\[SCAM\] Fishing email
-
I recieved an email that looks like this:
[img]http://blog.logrhythm.com/wp-content/uploads/2014/01/BLOG-1.png[/img]
I understand I’m not the only one.
Now, you all know me… I’m not going to turn away someone in need. So this is a pretty effective way of targeting people.
After taking a closer look, this is a pretty sophisticated attack.
Only Passwords.txt.lnk and wallet.dat are visible unless ‘show hidden files’ is turned on in Windows, and there’s an aditional file, Password.txt.
The Password.txt.lnk file launches cmd.exe and runs the password.txt. You see, the Passwords.txt file is actually an exe file with the wrong extension. And when you run Passwords.txt.lnk, you end up running that exe. Running this file launches a blank command prompt window, followed by a program masquerading as notepad, then a the real notepad application, which displays the ‘password’ to the wallet.dat file.
In reality, this program launches a two files, one notepad.exe to display the fake password, and another file ‘Password.txt’ which appears to actually be a trojaned version of EditPlus.
The trojan lays quiet until you launch the Bitcoin QT wallet, and then it sends your coins.
It’s clever, it’s inventive, and it will suck your BTC out of your wallet faster than you can blink. Don’t fall for it.
-
pin this.
In fact. I call again for a Category named Known Scams and whatever we think is appropriate.
-
You’re like a unicorn slayer or something.
-
.hk is always full of surprises.
-
But do they actually sell a rod to fish with?! Love your investigations.
/edit [url=http://blog.logrhythm.com/uncategorized/emerging-bitcoin-theft-campaign-uncovered/]http://blog.logrhythm.com/uncategorized/emerging-bitcoin-theft-campaign-uncovered/[/url]