Sehe das wie blizzy. Vielleicht darf er in einer öffentlichen Grünanlage noch 10 Stunden Müll einsammeln. Aber viel mehr wird da wohl nicht passieren. Ich hoffe mal, dass tatsächlich niemand Bitcoins an ihn transferiert hatte.
Druckbare Version
Sehe das wie blizzy. Vielleicht darf er in einer öffentlichen Grünanlage noch 10 Stunden Müll einsammeln. Aber viel mehr wird da wohl nicht passieren. Ich hoffe mal, dass tatsächlich niemand Bitcoins an ihn transferiert hatte.
Die SCM Microsystems wurde an die Schweizer Kudelski-Gruppe verkauft lt. einem Bericht in
Das wäre an sich nichts besonderes, nur dass es dort eine Email Adresse gab die ausschließlich dort verwendet worden ist. Heute erreicht dann eine Mail ein altes Postfach
header:mit einem Bild und versuchter Erpressung - auch nichts besonderes - in englisch etwa "Ich weiß alles über Dich und weiß, dass Du diese Mail gelesen hast habe alle Deine Geräte geöffnet und alle Deine Spielzeuge (Gadgets)...und jetzt zahl bitte $ 1000 in Bitcoin an 1J7FEVa8aMmo18mZ7QxxEBnjPxRMK2PK1P".01: Return-Path: <suraj.s [at] itel.com.np>02: ...03: Authentication-Results: <poor.victim.server> (amavisd-new); dkim=neutral04: reason="invalID: [ID filtered]05: X-Greylist: delayed xx:xx:xx by SQLgrey-1.8.0-rc206: Received: from mx-01.itel.com.np (unknown [103.250.132.164])07: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))08: (Client dID: [ID filtered]09: by <poor.victim.server> (Postfix) with ESMTPS ID: [ID filtered]10: for <poor [at] spamvictim.tld>; Thu, 4 Apr 2019 xx:xx:xx +0200 (CEST)11: Authentication-Results: mx-01.itel.com.np;12: dkim=fail reason="key not found in DNS" (0-bit key; unprotected)13: header.d=itel.com.np header.i=@itel.com.np header.b=MJGOaB1E;14: dkim-atps=neutral15: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=itel.com.np; h=16: message-id:from:from:to:user-agent:x-mailer:date:date:subject17: :subject:list-help:mime-version:content-type:content-type; s=18: dkim; t=1554367293; x=1556959294; bh=sQuN+wU7sWZc8Z9LI9y/EIj3dZi19: PH6RyH/FqH00Aocs=; b=MJGOaB1ELnF6BPDlhUWfyVu3qN9Gx9c3JlmmakcugH+20: 99u/evvA4E4uUq43krWADCRl9zYvzY0Ll4GT8F9uufTdztHuset/LpU3Q2QCLrbC21: L457ce0Wf7nfZGubtjDUJWgCAbby5DVqeTyfqAOn6x8NgoEAqhmpLKQ39WjNpzKI22: =23: X-Virus-Scanned: Debian amavisd-new at mx-01.itel.com.np24: Received: from [177-038-001-064.pontocomnet.com.br] (unknown25: [177.38.1.64])26: by mx-01.itel.com.np (Postfix) with ESMTPSA ID: [ID filtered]27: for <poor [at] spamvictim.tld>; Thu, 4 Apr 2019 xx:xx:xx -0400 (EDT)28: X-Sender: suraj.s [at] itel.com.np29: Content-Type: multipart/related;30: boundary="jnulzoll-CC70EF0626386"31: MIME-Version: 1.032: List-Help: <http://vfatcvtmn.com/jp/fjnqrf/gxrhjqlfcrne>33: Subject: <poor.victim.id>34: Date: Thu, 4 Apr 2019 xx:xx:xx +020035: X-Mailer: Foxmail 7, 2, 7, 26[cn]36: User-Agent: Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/2010010137: To: poor [at] spamvictim.tld38: From: <poor.victim [at] mail.address>39: Message-ID: [ID filtered]40: X-Abuse-Reports-To: <abuse [at] mail.itel.com.np>
Interessant daran ist nur, dass ausschließlich eine Sicherheitsfirma diese Email hatte und sie sonst nirgends verwendet worden ist, so ist die Quelle zumindest damit klar.
