Phinnaeus Gage (OP)
Legendary
 Offline
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
|
 |
December 30, 2013, 02:48:14 PM
Last edit: December 30, 2013, 04:49:44 PM by grue |
|
First off, I've never started a thread in this section before, and pretty sure I haven't posted in it, but now I seek advice as to what the following pertains to. CAUTION: Don't click that URL unless it's somehow opened safely, for I don't know how to do such, hence seeking info.Payment Notification Received !
Username: dabitcoinguy@gmail.com
Password: XXXXXXXXX
Current Balance: 1.XXXXXXXX BTC It was in the spam folder, hence the concern. Thank you in advance, ~Bruno Kucinskas moderator action: made link into an image to prevent accidental copy/pasting and auto-hyperlinking scripts. |
|
|
|
|
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
Colin Miner
|
|
December 30, 2013, 02:59:08 PM |
|
First off, I've never started a thread in this section before, and pretty sure I haven't posted in it, but now I seek advice as to what the following pertains to. CAUTION: Don't click that URL unless it's somehow opened safely, for I don't know how to do such, hence seeking info.It was in the spam folder, hence the concern. Thank you in advance, ~Bruno Kucinskas Its a phishing attempt to get you to click the link  Don't click the link, there is probably a virus at the end of it |
|
|
|
Seccour
Legendary
Offline
Activity: 1619
Merit: 1004
Bitcoiner, Crypto-anarchist and Cypherpunk.
|
|
December 30, 2013, 03:14:39 PM |
|
First off, I've never started a thread in this section before, and pretty sure I haven't posted in it, but now I seek advice as to what the following pertains to. CAUTION: Don't click that URL unless it's somehow opened safely, for I don't know how to do such, hence seeking info.It was in the spam folder, hence the concern. Thank you in advance, ~Bruno Kucinskas Its a phishing attempt to get you to click the link Don't click the link, there is probably a virus at the end of it So OP, remove the link ^^ |
|
|
|
grue
Legendary
Offline
Activity: 2058
Merit: 1431
|
|
December 30, 2013, 04:34:26 PM
Last edit: December 30, 2013, 04:46:15 PM by grue |
|
the link leads to a page with a java applet. very likely a drive-by download page.
edit: confirmed drive-by applet. launches regedit to disable UAC.
|
|
|
|
Phinnaeus Gage (OP)
Legendary
Offline
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
|
|
December 30, 2013, 09:29:26 PM |
|
the link leads to a page with a java applet. very likely a drive-by download page.
edit: confirmed drive-by applet. launches regedit to disable UAC.
Thanks, grue, assuming you disabled the link. I was toying with breaking it up so that it wouldn't work, but for some reason opted to give the warning in red instead. Seldom do I click links in my email, and this one definitely didn't smell right. Thanks to all that replied. ~TMI BTCITW |
|
|
|
|
deepceleron
Legendary
Offline
Activity: 1512
Merit: 1028
|
|
December 31, 2013, 05:01:05 AM |
|
the link leads to a page with a java applet. very likely a drive-by download page.
edit: confirmed drive-by applet. launches regedit to disable UAC.
Is it able to do this on Java v45? If so, that's what we call zero-day, and it should be captured and sent to Oracle and virus companies. Java has proved it can never be secure though, in that there has NEVER been a version where your computer couldn't get infected through it just by visiting a web page. Kill with fire. |
|
|
|
|
Caiapfas
Member
Offline
Activity: 112
Merit: 10
|
|
January 01, 2014, 01:40:53 AM |
|
best policy never ever open anything or click any link unless you are expecting it and/or know who sent it. even if it's from someone/some business/some account you know or have and have doubt go directly to the website and login there and delete the email
|
If you liked my post or found anything I said useful send some coffee change to
BTC = 3LxtsmCjRDPD6oYYwz31dwFJW9ktUy1Yuz
|
|
|
|
rarkenin
|
|
January 01, 2014, 03:08:02 AM |
|
NASTY VIRUS
Did a decompile and analysis in a VM, looks very nasty. Disables UAC, downloads a remote access tool, and even crashes my decompiler due to obfuscation. Obviously very complex but also not too polished, debug statements printing to console remain.
