Уязвимости и их устранение. Защита от разных способов взлома.

Never use the same password for different sites!

Александр » 26 ноя 2018, 22:57

From this theme.
Due to the importance of the theme in the above post «Scam email: "My nickname in darknet ..., I hacked this mailbox ..."», i decided translate one into English.
I apologize for my not perfect english, I'm in a bit of a hurry ))
From the middle of summer 2018 there is massive email extortion scam attack.
Many of you could receive a letter, in which some hacker claimed:
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.
So, your password from (here will be your real email) is (here will be some familiar password to you, at worst - from this email).
Send the above amount on my BTC wallet (bitcoin): xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

In a nutshell

How did they get your password?
Your password has been leaked through a data breach in some website in last 1–10 years.
Never use the same password for different sites/accounts!
There is no password in the letter, but the letter's "From" head is my email!
The letter was not sent from your mailbox (look in «Sent» folder — 99.9999 % there is no one)! Because it's not a problem to fake "From" head!

And be warned

I made a little investigation
In addition to the banal extortion of money with a scary letter, the hackers seem to have decided to head the attacks in all directions!
They rely on the fact that many people don’t understand that they are been cheated (that receiving such a letter doesn’t mean that their computer is hacked), and many don’t even know what the Bitcoin wallet is.
Hackers have created a network of sites on which they offer to download a «Removal tool» that will remove the "virus" of the type 1EZS92K4…PNF5idPE62e9XY !!!
So victim begin googling bitcoin wallets from the letters: "1FHPbKHcSx9CaXJzDpLoXG733ipQ77UNx9", "1D1DZAac5chXcvULdRAk8nbxB5HWWbffwc", "19D67Tgb3neJiTHd8pZDEBYmUn2qSjxEeB" and hackers' nicknames: "rockwell79", "vance94", "harold18", "erwin14" etc... And get on these sites, where they are offered as a means of salvation to download and install a “Removal tool”. There are whole instructions on how to remove/disable antivirus on your computer before installing their tool (program) so that it does not interfere with the installation!
Here, hastily, with a couple of such sites I collected the numbers of Bitcoin wallets, which call out there a “virus” that can be removed from the computer by downloading and installing their “Removal tool”:
  • 1FgfdebSqbXRciP2DXKJyqPSffX3Sx57RF
  • 18YDAf11psBJSavARQCwysE7E89zSEMfGG
  • 1nxnt72qfmhpzdffueqrycypeuzyr6lmgh
  • 1FHPbKHcSx9CaXJzDpLoXG733ipQ77UNx9
  • 1D1DZAac5chXcvULdRAk8nbxB5HWWbffwc
  • 19D67Tgb3neJiTHd8pZDEBYmUn2qSjxEeB
  • 1g93wr2ldzd2euj92epbmgzz2zpydrwu4g
  • 1MN7A7QqQaAVoxV4zdjdrnEHXmjhzcQ4Bq
  • 1EZS92K4xJbymDLwG4F7PNF5idPE62e9XY
Needless to say, having installed their “Removal tool”, you install the virus yourself!
Сообщения: 397
Зарегистрирован: 20 мар 2014, 17:05

Re: Never use the same password for different sites!

Katti » 27 ноя 2018, 03:09

И мне в последний месяц несколько таких писем приходило.
Напишу тат на английском, мы же с английского форума в основном тут))
Don't let rogues dupe you!
I had somewhere (long ago) registered with very simple password, i suppose it was on some bulletin boards.
Now rogues send me such scam emails.

One example of scam

Example of scam mail.

With imperative mood :D : «You has been hacked! Change your password immediately!»
Сообщения: 9
Зарегистрирован: 12 окт 2015, 10:55

Re: Never use the same password for different sites!

Александр » 24 дек 2018, 21:13

I received similar scam email today in Chinese! :oops:
The original text is:

28/09/2018 - 在这一天,我攻击了您的操作系统并完全访问了您的帐户 xxxxx@xxxxxx_ru。(skipped by me)
那天您的帐户密码是: xxxxxxxxx (skipped by me)



但我查看了您经常访问的网站。 你最喜欢的资源令我震惊。

我想说 - 你是个大变态者。你有一个令人眼花缭乱的幻想!

结果很棒! 不要犹豫!


我的BTC钱包: 1Brr1nKR278Tot5hRwEeX4sG1UZbcd5BpR




- 不要试图找到并摧毁我的病毒! (您的所有数据都已上传到远程服务器)
- 不要试图联系我(这是不可能的,我通过您的帐户向您发送了此电子邮件)
- 各种安全服务对您没有帮助;格式化磁盘或销毁设备也无济于事,因为您的数据已经在远程服务器上。




I have made traslation into English:
I greet you!
I have a bad news.
28/09/2018 - On this day, I attacked your operating system and fully accessed your account xxxxx@xxxxxx_ru. (skipped by me)
The password for your account that day is: xxxxxxxxx (skipped by me)

That's it.
There is a vulnerability in the software of the router you are connecting to that day.
I first attacked this router and put malicious code on it.
When you type over the Internet, my Trojan is installed on your device's operating system.

After that, I completed your disk dump (I have all your address books, view the history of the site, all files, phone numbers and addresses of all contacts).

A month ago, I wanted to lock your device and ask for a small amount of money to unlock it.
But I looked at the websites you visit frequently. I am shocked by your favorite resources.
I am talking about adult websites.

I want to say - you are a big pervert. You have a dazzling fantasy!

After that, I thought of an idea.
I made a screenshot of your favorite adult website (you know what I mean, is it?).
After that, I took photos of you and your entertainment while browsing this website (I used your device's camera).
The result is great! Do not hesitate!

I am convinced that you do not want to show these photos to your relatives, friends or colleagues.
I think the $368 for my silence is a small amount.
In addition, I spent a lot of time on you!

I accept money in Bitcoin.
My BTC wallet: 1Brr1nKR278Tot5hRwEeX4sG1UZbcd5BpR

You don't know how to add Bitcoin wallet?
Write "How to add a btc wallet" in any search engine.
this is very simple.

For payment, you have a little more than two days (just 50 hours).
Don't worry, the timer will start when you open this letter. Yes, yes.. it has already started!

After the payment, my virus and your compromise are automatically destroyed.
If I don't receive the amount you specify, your device will be blocked and all your contacts will receive your entertainment photos.

Be cautious!
- Don't try to find and destroy my virus! (all your data has been uploaded to the remote server)
- Don't try to contact me (this is not possible, I sent you this email through your account)
- Various security services don't help you; formatting a disk or destroying a device doesn't help, because your data is already on a remote server.

PS: I promise that I will not bother you after payment, because you are not my only customer.
This is a honour criterion for hackers.

From now on, I recommend that you use good anti-virus software and update it regularly (a few times a day)!

Don't be angry with me, everyone has their own work.
Сообщения: 397
Зарегистрирован: 20 мар 2014, 17:05

Re: Never use the same password for different sites!

alex » 21 окт 2022, 14:45

Yeh, it's really actual, and will be!

Never use the one (the same) password for different sites/accounts!

Сообщения: 66
Зарегистрирован: 17 апр 2010, 00:45

Вернуться в Безопасность