Die Mailfilter schlagen bei ähnlichen Textformen bereits zu, daher verlegen die sich neuerdings auf Bildchen.
Das Gute daran, diese Email Adresse taugt jetzt für den Spamschutz.
PS: Verbesserungsvorschlag: Hier sollte man noch Bilder anhängen können...
Was für ein Schmarrn ...
header:01: Return-Path: <atv [at] sunyorange.edu>02: Received: from mail-pg1-f171.google.com ([209.85.215.171]) by mx-ha.web.de03: (mxweb012 [212.227.15.17]) with ESMTPS (Nemesis) ID: [ID filtered]04: Received: by mail-pg1-f171.google.com with SMTP ID: [ID filtered]05: DKIM-Signature: x06: X-Received: by 2002:a65:6644:: with SMTP ID: [ID filtered]07: Received: from 8YqwSBFO ([2001:e68:507c:1cec:1e5f:2bff:fe01:54a0]) by08: smtp.gmail.com with ESMTPSA ID: [ID filtered]09: Message-ID: [ID filtered]10: Date: Thu, 14 Mar 2019 xx:xx:xx -0700 (PDT)11: Subject: =?utf-8?B?SSB3YW50IHRvbyBzaG9vdyB5b3U=?=12: =?utf-8?B?dSBzb21lIHBycm9ibGVtIHRoYXQ=?= =?utf-8?B?dCB5b291IGhhdmVlIA==?=13: To: xxx [at] xxx14: From: =?utf-8?B?Q2hhcmxvdHRlIEtlbm5lZHk=?= <atv [at] sunyorange.edu>15: MIME-Version: 1.016: Content-Transfer-Encoding: base6417: Content-Type: multipart/alternative; boundary="x"18: Envelope-To: <xxx [at] xxx>19: X-Spam-Flag: YESGeh doch lieber normal arbeiten :DZitat:
Hi!!
I have very bad news for you.
10/02/2019 - on this day I hacked your OS and got full access to your account
So, you can change the password, yes... But my malware intercepts it every time.
How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.
After that, I made a full dump of your disk (I have all your address book, history
of viewing sites, all files, phone numbers and addresses of all your contacts).
A month ago, I wanted to lock your device and ask for a not big amount of btc to
unlock.
But I looked at the sites that you regularly visit, and I was surprised by what I saw!!!
I'm talk you about sites for adults.
I want to say - you are a BIG pervert. Your fantasy is shifted far away from the
normal course!
And I got an idea....
I made a screen of the adult sites where you have fun (do you understand what it
is about, huh?).
After that, I made a screen of your joys (using the camera of your device) and
glued them together.
Turned out cool! You are so spectacular!
I'm know that you would not like to show these screen to your friends,
relatives or colleagues.
I think $650 USD is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!
Pay ONLY in Bitcoins!
My BTC wallet: 1JnywY8yudhDowxb1bcZymWiTVgpgrQ8yA
You do not know how to use bitcoins?
Enter a query in any search engine: "how to replenish btc wallet".
It's extremely easy
For this transaction I give you two days (48 hours).
As soon as this email is opened, the timer will work.
After pay, my virus and dirty screens with your enjoys will be self-destruct
automatically.
If I do not receive from you the specified amount, then your device will be locked,
and all your contacts will receive a screens with your "enjoys".
I hope you understand your situation.
- Do not try to find and destroy my virus! (All your data, files and screens is
already uploaded to a remote server)
- Do not try to contact me
- Various security services will not help you; formatting a disk or destroying a
device will not help, since your data is already on a remote server.
P.S. You are not my single victim. so, I guarantee you that I will not disturb you
again after payment!
This is the word of honor hacker
I also ask you to regularly update your antiviruses in the future. This way you will
no longer fall into a similar situation.
Do not hold evil! I just do my job.
Have a nice day!
