Уязвимости и их устранение. Защита от разных способов взлома.

Never use same password for different sites!

Александр » 26 ноя 2018, 22:57

From this theme.
Due to importance of the theme in the above post «Scam email: "My nickname in darknet ..., I hacked this mailbox ..."», i decided translate one into English.
I apologize for my not perfect english, I'm in a bit of a hurry ))
So..
From the middle of summer 2018 there is massive email extortion scam attack.
Many of you could receive a letter, in which some hacker claimed:
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.
So, your password from (here will be your real email) is (here will be some familiar password to you, at worst - from this email).
Etc...
Send the above amount on my BTC wallet (bitcoin): xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Etc...

In a nutshell


How did they get your password?
Your password has been leaked through a data breach in some website in last 1–10 years.
Never use same password for different sites!
No password in the letter, but the letter "From" head is my email!
The letter is not sent from your mailbox (look in «Sent» folder — 99.9999 % there is no one)! Because it's not a problem to fake "From" head!

And be warned


I did a little investigation
In addition to banal extortion of money with a scary letter, the hackers seem to have decided to head the attacks in all directions!
They rely on the fact that many people don’t understand that they are been cheated (that receiving such a letter doesn’t mean that their computer is hacked), and many don’t even know what the Bitcoin wallet is.
Hackers have created a network of sites on which they offer to download a «Removal tool» that will remove the "virus" of the type 1EZS92K4…PNF5idPE62e9XY !!!
So victim begin googling bitcoin wallets from the letters: "1FHPbKHcSx9CaXJzDpLoXG733ipQ77UNx9", "1D1DZAac5chXcvULdRAk8nbxB5HWWbffwc", "19D67Tgb3neJiTHd8pZDEBYmUn2qSjxEeB" and hackers' nicknames: "rockwell79", "vance94", "harold18", "erwin14" etc... And get on these sites, where they are offered as a means of salvation to download and install a “Removal tool”. There are whole instructions on how to remove/disable antivirus on your computer before installing their tool (program) so that it does not interfere with the installation!
Here, hastily, with a couple of such sites I collected the numbers of Bitcoin wallets, which call out there a “virus” that can be removed from the computer by downloading and installing their “Removal tool”:
  • 1FgfdebSqbXRciP2DXKJyqPSffX3Sx57RF
  • 18YDAf11psBJSavARQCwysE7E89zSEMfGG
  • 1nxnt72qfmhpzdffueqrycypeuzyr6lmgh
  • 1FHPbKHcSx9CaXJzDpLoXG733ipQ77UNx9
  • 1D1DZAac5chXcvULdRAk8nbxB5HWWbffwc
  • 19D67Tgb3neJiTHd8pZDEBYmUn2qSjxEeB
  • 1g93wr2ldzd2euj92epbmgzz2zpydrwu4g
  • 1MN7A7QqQaAVoxV4zdjdrnEHXmjhzcQ4Bq
  • 1EZS92K4xJbymDLwG4F7PNF5idPE62e9XY
Needless to say, having installed their “Removal tool”, you install the virus yourself!
Александр
 
Сообщения: 289
Зарегистрирован: 20 мар 2014, 17:05

Re: Never use same password for different sites!

Katti » 27 ноя 2018, 03:09

И мне в последний месяц несколько таких писем приходило.
Напишу тат на английском, мы же с английского форума в основном тут))
Don't let rogues dupe you!
I had somewhere (long ago) registered with very simple password, i suppose it was on some bulletin boards.
Now rogues send me such scam emails.

One example of scam


Example of scam mail.

With imperative mood :D : «You has been hacked! Change your password immediately!»
Katti
 
Сообщения: 9
Зарегистрирован: 12 окт 2015, 10:55

Re: Never use same password for different sites!

Александр » 24 дек 2018, 21:13

I received similar scam email today in Chinese! :oops:
The original text is:
------
我问候你!

我有个坏消息。
28/09/2018 - 在这一天,我攻击了您的操作系统并完全访问了您的帐户 xxxxx@xxxxxx_ru。(skipped by me)
那天您的帐户密码是: xxxxxxxxx (skipped by me)

就是这样。
在您当天连接的路由器的软件中,存在一个漏洞。
我首先攻击了这个路由器并将恶意代码放在上面。
当您通过Internet输入时,我的木马安装在您设备的操作系统上。

之后,我完成了你的磁盘转储(我有你所有的地址簿,查看网站的历史记录,所有文件,电话号码和所有联系人的地址)。

一个月前,我想锁定你的设备并要求少量资金解锁。
但我查看了您经常访问的网站。 你最喜欢的资源令我震惊。
我说的是成人网站。

我想说 - 你是个大变态者。你有一个令人眼花缭乱的幻想!

