Bitcoin Forum
December 08, 2016, 02:09:24 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Another Bitcoin Scam on YouTube?  (Read 2767 times)
bitminers
Member
**
Offline Offline

Activity: 84


View Profile
July 28, 2011, 01:34:05 PM
 #1

http://www.youtube.com/watch?v=8Hws-OruuqE

Just Found this! Another Scam I presume!
1481162964
Hero Member
*
Offline Offline

Posts: 1481162964

View Profile Personal Message (Offline)

Ignore
1481162964
Reply with quote  #2

1481162964
Report to moderator
1481162964
Hero Member
*
Offline Offline

Posts: 1481162964

View Profile Personal Message (Offline)

Ignore
1481162964
Reply with quote  #2

1481162964
Report to moderator
1481162964
Hero Member
*
Offline Offline

Posts: 1481162964

View Profile Personal Message (Offline)

Ignore
1481162964
Reply with quote  #2

1481162964
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481162964
Hero Member
*
Offline Offline

Posts: 1481162964

View Profile Personal Message (Offline)

Ignore
1481162964
Reply with quote  #2

1481162964
Report to moderator
Morebitcoinsplease
Member
**
Offline Offline

Activity: 84



View Profile
July 28, 2011, 01:53:19 PM
 #2

http://www.youtube.com/watch?v=8Hws-OruuqE

Just Found this! Another Scam I presume!

LOL if only it was that easy to make bitcoins
timmey
Newbie
*
Offline Offline

Activity: 28


torchat: q23xl6bdgdzhawhf


View Profile
July 28, 2011, 01:55:25 PM
 #3

lol. It's a double compressed archive.
extract the BIT.rar file and you will get:
http://img638.imageshack.us/img638/8312/scam2i.jpg

extract the "Bitcoin Wallet Injector.exe" and you will get:
http://img31.imageshack.us/img31/5793/scamuw.jpg
....bot.exe....pretty lame


edit: i should add "do not double click 'Bitcoin Wallet Injector.exe' , that's not how you extract bot.exe from the inner archive"

I will sign you up anonymously at realitykings.com (http://rk.com)[NSFW] for Bitcoins with 20% discount!
http://timmey.orgfree.com/s.php
read all details in this thread (https://bitcointalk.org/index.php?topic=3242Cool
kwukduck
Legendary
*
Online Online

Activity: 1564


View Profile
July 28, 2011, 02:03:52 PM
 #4

Seems some kind of botnet...

14b8PdeWLqK3yi3PrNHMmCvSmvDEKEBh3E
Morebitcoinsplease
Member
**
Offline Offline

Activity: 84



View Profile
July 28, 2011, 02:16:07 PM
 #5

lol. It's a double compressed archive.
extract the BIT.rar file and you will get:


extract the "Bitcoin Wallet Injector.exe" and you will get:

....bot.exe....pretty lame

Wow that is just awesome.... bot.exe

Hrmm perhaps later I will get some time to reverse engineer it and see what it does =)
bitminers
Member
**
Offline Offline

Activity: 84


View Profile
July 28, 2011, 02:36:09 PM
 #6

Thats the 2nd or 3rd Ive found on YouTube, they seem to be reasonably consistent in this crap.
Jaime Frontero
Full Member
***
Offline Offline

Activity: 126


View Profile
July 28, 2011, 02:51:22 PM
 #7

lol. It's a double compressed archive.
extract the BIT.rar file and you will get:


extract the "Bitcoin Wallet Injector.exe" and you will get:

....bot.exe....pretty lame

Wow that is just awesome.... bot.exe

Hrmm perhaps later I will get some time to reverse engineer it and see what it does =)

i'd be interested - should you happen to take the thing apart - in knowing how sophisticated the wallet-stealer is.

can it find a wallet.dat anywhere on any hard drive or partition?  if the wallet is on an unmounted file system, can it mount that?  if wallet.dat is renamed to something else - i.e., foo.bar - could it find the renaming line in bitcoin.conf and steal foo.bar?
airdata
Sr. Member
****
Offline Offline

Activity: 406


View Profile
July 28, 2011, 02:58:23 PM
 #8

im guessing it just looks for wallet.dat.  most likely not very sophisticated.
fabianhjr
Sr. Member
****
Offline Offline

Activity: 322


Do The Evolution


View Profile
July 28, 2011, 03:53:16 PM
 #9

Most likely the path is hardcoded, what would be interesting to find out is if it also has some authentication hardcoded and we can mess with that, ex. change the password and rm -rf / the bitch.

