LogRythm says that Users of BitcoinTalk Suffer Major Phishing Email Campaign

Softpedia.com reported on 9th January, 2014 quoting the analysis of the security firm LogRythm on the scam emails as many Internauts over the last few days have reported on BitcoinTalk that they have got doubtful emails which are drafted to somehow embezzle their Bitcoins.

Notably, BitcoinTalk is a well-known virtual currency forum and Bitcoin is a P2P (peer-to-peer) system of payment and digital currency which was launched in 2009.

According to LogRythm, the attack begins with an email that purports to be from one Erwann Genson entitled: "Wallet Backup".

The email after greeting someone named 'David' with hello tells him that Genson did what he (Genson) was advised to do by David however the difficulty continues to be the same: importation of the 'private key' is not functioning! Last time when Genson checkered blockchain.info there were still 30.28020001 bitcoins!

Genson provides his wallet.dat along with its password (shortened URL). David is told that if he requires any more help he can get back to Genson.

The shortened URL contained in the email, apparently to Genson's wallet and password, goes to skodegouw dot nl and downloads a Zip file named as 'backup.zip'.

Greg Foss, a Senior Security Researcher with LogRhythm said that analyzing the figures surrounding this shortened URL, it has been detected that just less than 2000 Internauts have clicked on the malicious link ever since the malicious campaign was started at about 4pm on January 6, 2014, as per news published by Infosecurity-magazine.com reported that on 8th January, 2014.

Backup.zip contains numerous files: bitcoinqt.png, Password.txt, Password.txt.lnk and wallet.dat and only last two files are detectable unless the 'show hidden files' alternative of Windows is switched on. It is evident that the crooks are piggybacking on those two malicious files to be opened first.

The visible files initially set up the ground for the assault and the file, password.txt is in reality a packed executable.

Running this file begins a blank command prompt Window led by a program camouflaged as notepad, then the actual notepad app that exhibits the 'password' to the wallet.dat files, elaborated the researchers, as reported by HELP NET SECURITY on January 9, 2014.

» SPAMfighter News - 1/16/2014