在那之后,我想到了一个想法。
我制作了你喜欢的成人网站的截图(你知道我的意思,是吗?)。
之后,我在浏览本网站时拍摄了你和你的娱乐照片(我使用了你设备的相机)。
结果很棒! 不要犹豫!

我深信您不想向您的亲戚,朋友或同事展示这些照片。
我认为368美元对于我的沉默是少量的。
此外,我花了很多时间在你身上!

我在比特币接受钱。
我的BTC钱包: 1Brr1nKR278Tot5hRwEeX4sG1UZbcd5BpR

您不知道如何补充比特币钱包?
在任何搜索引擎中写“如何补充btc钱包”。
这很简单。

对于付款,你有两天多一点(恰好50小时)。
别担心,计时器将在您打开此信件时开始。是的,是的..它已经开始了!

付款后,我的病毒和你的妥协自动毁灭。
如果我没有收到您指定的金额,您的设备将被屏蔽,您的所有联系人都会收到您娱乐的照片。

要谨慎!
- 不要试图找到并摧毁我的病毒! (您的所有数据都已上传到远程服务器)
- 不要试图联系我(这是不可能的,我通过您的帐户向您发送了此电子邮件)
- 各种安全服务对您没有帮助;格式化磁盘或销毁设备也无济于事,因为您的数据已经在远程服务器上。

附:我保证,付款后我不会打扰你,因为你不是我唯一的客户。
这是一个黑客的荣誉准则。

从现在开始,我建议你使用好的防病毒软件并定期更新(每天几次)!

不要生我的气,每个人都有自己的工作。
再见。
------

I have made traslation into English:
------
I greet you!
I have a bad news.
28/09/2018 - On this day, I attacked your operating system and fully accessed your account xxxxx@xxxxxx_ru. (skipped by me)
The password for your account that day is: xxxxxxxxx (skipped by me)

That's it.
There is a vulnerability in the software of the router you are connecting to that day.
I first attacked this router and put malicious code on it.
When you type over the Internet, my Trojan is installed on your device's operating system.

After that, I completed your disk dump (I have all your address books, view the history of the site, all files, phone numbers and addresses of all contacts).

A month ago, I wanted to lock your device and ask for a small amount of money to unlock it.
But I looked at the websites you visit frequently. I am shocked by your favorite resources.
I am talking about adult websites.

I want to say - you are a big pervert. You have a dazzling fantasy!

After that, I thought of an idea.
I made a screenshot of your favorite adult website (you know what I mean, is it?).
After that, I took photos of you and your entertainment while browsing this website (I used your device's camera).
The result is great! Do not hesitate!

I am convinced that you do not want to show these photos to your relatives, friends or colleagues.
I think the $368 for my silence is a small amount.
In addition, I spent a lot of time on you!

I accept money in Bitcoin.
My BTC wallet: 1Brr1nKR278Tot5hRwEeX4sG1UZbcd5BpR

You don't know how to add Bitcoin wallet?
Write "How to add a btc wallet" in any search engine.
this is very simple.

For payment, you have a little more than two days (just 50 hours).
Don't worry, the timer will start when you open this letter. Yes, yes.. it has already started!

After the payment, my virus and your compromise are automatically destroyed.
If I don't receive the amount you specify, your device will be blocked and all your contacts will receive your entertainment photos.

Be cautious!
- Don't try to find and destroy my virus! (all your data has been uploaded to the remote server)
- Don't try to contact me (this is not possible, I sent you this email through your account)
- Various security services don't help you; formatting a disk or destroying a device doesn't help, because your data is already on a remote server.

PS: I promise that I will not bother you after payment, because you are not my only customer.
This is a honour criterion for hackers.

From now on, I recommend that you use good anti-virus software and update it regularly (a few times a day)!

Don't be angry with me, everyone has their own work.
Goodbye.
------
Александр
 
Сообщения: 289
Зарегистрирован: 20 мар 2014, 17:05


Вернуться в Безопасность