Bitcoin Forum
April 19, 2024, 08:47:51 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Other > Meta > malware spam targeting bitcointalk users
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: malware spam targeting bitcointalk users  (Read 5231 times)
trixter (OP)
Member
**
Offline Offline

Activity: 114
Merit: 10


View Profile
September 08, 2014, 01:33:11 AM
 #1
purportedly from CloudHashing zac@cloudhashing.com is a .jar malware targeted at bitcoin talk emails (its the only place I use that particular address)

Invoice Payment

Thanks , Kind regards


Mobile: +1 (511) 983-1650
Phone:  +1 (531) cloudhashing
Fax:      +1 (513) 593-2790


There is a .JAR attachment (I have yet to actually analyze it malware is just a guess)

area code 511 is invalid flat out.  


Received: from [110.4.46.35] ([110.4.46.35:2486] helo=jamilghani.com)
I already notified smtp.com who relayed this.


original with my email redacted http://pastebin.com/niDWs1r2
NastyFans - The UNOFFICIAL Nasty Mining Fan Club
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1713559671
Hero Member
*
Offline Offline

Posts: 1713559671

View Profile Personal Message (Offline)

Ignore
1713559671
1713559671
Reply with quote  #2
1713559671
Report to moderator
b!z
Legendary
*
Offline Offline

Activity: 1582
Merit: 1010



View Profile
September 08, 2014, 02:46:12 AM
 #2
You might want to post this in Scam Accusations.
trixter (OP)
Member
**
Offline Offline

Activity: 114
Merit: 10


View Profile
September 08, 2014, 04:18:08 AM
 #3
I will later if a mod does not move it.  no sense having 2 unless that is the only way.
shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1499


No I dont escrow anymore.


View Profile WWW
September 08, 2014, 05:50:37 AM
 #4
Cant confirm, been here since Nov '13 and never got bitcoin related spam/phishing mails.

Its more likely that you published your mail address somewhere else.
Im not really here, its just your imagination.
trixter (OP)
Member
**
Offline Offline

Activity: 114
Merit: 10


View Profile
September 08, 2014, 07:03:40 AM
 #5
this might shed some insight into that specific jar file.  It appears to also be using a similar modus operandi.

http://n-pn.info/forum/showthread.php?tid=3730 (french)


I have confirmed that it connects to the same hooka.noip.us host that is listed in that analysis.  port 97 and 98.
trixter (OP)
Member
**
Offline Offline

Activity: 114
Merit: 10


View Profile
September 08, 2014, 07:06:15 AM
Last edit: September 08, 2014, 03:37:22 PM by trixter
 #6
Quote from: shorena on September 08, 2014, 05:50:37 AM
Cant confirm, been here since Nov '13 and never got bitcoin related spam/phishing mails.

Its more likely that you published your mail address somewhere else.

Not likely.  I have different email addresses for every website I go to, I do not reuse them.  Would I post it I would have used a different one for exactly that reason.  It lets me track where I am getting emails from, its a thing I have done for  years.

That however is not the larger point.  This person is targeting bitcoin related people it seems since the analysis that I posted included someone else that appears to have a bitcoin affiliation getting the same jar file.   Regardless of where he got the email from he is targeting bitcoin people presumably for the purposes of violating wallets which is bad for the community.  

edit: to be clear the "analysis that I posted" refers to the url which has analysis done by someone else.  I just reread this and it could be interpreted that I was trying to take credit for someone elses work.  That was not my intent.
Pages: [1]
  Print  
Bitcoin Forum > Other > Meta > malware spam targeting bitcointalk users
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!