Bitcoin Forum
November 04, 2024, 04:57:24 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Heads up for a Trojan attack..  (Read 1320 times)
Hands (OP)
Member
**
Offline Offline

Activity: 67
Merit: 10


View Profile
January 07, 2014, 01:27:16 AM
 #1

Guys,
   I just got this in my inbox.

Hello David…
 
I just did what you advised me to do but the problem remains the same : importing the private key is not working…. drives me nuts!
Last time I checked blockchain.info ( https://blockchain.info/address/17yFutSCSuUkAWeqMCKRRcr8Go6t98YcoX ) there was still 30.28020001 BTC ! But no way my bitcoinqt client loads the key so I am stuck with those BTCs.
 
 
Thanks for offering your help with this. Here is my wallet.dat with the password http://goo.gl/sFgbEJ. If you need anything else let me know.
If you can load the key please send the BTCs to 1DxFvJ6up9jXAZ9pkUmWVdiMTWvsjgB5Ea
 
This would help me so much. Thanks David!
 
 
Erwann
 


At first I thought it was someone who was replying to an open bug I posted on Blockchain.info's github project.. But after a bit of digging I realized it was a direct attack..  I pulled down the zip file and noticed that password.txt was actually a win32 app (not a text file).. So I moved the "playground" into a virtual machine that I snapshotted before I started poking around.

Running the password.txt (or password.txt shortcut) pops open notepad with a "password" but it also leaves an app running in the background.. I didn't have time to diagnose the app in the background but my guess was some kind of Trojan to steal wallets or keylog or both...   Anyways the wallet file that is in the zip file "looks" legit at first exact it has no private keys in it.. just Wallet addresses that look like they have a lot of btc in them..

All and all AVOID this scam... If you are better at computer forensics than me (I'm just a lowly business software developer not some super CS or security ninja) then have at it and let us know what you figure out..

But if your not a security expert or CS ninja (or more willing to setup network sniffers than I was) then avoid this little "trickster" at all costs..
 

Ask me about cloud hashing (it doesn't suck) or click here
---------------------------------------------------------------------------------
ubiquitous donation address:1KSUGdoL4PPkaLcoJ3Ny9yenQcMQcsentY
deepceleron
Legendary
*
Offline Offline

Activity: 1512
Merit: 1036



View Profile WWW
January 07, 2014, 01:34:11 AM
 #2

Click "report to moderator" on the PM, report the account for sending trojans and they will be banished.
Hands (OP)
Member
**
Offline Offline

Activity: 67
Merit: 10


View Profile
January 07, 2014, 01:44:40 AM
 #3

I would if it was a PM but it was sent as an email.. I wanted to get the word out to others :-)... Thanks for the info though, if I ever get anything like this over PM I'll definitely do that..

Ask me about cloud hashing (it doesn't suck) or click here
---------------------------------------------------------------------------------
ubiquitous donation address:1KSUGdoL4PPkaLcoJ3Ny9yenQcMQcsentY
Shermo
Sr. Member
****
Offline Offline

Activity: 272
Merit: 250



View Profile
January 07, 2014, 08:17:15 AM
 #4

Just got the same email myself, obviously to do with this site getting hacked a while back now someone has a huge list of email addresses to spam.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!