Bitcoin Forum
November 01, 2024, 12:35:27 PM *
News: Bitcoin Pumpkin Carving Contest
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Strange.  (Read 2215 times)
cryptolaxy (OP)
Member
**
Offline Offline

Activity: 103
Merit: 10


View Profile
December 26, 2013, 11:10:58 PM
 #1

I just got an email. Here is the content:
Hey Bro , i got wallet bitcoin , but i don't know how can i used it .. he have 5.63 BTC ..  please try with it and let me know if you done it

Attachment: wallet.dat [23k]



What do you guys think?

Can't believe that someone won't know what to do with 5.63btc
DavidZ
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile WWW
December 26, 2013, 11:16:58 PM
 #2

This is almost certainly malware. Delete it.
cryptolaxy (OP)
Member
**
Offline Offline

Activity: 103
Merit: 10


View Profile
December 26, 2013, 11:19:57 PM
 #3

This is almost certainly malware. Delete it.
Thanks. Just deleted it.
OnkelPaul
Legendary
*
Offline Offline

Activity: 1039
Merit: 1005



View Profile
December 26, 2013, 11:21:23 PM
 #4

If you know how to handle malware files safely (sandboxing, never executing stuff, extracting zip archives with safe tools etc.) you might be able to see what kind of bad dope you got there.
It's most likely an executable whose file extension has been hidden by the infamous Windows "hide known extensions" misfeature.

Onkel Paul

cryptolaxy (OP)
Member
**
Offline Offline

Activity: 103
Merit: 10


View Profile
December 26, 2013, 11:25:47 PM
 #5

If you know how to handle malware files safely (sandboxing, never executing stuff, extracting zip archives with safe tools etc.) you might be able to see what kind of bad dope you got there.
It's most likely an executable whose file extension has been hidden by the infamous Windows "hide known extensions" misfeature.

Onkel Paul
Really don't know how to sandbox it. I just deleted the whole email.
odolvlobo
Legendary
*
Offline Offline

Activity: 4494
Merit: 3400



View Profile
December 26, 2013, 11:42:34 PM
 #6

If it really is named wallet.dat, then I don't think there is anything to fear. My guess is that it will have no bitcoins and the scammer will ask you to send bitcoins to it as a test. Then he will take the bitcoins you sent. If you want to be safe, you can import the wallet.dat into a brand new blockchain.info wallet.

Join an anti-signature campaign: Click ignore on the members of signature campaigns.
PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
cryptolaxy (OP)
Member
**
Offline Offline

Activity: 103
Merit: 10


View Profile
December 26, 2013, 11:46:02 PM
 #7

If it really is named wallet.dat, then I don't think there is anything to fear. My guess is that it will have no bitcoins and the scammer will ask you to send bitcoins to it as a test. Then he will take the bitcoins you sent. If you want to be safe, you can import the wallet.dat into a brand new blockchain.info wallet.

I really don't want to take any chances with Trojans and malwares.
Darkster
Newbie
*
Offline Offline

Activity: 24
Merit: 0


View Profile
December 27, 2013, 12:11:09 AM
 #8

If it really is named wallet.dat, then I don't think there is anything to fear. My guess is that it will have no bitcoins and the scammer will ask you to send bitcoins to it as a test. Then he will take the bitcoins you sent. If you want to be safe, you can import the wallet.dat into a brand new blockchain.info wallet.

I really don't want to take any chances with Trojans and malwares.

I think you're right, wallet.dat itself can't be executed because .dat is not an executable file format like .exe, .com.

I also doubt there is some code in that file that would cause an overflow in a bitcoin wallet client but maybe indeed just to let you import it and don't know how to switch (back) to your own wallet so you're using that wallet and at the same time they have access to that wallet, or can't one wallet be used on multiple systems? (actually never tested that).

