Another Bitcoin Scam on YouTube?

[bitminers]

http://www.youtube.com/watch?v=8Hws-OruuqE

Just Found this! Another Scam I presume!

[1714982173]

1714982173

[1714982173]

1714982173

[1714982173]

1714982173

[Morebitcoinsplease]

http://www.youtube.com/watch?v=8Hws-OruuqE

Just Found this! Another Scam I presume!

LOL if only it was that easy to make bitcoins

[timmey]

lol. It's a double compressed archive.
extract the BIT.rar file and you will get:
http://img638.imageshack.us/img638/8312/scam2i.jpg

extract the "Bitcoin Wallet Injector.exe" and you will get:
http://img31.imageshack.us/img31/5793/scamuw.jpg
....bot.exe....pretty lame


edit: i should add "do not double click 'Bitcoin Wallet Injector.exe' , that's not how you extract bot.exe from the inner archive"

[kwukduck]

Seems some kind of botnet...

[Morebitcoinsplease]

lol. It's a double compressed archive.
extract the BIT.rar file and you will get:


extract the "Bitcoin Wallet Injector.exe" and you will get:

....bot.exe....pretty lame

Wow that is just awesome.... bot.exe

Hrmm perhaps later I will get some time to reverse engineer it and see what it does =)

[bitminers]

Thats the 2nd or 3rd Ive found on YouTube, they seem to be reasonably consistent in this crap.

[Jaime Frontero]

lol. It's a double compressed archive.
extract the BIT.rar file and you will get:


extract the "Bitcoin Wallet Injector.exe" and you will get:

....bot.exe....pretty lame

Wow that is just awesome.... bot.exe

Hrmm perhaps later I will get some time to reverse engineer it and see what it does =)

i'd be interested - should you happen to take the thing apart - in knowing how sophisticated the wallet-stealer is.

can it find a wallet.dat anywhere on any hard drive or partition?  if the wallet is on an unmounted file system, can it mount that?  if wallet.dat is renamed to something else - i.e., foo.bar - could it find the renaming line in bitcoin.conf and steal foo.bar?

[airdata]

im guessing it just looks for wallet.dat.  most likely not very sophisticated.

[fabianhjr]

Most likely the path is hardcoded, what would be interesting to find out is if it also has some authentication hardcoded and we can mess with that, ex. change the password and rm -rf / the bitch.

Also, my heart is crying over such a stupid interface when you could have had only one fucking button. D:<

[timmey]

maybe not a wallet stealer at all but a "normal" trojan:
http://www.virustotal.com/file-scan/report.html?id=d51bfe70bc04cf0266cd6fa83d53951a5c74e6fcb2ea0e37b7ee40da0278eef2-1311868992

[fabianhjr]

maybe not a wallet stealer at all but a "normal" trojan:
http://www.virustotal.com/file-scan/report.html?id=d51bfe70bc04cf0266cd6fa83d53951a5c74e6fcb2ea0e37b7ee40da0278eef2-1311868992

What about the file as a whole?(The exe with the fake and the virii)

Also, lets flag the bitch up.

Googling around more info on the subject gave me this:
http://www.hackforums.net/member.php?action=profile&uid=54808
A scam report disclosed his email/msn
Popc0rn-xsubter@live.com
Which yield more results
https://twitter.com/#!/popc0rnftw
http://www.sythe.org/showthread.php?t=843802
And found this: http://dazzlepod.com/lulzsec/final/?email=live.com&page=2 - Entry 50322

Due to the similarity between names I tried several combos against Facebook and found this:
https://www.facebook.com/popc0rn -> Vincent Zuo due to the info in the page it makes me believe he is not involved in any of this.
Looks like the email address is not registered with Facebook.


More to come.

[bitminers]

My Point is, this crap needs to be flagged etc, and removed just like all that spam that was going up on YouTube before, but especially these damn Trojans, Wallet Stealers etc!

[triforcelink]

This only seems appropriate: http://www.youtube.com/watch?v=zvfD5rnkTws

[Yuusha]

Flagged as scam/fraud. Everyone else should flag it as well.

[MemoryDealers]

It seems there are several dozen new bitcoin scam videos up today.
http://www.youtube.com/results?search_type=videos&search_query=bitcoin&search_sort=video_date_uploaded&suggested_categories=24%2C10%2C27%2C28

[nmat]

Flagged as scam/fraud. Everyone else should flag it as well.

This

[bitminers]

It seems there are several dozen new bitcoin scam videos up today.
http://www.youtube.com/results?search_type=videos&search_query=bitcoin&search_sort=video_date_uploaded&suggested_categories=24%2C10%2C27%2C28

Thanks Memory Dealers! If enough of us monitor this rubbish and flag them!

[fabianhjr]

Just got one son of a bitch.
http://www.youtube.com/watch?v=x4-nesXzBOw

habbocrazy543, his account got closed and videos removed.

They will still appear in searched though.

[bitminers]

Excellent, Ive been also been flagging when I can

[BitMofo]

Flagged...

All the bitcoin theft going on is just like the gold rush was...