Also, my heart is crying over such a stupid interface when you could have had only one fucking button. D:<

timmey
Newbie
*
Offline Offline

Activity: 28


torchat: q23xl6bdgdzhawhf


View Profile
July 28, 2011, 04:12:50 PM
 #10

maybe not a wallet stealer at all but a "normal" trojan:
http://www.virustotal.com/file-scan/report.html?id=d51bfe70bc04cf0266cd6fa83d53951a5c74e6fcb2ea0e37b7ee40da0278eef2-1311868992

I will sign you up anonymously at realitykings.com (http://rk.com)[NSFW] for Bitcoins with 20% discount!
http://timmey.orgfree.com/s.php
read all details in this thread (https://bitcointalk.org/index.php?topic=3242Cool
fabianhjr
Sr. Member
****
Offline Offline

Activity: 322


Do The Evolution


View Profile
July 28, 2011, 04:31:46 PM
 #11

What about the file as a whole?(The exe with the fake and the virii)

Also, lets flag the bitch up.

Googling around more info on the subject gave me this:
http://www.hackforums.net/member.php?action=profile&uid=54808
A scam report disclosed his email/msn
Popc0rn-xsubter@live.com
Which yield more results
https://twitter.com/#!/popc0rnftw
http://www.sythe.org/showthread.php?t=843802
And found this: http://dazzlepod.com/lulzsec/final/?email=live.com&page=2 - Entry 50322

Due to the similarity between names I tried several combos against Facebook and found this:
https://www.facebook.com/popc0rn -> Vincent Zuo due to the info in the page it makes me believe he is not involved in any of this.
Looks like the email address is not registered with Facebook.


More to come.

bitminers
Member
**
Offline Offline

Activity: 84


View Profile
July 29, 2011, 08:17:11 AM
 #12

My Point is, this crap needs to be flagged etc, and removed just like all that spam that was going up on YouTube before, but especially these damn Trojans, Wallet Stealers etc!
triforcelink
Member
**
Offline Offline

Activity: 112



View Profile
July 29, 2011, 02:25:25 PM
 #13

This only seems appropriate: http://www.youtube.com/watch?v=zvfD5rnkTws

Yuusha
Full Member
***
Offline Offline

Activity: 196



View Profile
July 29, 2011, 02:30:32 PM
 #14

Flagged as scam/fraud. Everyone else should flag it as well.
MemoryDealers
VIP
Legendary
*
Offline Offline

Activity: 1006



View Profile WWW
July 31, 2011, 12:52:03 AM
 #15

It seems there are several dozen new bitcoin scam videos up today.
http://www.youtube.com/results?search_type=videos&search_query=bitcoin&search_sort=video_date_uploaded&suggested_categories=24%2C10%2C27%2C28

nmat
Hero Member
*****
Offline Offline

Activity: 602


View Profile
July 31, 2011, 12:57:28 AM
 #16

Flagged as scam/fraud. Everyone else should flag it as well.

This
bitminers
Member
**
Offline Offline

Activity: 84


View Profile
July 31, 2011, 01:13:33 AM
 #17


Thanks Memory Dealers! If enough of us monitor this rubbish and flag them!
fabianhjr
Sr. Member
****
Offline Offline

Activity: 322


Do The Evolution


View Profile
July 31, 2011, 02:01:42 AM
 #18

Just got one son of a bitch.
http://www.youtube.com/watch?v=x4-nesXzBOw

habbocrazy543, his account got closed and videos removed.

They will still appear in searched though.

bitminers
Member
**
Offline Offline

Activity: 84


View Profile
July 31, 2011, 10:27:29 AM
 #19

Excellent, Ive been also been flagging when I can
BitMofo
Member
**
Offline Offline

Activity: 112


View Profile
July 31, 2011, 11:03:30 AM
 #20

Flagged...

All the bitcoin theft going on is just like the gold rush was...

1HNffyHktcD2iB6WJhPxKbALJdg4dwerTG
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!