bitrebel (OP)
|
|
August 05, 2011, 07:25:11 PM |
|
http://www.youtube.com/watch?v=lxaigv0YmgkDo not click on the link unless you have good virus protection and know your stuff. Anyone wanna check it for us? Post the results. Relay the info. Is this a new virus or an improvement on an old one? I won't click many of those links because I got a virus by clicking on a youtube video once. Now i'm a bit paranoid, even though I run antivirus.
|
Why does Bitrebel have 65+ Ignores? Because Bitrebel says things that some people do not want YOU to hear.
|
|
|
|
|
|
Once a transaction has 6 confirmations, it is extremely unlikely that an attacker without at least 50% of the network's computation power would be able to reverse it.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
newminerr
Member
Offline
Activity: 147
Merit: 11
The day to rise has come.
|
|
August 05, 2011, 07:26:05 PM |
|
imma give it a go
|
|
|
|
bitplane
|
|
August 05, 2011, 07:28:25 PM |
|
That's stupid. Even if it can inject a payment into your wallet, that doesn't mean you can spend the funds on the network; you just have a corrupted wallet!
Most likely a scam that empties your wallet too.
|
|
|
|
bitrebel (OP)
|
|
August 05, 2011, 07:36:33 PM |
|
That's stupid. Even if it can inject a payment into your wallet, that doesn't mean you can spend the funds on the network; you just have a corrupted wallet!
Most likely a scam that empties your wallet too.
It is a scam. It's used to steal people's wallet files. I'm wondering if it works, how well it works, and if the virus can be downloaded to you by watching the video. If it's already advertising the stealing of wallets, who's to say if he disguises the method and uses it against you?
|
Why does Bitrebel have 65+ Ignores? Because Bitrebel says things that some people do not want YOU to hear.
|
|
|
newminerr
Member
Offline
Activity: 147
Merit: 11
The day to rise has come.
|
|
August 05, 2011, 07:54:58 PM |
|
Here is a quick anatomy of the file First of all you won't get infected if you watched the video you will get infected if you downloaded the file in the video description [megaupload link]. It is a visualbasic file It steals your \Bitcoin\wallet.dat. It collects your conputer information. It connects to smtp.gmail.com and sends an email to xplxOdy@hotmail.com with the info. E.G: Wallet taken from: System Information
Operating System Platform Version User Language Network Display Resolution Workspace Client-IP
It's pooly coded, most likely a ripped source or something, not custom made, i doubt it will succeed in stealing your info
|
|
|
|
Are-you-a-wizard?
Member
Offline
Activity: 98
Merit: 10
|
|
August 05, 2011, 07:55:55 PM |
|
You know, I think I'm going to pass on clicking that link.
|
|
|
|
bitrebel (OP)
|
|
August 05, 2011, 07:59:54 PM |
|
Thanks, Newminerr, You are an asset to the community. So, when you think you'll be able to download a file to help you steal other people's wallet, it actually steals your wallet? That's pretty cool, actually. Now maybe we can upload a fix and steal everything he steals, and mail it all to Bruce.
|
Why does Bitrebel have 65+ Ignores? Because Bitrebel says things that some people do not want YOU to hear.
|
|
|
bitplane
|
|
August 05, 2011, 08:18:30 PM |
|
Here is a quick anatomy of the file First of all you won't get infected if you watched the video you will get infected if you downloaded the file in the video description [megaupload link]. It is a visualbasic file It steals your \Bitcoin\wallet.dat. It collects your conputer information. It connects to smtp.gmail.com and sends an email to xplxOdy@hotmail.com with the info. E.G: Wallet taken from: System Information
Operating System Platform Version User Language Network Display Resolution Workspace Client-IP
It's pooly coded, most likely a ripped source or something, not custom made, i doubt it will succeed in stealing your info Nice work! Get the smtp password, log into gmail and set up a forward + delete rule, send the stolen coins to the faucet
|
|
|
|
Yuusha
|
|
August 05, 2011, 08:22:39 PM |
|
Flagged the video and reported the Megaupload download.
|
|
|
|
Vod
Legendary
Offline
Activity: 3696
Merit: 3073
Licking my boob since 1970
|
|
August 05, 2011, 08:29:23 PM |
|
Flagged the video and reported the Megaupload download.
I also flagged the video and commented. Wouldn't let me copy the thread link.
|
https://nastyscam.com - landing page up https://vod.fan - advanced image hosting - coming soon! OGNasty has early onset dementia; keep this in mind when discussing his past actions.
|
|
|
newminerr
Member
Offline
Activity: 147
Merit: 11
The day to rise has come.
|
|
August 05, 2011, 09:30:03 PM Last edit: August 05, 2011, 09:50:05 PM by newminerr |
|
He is not very smart, showing his wallet address. Here is where he sent his coinies 0.01, 0.01, 0.01, 1.0 as shown in the video. http://blockexplorer.com/address/1CCaPTSfkRYhn3ukWDLv4ur4AKLmdjePmeAnd here is the scan http://www.virustotal.com/file-scan/report.html?id=7ca463885caaf3db2dc15a62edcdffa1cc4e820625fcbb4cabc4a95659afb148-1312572029Too bad it's not fully detected yet, but VT will distribute it to antivius vendors to analyze/scan it again Edit 1:BTW can someone explain this transaction to me? http://blockexplorer.com/tx/1d9c7ca2668f3173b0145969e58be2c281503add5830ffa3a82568253bd3d5ad#o1http://blockexplorer.com/address/1618dCnRi6U2unkTn4fWGXhXLzQYi9dqGyI am still not familiar with blockexplorer but 1000BTC looks interesting.. Edit 2:I found out that's not the original video, he just downloaded and uploaded the video and put his own link/stealer. The original one [with higher quality is most likely the original] http://www.youtube.com/watch?v=8Hws-OruuqEIt contains also a malicious file i will reverse that one tomorrow, but it creates "Bitcoins Wallet Injecting.exe" [261120 Bytes] and "bot.exe" [33792 Bytes] in the temp folder, so it's obvious it's malicious :] I second what bitrebel said, Don't download any of those files unless you know what you are doing.
|
|
|
|
mdbitcoin
Newbie
Offline
Activity: 29
Merit: 0
|
|
August 31, 2011, 04:45:20 AM |
|
The video is back. I'm reporting it violation of terms of service and all its incarnations. You should too.
|
|
|
|
BitcoinPorn
|
|
August 31, 2011, 10:13:20 AM |
|
Virus through watching a YouTube video? Now this I gotta see
|
|
|
|
|