Take care,

Darkster
empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
December 27, 2013, 01:09:53 AM
 #9

I just got an email. Here is the content:
Hey Bro , i got wallet bitcoin , but i don't know how can i used it .. he have 5.63 BTC ..  please try with it and let me know if you done it

Attachment: wallet.dat [23k]



What do you guys think?

Can't believe that someone won't know what to do with 5.63btc

Just delete and move on. Why do people waste time on these things? Its not like someone is really trying to give you any coins. If its not malware its a scam of another kind. Maybe the malware comes later once he's got your confidence.

DELETE!!
knightcoin
Full Member
***
Offline Offline

Activity: 238
Merit: 100


Stand on the shoulders of giants


View Profile
December 27, 2013, 07:57:52 AM
 #10

sandbox it ... open it in a virtual machine ( bastion host concept  Roll Eyes - old schoolz guys lang http://www.sans.org/security-resources/idfaq/bastion.php ), you can also save the machine state and back track.... that's what security researches do.

http://www.introversion.co.uk/
mit/x11 licence 18.x/16|o|3ffe ::71
empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
December 28, 2013, 02:34:31 AM
 #11

sandbox it ... open it in a virtual machine ( bastion host concept  Roll Eyes - old schoolz guys lang http://www.sans.org/security-resources/idfaq/bastion.php ), you can also save the machine state and back track.... that's what security researches do.

Why would you waste time on something that is clearly a scam? Just curious Wink
knightcoin
Full Member
***
Offline Offline

Activity: 238
Merit: 100


Stand on the shoulders of giants


View Profile
December 28, 2013, 09:29:40 AM
 #12

sandbox it ... open it in a virtual machine ( bastion host concept  Roll Eyes - old schoolz guys lang http://www.sans.org/security-resources/idfaq/bastion.php ), you can also save the machine state and back track.... that's what security researches do.

Why would you waste time on something that is clearly a scam? Just curious Wink

Because that's what security researches do, they need to understand the attacker mindset Wink ... I'm not involved
in that kind of security research anymore. I remember years ago when I got bit engaged with metasploit project ( at ruby gem rex phase, Good times so much funny as well.... when Yukihiro Matsumoto was trying to translate lambdas, "move forward or die" LOL I know hard to understand long history but was very funny at the time Cheesy )

Well, HDM (I also send donation to his hacker foundation ) remember he was spend loads of time just sanitizing crap code ... He was looking for patterns, attacker's thoughts, etc ... and yes sometimes we need to record his talk burn a LP Vinyl Record and playback in 33rpm (Recordsand)   

7th sphere, mean rapid7
http://youtu.be/x3-zKXiTpLE

nice haircut HD  Grin

http://www.introversion.co.uk/
mit/x11 licence 18.x/16|o|3ffe ::71
empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
December 28, 2013, 10:25:49 AM
 #13

sandbox it ... open it in a virtual machine ( bastion host concept  Roll Eyes - old schoolz guys lang http://www.sans.org/security-resources/idfaq/bastion.php ), you can also save the machine state and back track.... that's what security researches do.

Why would you waste time on something that is clearly a scam? Just curious Wink

Because that's what security researches do, they need to understand the attacker mindset Wink ... I'm not involved
in that kind of security research anymore. I remember years ago when I got bit engaged with metasploit project ( at ruby gem rex phase, Good times so much funny as well.... when Yukihiro Matsumoto was trying to translate lambdas, "move forward or die" LOL I know hard to understand long history but was very funny at the time Cheesy )

Well, HDM (I also send donation to his hacker foundation ) remember he was spend loads of time just sanitizing crap code ... He was looking for patterns, attacker's thoughts, etc ... and yes sometimes we need to record his talk burn a LP Vinyl Record and playback in 33rpm (Recordsand)   

7th sphere, mean rapid7
http://youtu.be/x3-zKXiTpLE

nice haircut HD  Grin

Cool. But he's just a dude, not a security analyst. He's going to learn nothing, just waste time, and possibly infect his system.
knightcoin
Full Member
***
Offline Offline

Activity: 238
Merit: 100


Stand on the shoulders of giants


View Profile
December 28, 2013, 08:53:38 PM
 #14

sandbox it ... open it in a virtual machine ( bastion host concept  Roll Eyes - old schoolz guys lang http://www.sans.org/security-resources/idfaq/bastion.php ), you can also save the machine state and back track.... that's what security researches do.

