌  ▐████▄▄██████▄▄█████▄▄█████  ▀███  ▀████▄▄▄▄██           ▄████▄  ▄████▄  ██▄██▄██▄
████▌          █████    ▀████▀▀  ▀████▀  ▀██▀ ███▀   ▀███   ▀▀████▀▀           ██▀     ██▀  ▀██ ██  ██  ██
████▄       ▄▄████▀                                   ▀███▄▄      ▄▄██  ▄████▄ ██▄     ██▄  ▄██ ██  ██  ██
 ██████████████▀▀                                       ▀▀█████████▀▀   ▀████▀  ▀████▀  ▀████▀  ██  ██  ██
   ▀██████▀▀▀



▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
The Bitcoin Casino
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█                         █
█       ██                █
█      █▄▄█               █
█     █▀  ▀█              █
█                         █
█       ▄▄                █
█     ▄████▄              █
█   ▄████████▄            █
█   ▀████████▀            █
█     ▀████▀              █
█       ▀▀                █
█                         █
█                         █
█                         █
█                         █
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
Provably fair
Free faucet

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
12 exclusive games
And many more...

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬



                ▄▄
               ▄▀▀
               ▀█
      █▀▄  ▄▄▄▄█▀▀█▄▄ ▄▀█
      █  ▀▀          ▀  █
      █▌        ██▌ █   █▌
      ▐█       ▐█████   ▐█ ▄▄ ▄▄▄
      █▌        ▀▀▀▀     █ █ ▀   █
      █       ▀▄▄▄▄▄▀     ▀    ▄▀
      █         ▀▀           ▄▀
     ▄▀                    ▄▀
   ▄▀                     █
 ▄▀                       █
█   █▄█                   █
 ▀▀▀  █       ▄▄▄▄▄       █
      █       █   █       █
      ▀▄▄▄▄▄▄▄▀   ▀▄▄▄▄▄▄▄▀
escrow.ms
Legendary
*
Offline Offline

Activity: 1190
Merit: 1002

GPG Key-ID: B82BA7E1 | I don't use skype.


View Profile
October 12, 2013, 07:39:35 AM
 #7

I have checked that java file, some stupid guy from HF is probably doing this.



This Java driveby downloads exe file from here


Virus scan of jar : 0/48 (It's FUD)
https://www.virustotal.com/en/file/4be0944c1ba24240798c1de430c9592c0d56e6338c84c18a7c2084aecb227aa8/analysis/1381564324/

Virus scan of exe file: 2/48 (It's crypted)

https://www.virustotal.com/en/file/c2c20a1f614402b93fe79d11bffda53b35c07e37eebd44e1455cd80ad590aa00/analysis/1381564166/

marcotheminer
Legendary
*
Offline Offline

Activity: 1260
Merit: 1004



View Profile
October 12, 2013, 09:43:07 AM
 #8

Reported, hope this clears!

░░░░░░░▄▄▄▄▄▄
░░░░▄██████████▄
░░░██████████████
░░██████▐▌██████
█████░░░░░░░▀█████
██████▄▄░░▄▄░░██████
████████░░▀▀▄██████
████████░░▄▄▄░░█████
██████▀▀░░▀▀▀░░█████
█████░░░░░░░░█████
░░██████▐▌██████
░░░██████████████
░░░░▀██████████▀
░░░░░░░▀▀▀▀▀▀
░░░

                   BitCloak Bitcoin Mixer  
  BTC & BCH | API| MULTIADDRESS| PGP PROOF|  FAST MIX |  ESCROW|  MORE ! 

░░░░░░░▄▄▄▄▄▄
░░░░▄██████████▄
░░░██████████████
░░██████▐▌██████
█████░░░░░░░▀█████
██████▄▄░░▄▄░░██████
████████░░▀▀▄██████
████████░░▄▄▄░░█████
██████▀▀░░▀▀▀░░█████
█████░░░░░░░░█████
░░██████▐▌██████
░░░██████████████
░░░░▀██████████▀
░░░░░░░▀▀▀▀▀▀
░░░

nenelsparadise
Sr. Member
****
Offline Offline

Activity: 324
Merit: 250


View Profile
October 12, 2013, 09:55:41 AM
 #9

Reported !!!!
icey
Legendary
*
Offline Offline

Activity: 1526
Merit: 1000


May the coin be with you..


View Profile WWW
October 12, 2013, 09:59:54 AM
 #10

Reported, hopefully it gets taken down soon
ninjaboon
Legendary
*
Offline Offline

Activity: 1904
Merit: 1000



View Profile WWW
October 13, 2013, 03:37:19 AM
 #11

reported to Google too

Stunna
Legendary
*
Offline Offline

Activity: 2002
Merit: 1051


Advisor @ Primedice.com, Stake.com


View Profile WWW
October 13, 2013, 08:09:50 AM
 #12

Appreciate  the help, unfortunately it appears to still be up and their ads are still running. As long as their ads get cancelled users should be safe, waiting on google still.

