cryptolaxy (OP)
Member
Offline
Activity: 103
Merit: 10
|
|
December 26, 2013, 11:10:58 PM |
|
I just got an email. Here is the content: Hey Bro , i got wallet bitcoin , but i don't know how can i used it .. he have 5.63 BTC .. please try with it and let me know if you done it
Attachment: wallet.dat [23k]
What do you guys think?
Can't believe that someone won't know what to do with 5.63btc
|
|
|
|
DavidZ
Newbie
Offline
Activity: 56
Merit: 0
|
|
December 26, 2013, 11:16:58 PM |
|
This is almost certainly malware. Delete it.
|
|
|
|
cryptolaxy (OP)
Member
Offline
Activity: 103
Merit: 10
|
|
December 26, 2013, 11:19:57 PM |
|
This is almost certainly malware. Delete it.
Thanks. Just deleted it.
|
|
|
|
OnkelPaul
Legendary
Offline
Activity: 1039
Merit: 1005
|
|
December 26, 2013, 11:21:23 PM |
|
If you know how to handle malware files safely (sandboxing, never executing stuff, extracting zip archives with safe tools etc.) you might be able to see what kind of bad dope you got there. It's most likely an executable whose file extension has been hidden by the infamous Windows "hide known extensions" misfeature.
Onkel Paul
|
|
|
|
cryptolaxy (OP)
Member
Offline
Activity: 103
Merit: 10
|
|
December 26, 2013, 11:25:47 PM |
|
If you know how to handle malware files safely (sandboxing, never executing stuff, extracting zip archives with safe tools etc.) you might be able to see what kind of bad dope you got there. It's most likely an executable whose file extension has been hidden by the infamous Windows "hide known extensions" misfeature.
Onkel Paul
Really don't know how to sandbox it. I just deleted the whole email.
|
|
|
|
odolvlobo
Legendary
Offline
Activity: 4494
Merit: 3400
|
|
December 26, 2013, 11:42:34 PM |
|
If it really is named wallet.dat, then I don't think there is anything to fear. My guess is that it will have no bitcoins and the scammer will ask you to send bitcoins to it as a test. Then he will take the bitcoins you sent. If you want to be safe, you can import the wallet.dat into a brand new blockchain.info wallet.
|
Join an anti-signature campaign: Click ignore on the members of signature campaigns. PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
|
|
|
cryptolaxy (OP)
Member
Offline
Activity: 103
Merit: 10
|
|
December 26, 2013, 11:46:02 PM |
|
If it really is named wallet.dat, then I don't think there is anything to fear. My guess is that it will have no bitcoins and the scammer will ask you to send bitcoins to it as a test. Then he will take the bitcoins you sent. If you want to be safe, you can import the wallet.dat into a brand new blockchain.info wallet.
I really don't want to take any chances with Trojans and malwares.
|
|
|
|
Darkster
Newbie
Offline
Activity: 24
Merit: 0
|
|
December 27, 2013, 12:11:09 AM |
|
If it really is named wallet.dat, then I don't think there is anything to fear. My guess is that it will have no bitcoins and the scammer will ask you to send bitcoins to it as a test. Then he will take the bitcoins you sent. If you want to be safe, you can import the wallet.dat into a brand new blockchain.info wallet.
I really don't want to take any chances with Trojans and malwares. I think you're right, wallet.dat itself can't be executed because .dat is not an executable file format like .exe, .com. I also doubt there is some code in that file that would cause an overflow in a bitcoin wallet client but maybe indeed just to let you import it and don't know how to switch (back) to your own wallet so you're using that wallet and at the same time they have access to that wallet, or can't one wallet be used on multiple systems? (actually never tested that). Take care, Darkster
|
|
|
|
empoweoqwj
|
|
December 27, 2013, 01:09:53 AM |
|
I just got an email. Here is the content: Hey Bro , i got wallet bitcoin , but i don't know how can i used it .. he have 5.63 BTC .. please try with it and let me know if you done it
Attachment: wallet.dat [23k]
What do you guys think?
Can't believe that someone won't know what to do with 5.63btc
Just delete and move on. Why do people waste time on these things? Its not like someone is really trying to give you any coins. If its not malware its a scam of another kind. Maybe the malware comes later once he's got your confidence. DELETE!!
|
|
|
|
knightcoin
Full Member
Offline
Activity: 238
Merit: 100
Stand on the shoulders of giants
|
|
December 27, 2013, 07:57:52 AM |
|
sandbox it ... open it in a virtual machine ( bastion host concept - old schoolz guys lang http://www.sans.org/security-resources/idfaq/bastion.php ), you can also save the machine state and back track.... that's what security researches do.