Why would you waste time on something that is clearly a scam? Just curious Wink

Because that's what security researches do, they need to understand the attacker mindset Wink ... I'm not involved
in that kind of security research anymore. I remember years ago when I got bit engaged with metasploit project ( at ruby gem rex phase, Good times so much funny as well.... when Yukihiro Matsumoto was trying to translate lambdas, "move forward or die" LOL I know hard to understand long history but was very funny at the time Cheesy )

Well, HDM (I also send donation to his hacker foundation ) remember he was spend loads of time just sanitizing crap code ... He was looking for patterns, attacker's thoughts, etc ... and yes sometimes we need to record his talk burn a LP Vinyl Record and playback in 33rpm (Recordsand)   

7th sphere, mean rapid7
http://youtu.be/x3-zKXiTpLE

nice haircut HD  Grin

Cool. But he's just a dude, not a security analyst. He's going to learn nothing, just waste time, and possibly infect his system.

oh yes, ok. I agree with you. Wink

http://www.introversion.co.uk/
mit/x11 licence 18.x/16|o|3ffe ::71
Spendulus
Legendary
*
Offline Offline

Activity: 2912
Merit: 1386



View Profile
December 29, 2013, 06:47:29 AM
 #15

sandbox it ... open it in a virtual machine ( bastion host concept  Roll Eyes - old schoolz guys lang http://www.sans.org/security-resources/idfaq/bastion.php ), you can also save the machine state and back track.... that's what security researches do.

Why would you waste time on something that is clearly a scam? Just curious Wink

Because that's what security researches do, they need to understand the attacker mindset Wink ... I'm not involved
in that kind of security research anymore. I remember years ago when I got bit engaged with metasploit project ( at ruby gem rex phase, Good times so much funny as well.... when Yukihiro Matsumoto was trying to translate lambdas, "move forward or die" LOL I know hard to understand long history but was very funny at the time Cheesy )

Well, HDM (I also send donation to his hacker foundation ) remember he was spend loads of time just sanitizing crap code ... He was looking for patterns, attacker's thoughts, etc ... and yes sometimes we need to record his talk burn a LP Vinyl Record and playback in 33rpm (Recordsand)   

7th sphere, mean rapid7
http://youtu.be/x3-zKXiTpLE

nice haircut HD  Grin

Cool. But he's just a dude, not a security analyst. He's going to learn nothing, just waste time, and possibly infect his system.

oh yes, ok. I agree with you. Wink
Not sure about that.  First, no 'possibly infect his system' if using a virtual machine, or if infecting the virtual, scratch it and boot another, then infecting is proven.  Nature of the scam could be valuable knowledge, advance warning to people of some new cryptolocker.
OnkelPaul
Legendary
*
Offline Offline

Activity: 1039
Merit: 1005



View Profile
December 29, 2013, 12:44:26 PM
 #16

In any case, for someone who does not have prior experience or lots of interest in handling and analyzing malware the proper thing to do is simply deleting the file.
The possibly small gains in knowledge are not worth the effort of setting up a virtual machine environment and all that stuff.

Onkel Paul

empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
December 30, 2013, 02:22:03 AM
 #17

In any case, for someone who does not have prior experience or lots of interest in handling and analyzing malware the proper thing to do is simply deleting the file.
The possibly small gains in knowledge are not worth the effort of setting up a virtual machine environment and all that stuff.

Onkel Paul

Agreed. Don't play with fire. What's he going to learn exactly?
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!