      ▄▄████████▄▄
   ▄████████████████▄
 ▄█████▀▀       ▀▀████                              
▄████▀            ████      ████                  ████
█████           ▄████▀     ████▌                 ▐████
█████           ▀▀▀▀      ▐████                  ████▌    ▄▄
 █████▄                  ▄█████████▀            ▐████   ▄███▀
   ▀█████▄▄        ▄▄███████████▀▀   ▄▄▄▄       ████  ▄███▀     ▄▄▄▄
      ▀███████▄    ▀████▀████▀     ▄████▀███   ▐███████▀▀    ▄███▀ ██▌
         ▀▀██████▄▄     ▐████    ▄████  ▐██▌   ███████     ▄███▀  ▄██▌
    ▄▄▄▄     ▀▀█████    ████    ▄███▀   ███   ▐███▌███    ▐████▄▄███▀
  █████▀▀      ▀████▌  ▐████    ████   ▄███   ████ ▐███   ████
 ████▀          ████▌  ▐████▄▄██████▄▄█████▄▄█████  ▀███  ▀████▄▄▄▄██           ▄████▄  ▄████▄  ██▄██▄██▄
████▌          █████    ▀████▀▀  ▀████▀  ▀██▀ ███▀   ▀███   ▀▀████▀▀           ██▀     ██▀  ▀██ ██  ██  ██
████▄       ▄▄████▀                                   ▀███▄▄      ▄▄██  ▄████▄ ██▄     ██▄  ▄██ ██  ██  ██
 ██████████████▀▀                                       ▀▀█████████▀▀   ▀████▀  ▀████▀  ▀████▀  ██  ██  ██
   ▀██████▀▀▀



▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
The Bitcoin Casino
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█                         █
█       ██                █
█      █▄▄█               █
█     █▀  ▀█              █
█                         █
█       ▄▄                █
█     ▄████▄              █
█   ▄████████▄            █
█   ▀████████▀            █
█     ▀████▀              █
█       ▀▀                █
█                         █
█                         █
█                         █
█                         █
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
Provably fair
Free faucet

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
12 exclusive games
And many more...

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬



                ▄▄
               ▄▀▀
               ▀█
      █▀▄  ▄▄▄▄█▀▀█▄▄ ▄▀█
      █  ▀▀          ▀  █
      █▌        ██▌ █   █▌
      ▐█       ▐█████   ▐█ ▄▄ ▄▄▄
      █▌        ▀▀▀▀     █ █ ▀   █
      █       ▀▄▄▄▄▄▀     ▀    ▄▀
      █         ▀▀           ▄▀
     ▄▀                    ▄▀
   ▄▀                     █
 ▄▀                       █
█   █▄█                   █
 ▀▀▀  █       ▄▄▄▄▄       █
      █       █   █       █
      ▀▄▄▄▄▄▄▄▀   ▀▄▄▄▄▄▄▄▀
ITsTanked
Jr. Member
*
Offline Offline

Activity: 54
Merit: 0


View Profile
October 13, 2013, 05:18:41 PM
 #13

I think I find a time based sql injection place for the file host of the virus.  Is too unethical to try to remove virus from host?  Host not seem care what file kind it host.
niallog1
Jr. Member
*
Offline Offline

Activity: 45
Merit: 0


View Profile
October 13, 2013, 06:24:37 PM
 #14

Thanks for the heads up Stunna, reported it, hopefully it gets taken down soon.

 ✰ If You Risk Nothing, You Risk Everything | PrimeDice.com | The New Way To Roll |  (https://primedice.com/?aff=ops7kSOt6XAi) ★Thread★ (https://bitcointalk.org/index.php?topic=208986.0)
 ✰ Win Free Bitcoins Every Hour | FreeBitco.in  |  (http://freebitco.in/?r=790) ★Thread★ (https://bitcointalk.org/index.php?topic=320959.0)
b!z
Legendary
*
Offline Offline

Activity: 1582
Merit: 1006



View Profile
October 14, 2013, 09:04:46 AM
 #15

I think I find a time based sql injection place for the file host of the virus.  Is too unethical to try to remove virus from host?  Host not seem care what file kind it host.

Depends on how legal that is in your jurisdiction.
escrow.ms
Legendary
*
Offline Offline

Activity: 1190
Merit: 1002

GPG Key-ID: B82BA7E1 | I don't use skype.


View Profile
October 14, 2013, 09:15:18 AM
 #16

Appreciate  the help, unfortunately it appears to still be up and their ads are still running. As long as their ads get cancelled users should be safe, waiting on google still.

Looks like godaddy guys are lazy, filed a report again.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!