|
|
|
|
empoweoqwj
|
|
December 28, 2013, 02:34:31 AM |
|
Why would you waste time on something that is clearly a scam? Just curious
|
|
|
|
knightcoin
Full Member
Offline
Activity: 238
Merit: 100
Stand on the shoulders of giants
|
|
December 28, 2013, 09:29:40 AM |
|
Why would you waste time on something that is clearly a scam? Just curious Because that's what security researches do, they need to understand the attacker mindset ... I'm not involved in that kind of security research anymore. I remember years ago when I got bit engaged with metasploit project ( at ruby gem rex phase, Good times so much funny as well.... when Yukihiro Matsumoto was trying to translate lambdas, "move forward or die" LOL I know hard to understand long history but was very funny at the time ) Well, HDM (I also send donation to his hacker foundation ) remember he was spend loads of time just sanitizing crap code ... He was looking for patterns, attacker's thoughts, etc ... and yes sometimes we need to record his talk burn a LP Vinyl Record and playback in 33rpm (Recordsand) 7th sphere, mean rapid7 http://youtu.be/x3-zKXiTpLEnice haircut HD
|
|
|
|
empoweoqwj
|
|
December 28, 2013, 10:25:49 AM |
|
Why would you waste time on something that is clearly a scam? Just curious Because that's what security researches do, they need to understand the attacker mindset ... I'm not involved in that kind of security research anymore. I remember years ago when I got bit engaged with metasploit project ( at ruby gem rex phase, Good times so much funny as well.... when Yukihiro Matsumoto was trying to translate lambdas, "move forward or die" LOL I know hard to understand long history but was very funny at the time ) Well, HDM (I also send donation to his hacker foundation ) remember he was spend loads of time just sanitizing crap code ... He was looking for patterns, attacker's thoughts, etc ... and yes sometimes we need to record his talk burn a LP Vinyl Record and playback in 33rpm (Recordsand) 7th sphere, mean rapid7 http://youtu.be/x3-zKXiTpLEnice haircut HD Cool. But he's just a dude, not a security analyst. He's going to learn nothing, just waste time, and possibly infect his system.
|
|
|
|
knightcoin
Full Member
Offline
Activity: 238
Merit: 100
Stand on the shoulders of giants
|
|
December 28, 2013, 08:53:38 PM |
|
Why would you waste time on something that is clearly a scam? Just curious Because that's what security researches do, they need to understand the attacker mindset ... I'm not involved in that kind of security research anymore. I remember years ago when I got bit engaged with metasploit project ( at ruby gem rex phase, Good times so much funny as well.... when Yukihiro Matsumoto was trying to translate lambdas, "move forward or die" LOL I know hard to understand long history but was very funny at the time ) Well, HDM (I also send donation to his hacker foundation ) remember he was spend loads of time just sanitizing crap code ... He was looking for patterns, attacker's thoughts, etc ... and yes sometimes we need to record his talk burn a LP Vinyl Record and playback in 33rpm (Recordsand) 7th sphere, mean rapid7 http://youtu.be/x3-zKXiTpLEnice haircut HD Cool. But he's just a dude, not a security analyst. He's going to learn nothing, just waste time, and possibly infect his system. oh yes, ok. I agree with you.
|
|
|
|
Spendulus
Legendary
Offline
Activity: 2912
Merit: 1386
|
|
December 29, 2013, 06:47:29 AM |
|
Why would you waste time on something that is clearly a scam? Just curious Because that's what security researches do, they need to understand the attacker mindset ... I'm not involved in that kind of security research anymore. I remember years ago when I got bit engaged with metasploit project ( at ruby gem rex phase, Good times so much funny as well.... when Yukihiro Matsumoto was trying to translate lambdas, "move forward or die" LOL I know hard to understand long history but was very funny at the time ) Well, HDM (I also send donation to his hacker foundation ) remember he was spend loads of time just sanitizing crap code ... He was looking for patterns, attacker's thoughts, etc ... and yes sometimes we need to record his talk burn a LP Vinyl Record and playback in 33rpm (Recordsand) 7th sphere, mean rapid7 http://youtu.be/x3-zKXiTpLEnice haircut HD Cool. But he's just a dude, not a security analyst. He's going to learn nothing, just waste time, and possibly infect his system. oh yes, ok. I agree with you. Not sure about that. First, no 'possibly infect his system' if using a virtual machine, or if infecting the virtual, scratch it and boot another, then infecting is proven. Nature of the scam could be valuable knowledge, advance warning to people of some new cryptolocker.
|
|
|
|
OnkelPaul
Legendary
Offline
Activity: 1039
Merit: 1005
|
|
December 29, 2013, 12:44:26 PM |
|
In any case, for someone who does not have prior experience or lots of interest in handling and analyzing malware the proper thing to do is simply deleting the file. The possibly small gains in knowledge are not worth the effort of setting up a virtual machine environment and all that stuff.
Onkel Paul
|
|
|
|
empoweoqwj
|
|
December 30, 2013, 02:22:03 AM |
|
In any case, for someone who does not have prior experience or lots of interest in handling and analyzing malware the proper thing to do is simply deleting the file. The possibly small gains in knowledge are not worth the effort of setting up a virtual machine environment and all that stuff.
Onkel Paul
Agreed. Don't play with fire. What's he going to learn exactly?
|
|
|
|
|