PM me to get details about all of the source and a copy of the decompiled/original files, some of which are not directly accessible. I'll send it in a passworded ZIP, but once I send it to you it's YOUR responsibility not to run it.
|
|
|
|
|
gweedo
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
January 01, 2014, 03:25:42 AM |
|
I got this same email of course I didn't click it.
|
|
|
|
|
U1TRA_L0RD
Full Member
Offline
Activity: 126
Merit: 100
CAUTION: Angry Man with Attitude.
|
|
January 01, 2014, 03:31:34 AM |
|
I opened this on my old virus tester laptop and its very nasty, now to go reinstall windows XP.
|
|
|
|
|
NixZiZ
Member
Offline
Activity: 64
Merit: 10
|
|
January 28, 2014, 02:07:08 PM |
|
Ouch... Happy I googled this first! Now to hook up a nice, shiny XP VM, shut off the network after the nasty installs... and see what happens! No patches, of course. I guess I'll post a video of it later too, just for shits.  |
|
|
|
|
U1TRA_L0RD
Full Member
Offline
Activity: 126
Merit: 100
CAUTION: Angry Man with Attitude.
|
|
January 28, 2014, 02:22:53 PM |
|
I got this same email of course I didn't click it.
I guess this iswhy we dont show our emails to the community. |
|
|
|
|
|
Caesium
|
|
January 28, 2014, 05:16:08 PM |
|
I got this same email of course I didn't click it.
I guess this iswhy we dont show our emails to the community. No cause for everyone of those emails I get, I get 100 emails to do business  That's an impressive ratio. Mine is more like for every 1 legit email, I get 100 of these phishing/spams. |
|
|
|
Caiapfas
Member
Offline
Activity: 112
Merit: 10
|
|
January 28, 2014, 05:42:00 PM |
|
I opened it and it gave me 3 BTC....OMG they are lying to you. open it open it. |
If you liked my post or found anything I said useful send some coffee change to
BTC = 3LxtsmCjRDPD6oYYwz31dwFJW9ktUy1Yuz
|
|
|
U1TRA_L0RD
Full Member
Offline
Activity: 126
Merit: 100
CAUTION: Angry Man with Attitude.
|
|
January 28, 2014, 06:16:21 PM |
|
I opened it and it gave me 3 BTC....OMG they are lying to you. open it open it. You owe me a new laptop. |
|
|
|
|
|
Sonny
|
|
January 30, 2014, 10:25:44 AM |
|
I opened it and it gave me 3 BTC....OMG they are lying to you. open it open it. You owe me a new laptop. lol  |
|
|
|
|
Caiapfas
Member
Offline
Activity: 112
Merit: 10
|
|
January 30, 2014, 08:09:50 PM |
|
No need to ask this every again . If the email is from unknown or even know sources and has links go directly to the site and login and see it there. Delete the email... problem solved. No matter how good antivirus, firewall or other protection you have it only takes one stupid user to fuck it all up.To the rest of us, this is why spam and viruses exist ...stupid users. If everyone deleted spam, spamming would dry up in a month. |
If you liked my post or found anything I said useful send some coffee change to
BTC = 3LxtsmCjRDPD6oYYwz31dwFJW9ktUy1Yuz
|
|
|
roslinpl
Legendary
Offline
Activity: 2212
Merit: 1199
|
|
January 30, 2014, 08:47:42 PM |
|
First off, I've never started a thread in this section before, and pretty sure I haven't posted in it, but now I seek advice as to what the following pertains to. CAUTION: Don't click that URL unless it's somehow opened safely, for I don't know how to do such, hence seeking info.Payment Notification Received !
Username: dabitcoinguy@gmail.com
Password: XXXXXXXXX
Current Balance: 1.XXXXXXXX BTC It was in the spam folder, hence the concern. Thank you in advance, ~Bruno Kucinskas moderator action: made link into an image to prevent accidental copy/pasting and auto-hyperlinking scripts.looks scam for me. But maybe you re 1 btc reacher :"P |
|
|
|
|
|