Das entwickelt sich zum Mugu und Russki Scam 3.0
Wo sind nur die ganzen russischen Frauen geblieben oder die reichen aber totkranken niegerianischen Witwen ;-)
Hier passt der Querlink rein, hab heute morgen das Thema nicht gefunden. Mods können das gerne umshiften.
Da scheint es ein paar cidr/16 Bereiche zu geben, die hochaktiv sind.
:depp:
header:01: Return-Path: <edwigeblondel [at] ecole-eme.com>02: Received: from EUR01-HE1-obe.outbound.protection.outlook.com ([40.107.13.40])03: by mx-ha.web.de (mxweb111 [212.227.17.8]) with ESMTPS (Nemesis) ID: [ID filtered]04: DKIM-Signature: x05: Received: from DB3PR0202MB3513.eurprd02.prod.outlook.com (52.134.68.10) by06: DB3PR0202MB3291.eurprd02.prod.outlook.com (52.134.66.154) with Microsoft SMTP Server07: (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) ID: [ID filtered]08: Received: from DB3PR0202MB3513.eurprd02.prod.outlook.com09: ([fe80::48de:5bfd:e024:8fbd]) by DB3PR0202MB3513.eurprd02.prod.outlook.com10: ([fe80::48de:5bfd:e024:8fbd%7]) with mapi ID: [ID filtered]11: From: BLONDEL Edwige <edwigeblondel [at] ecole-eme.com>12: To: "xxx [at] xxx" <xxx [at] xxx>13: Subject: You're a pervert, now think what to do14: Thread-Topic: You're a pervert, now think what to do15: Thread-Index: [filtered]16: Date: Thu, 16 May 2019 xx:xx:xx +000017: Message-ID: [ID filtered]18: Accept-Language: fr-FR, en-US
* Das (einfache) Passwort stammt tatsächlich aus einem Uralt-Hack, ist inzwischen rund ein Dutzend Mal gewechselt worden und aktuell bei mir einmalig vergeben, länger als man es ahnt und kryptisch - viel Spaß beim Ausprobieren :cool:Zitat:
Hi!
I am a hacker who has access to your computer.
I also have full access to your acc: At the time of hacking your
account(xxx@xxx) had this pass: x *
You can say: this is my, but old password!
Or: I can change my password at any time!
Of course! You will be right,
but the fact is that when you change the pass, my virus every time
saved a new one!
I've been watching you for a few months now.
But the fact is that you were infected with trojan through an adult web-page that you
visited.
If you are not familiar with this, I will explain.
Malware gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and
microphone, but you do not know about it.
I also have access to all your contacts and all your correspondence from e-mail and
messangers.
Why your antivirus did not detect my malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that
your antivirus is silent.
I made a video showing how you satisfy yourself in the left half of the screen, and
in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts
on social networks. I can also post access to all your e-mail correspondence and
messengers that you use.
If you want to prevent this, transfer the amount of $636 to my bitcoin address (if
you do not know how to do this, write to Google: "Buy Bitcoin").
My bitcoin address (BTC Wallet) is: 1BUYc4Gjk1tRzgLkpcpkVAG3Vd5kLtysez
After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.
Filing a complaint somewhere does not make sense because this email cannot be
tracked like my bitcoin address.
And please do not try to answer me (the sender's address is automatically generated).
I do not make any mistakes!
If I find that you have shared this message with someone else, the video will be
immediately distributed.
Bye!
Bisher hat Monsieur nichts verdient:
Das ist doch mal eine gute Nachricht :cool:
Trudeln auch bei mir in unregelmäßigen Abständen im Spam Ordner ein.
Das angebliche PW welches mir gehören soll, kenne ich nicht.
Lediglich der Text hinsichtlich des "Hacks" hat sich etwas verändert... wohlmöglich um das Ganze etwas "glaubhafter" zu machen.
Allerdings beinhaltet die genannte Schwachstelle keine Hinweis auf "Trojaner einschleusung"Zitat:
Zitat von Erpresski
Ich sag es mal so... isch 'abe gar keine Cisco. :)Zitat:
Zitat von nist.gov