FileSharing Talk File Sharing Discussions and Support News Section Alt.binz users beware! You have been comprimised
 |
|
|
Thread Tools |
#1
06-23-2009, 03:34 PM
|
|
The Lonely Wanderer
 Join Date: Dec 2008
Location: Capital Wasteland
Age: 30
Posts: 19,944
  |
Alt.binz users beware! You have been comprimised
 Newsflash for all those ppl that have started various "cracked" versions of Alt.Binz floating on the usenet: They are ALL trojan infected. All firefox, IE, IM, steam passwords are collected and uploaded to attackers site. Zerosec staffers are responsible for the infected uploads, check sources because you already don't believe this probably?? However we are not that bright so we left our cpanel login data in our leet script so our server got pwned with all logins and some zerosec stuff.  [#altbin@EFNet]-[Full]-[Alt.Binz.v0.31.1.WinAll.Multilingual-CRD]-[0/8] - "crude.nfo" yEnc [#altbin@EFNet]-[Full]-[Alt.Binz.v0.31.1.WinAll-iND]-[2/7] - "Alt.Binz.v0.31.1.WinAll-iND.par2" yEnc [#altbin@EFNet]-[Full]-[Alt.Binz.0.31.1.WinALL.Cracked.REAL-CzW]-[2/7] - "czw.nfo" yEnc So if this is you? Is it? Looks like Zerosec has some explaining to do? Still don't believe? Check sources.  Source: Zerosedc staff are a bunch of MF stealers Homepage: alt.binZ
Last edited by SonsOfLiberty; 06-24-2009 at 01:18 AM.. |
|
|
| Click to Register | Registering will remove these ads. |
|
Sponsored Links
|
|
News Section
-
#2
06-23-2009, 03:51 PM
|
|
Out Fucking STanding
 Join Date: Apr 2009
Location: Shangri-La
Posts: 1,591
 |
Torrents and trackers give me a healthy dose of e-drama to keep me entertained.
About time newzbin followed suit.
|
|
|
|
|
News Section
-
#3
06-23-2009, 03:52 PM
|
|
|
The Lonely Wanderer
Join Date: Dec 2008
Location: Capital Wasteland
Age: 30
Posts: 19,944
|
You mean Usenet? Newzbin is a indexing site
__________________
  “You know, a long time ago being crazy meant something. Nowadays everybody's crazy.” |
|
|
|
|
News Section
-
#4
06-23-2009, 04:11 PM
|
|
|
Out Fucking STanding
Join Date: Apr 2009
Location: Shangri-La
Posts: 1,591
|
yeah..Usenet
* n00bz0r never had a good reason to use usenet. 
|
|
|
|
|
News Section
-
#5
06-23-2009, 05:23 PM
|
|
|
Member
 Join Date: Jan 2008
Posts: 24
|
This stuff seems to avoid virus scanners apparently.
I'm fairly sure I'm not using the compromised version, not the one from that post anyway, but how can I check and if needed, remove the trojan? ESET doesn't see anything wrong with it. |
|
|
|
|
News Section
-
#6
06-23-2009, 05:42 PM
|
|
|
Poster
Join Date: Dec 2008
Posts: 25
|
I do this sort of thing with rapidshare downloads, bind the client with a crack, virtually undetectable, person clicks said crack ?????? PROFIT!
|
|
|
|
|
News Section
-
#7
06-23-2009, 05:56 PM
|
||
|
The Lonely Wanderer
Join Date: Dec 2008
Location: Capital Wasteland
Age: 30
Posts: 19,944
|
Quote:
ESET does too, I soon as I extracted it it detected trojan.
__________________
“You know, a long time ago being crazy meant something. Nowadays everybody's crazy.” |
|
|
|
||
|
News Section
-
#8
06-23-2009, 06:21 PM
|
|
|
Poster
 Join Date: Mar 2007
Posts: 166
|
with trojans such as this, even if it manages to get onto your computer will software such as kaspersky pick it up before it lets the trojan activate?
how has this software got out, im confused - has the groups released software with trojans packed? |
|
|
|
|
News Section
-
#9
06-23-2009, 06:46 PM
|
|
|
The Lonely Wanderer
Join Date: Dec 2008
Location: Capital Wasteland
Age: 30
Posts: 19,944
|
My firewall blocked the attempt, and asked for to connect to xxx.xxx and my firewall doesn't let anything out unless ok'd, and it's got a one of the best leak tests out there (Comodo). Plus it was a temp file asking for access not alt.binz because I truly wanted to see what was going on.
__________________
“You know, a long time ago being crazy meant something. Nowadays everybody's crazy.” |
|
|
|
|
News Section
-
#10
06-23-2009, 07:39 PM
|
|
|
newsgroupie
Join Date: Mar 2007
Posts: 246
|
Here's a Virustotal analysis:
http://www.virustotal.com/analisis/0...ecf-1245784956 Code:
File altbinz.exe received on 2009.06.23 19:22:36 (UTC Current status: finished Result: 22/41 (53.66%) Antivirus Version Last Update Result a-squared 4.5.0.18 2009.06.23 Riskware.PSWTool.Win32.Messen!IK AhnLab-V3 5.0.0.2 2009.06.23 - AntiVir 7.9.0.193 2009.06.23 DR/PSW.NetPass.FV.4 Antiy-AVL 2.0.3.1 2009.06.23 PSWTool/Win32.NetPass.gen Authentium 5.1.2.4 2009.06.23 W32/Virut.AI!Generic Avast 4.8.1335.0 2009.06.23 - AVG 8.5.0.339 2009.06.23 Dropper.Small BitDefender 7.2 2009.06.23 - CAT-QuickHeal 10.00 2009.06.22 - ClamAV 0.94.1 2009.06.23 - Comodo 1401 2009.06.23 - DrWeb 5.0.0.12182 2009.06.23 Tool.PassView.117 eSafe 7.0.17.0 2009.06.23 Win32.PSWTool.NetPas eTrust-Vet 31.6.6575 2009.06.23 Win32/Inpect.10 F-Prot 4.4.4.56 2009.06.23 W32/Virut.AI!Generic F-Secure 8.0.14470.0 2009.06.23 PSWTool.Win32.NetPass.fv Fortinet 3.117.0.0 2009.06.23 HackerTool/Multidr GData 19 2009.06.23 - Ikarus T3.1.1.59.0 2009.06.23 not-a-virus:PSWTool.Win32.Messen Jiangmin 11.0.706 2009.06.23 - K7AntiVirus 7.10.768 2009.06.19 - Kaspersky 7.0.0.125 2009.06.23 not-a-virus:PSWTool.Win32.NetPass.fv McAfee 5655 2009.06.23 MultiDropper-BU McAfee+Artemis 5655 2009.06.23 MultiDropper-BU McAfee-GW-Edition 6.7.6 2009.06.23 Trojan.Dropper.PSW.NetPass.FV.4 Microsoft 1.4803 2009.06.23 - NOD32 4181 2009.06.23 probably unknown CRYPT.WIN32 Norman 6.01.09 2009.06.23 - nProtect 2009.1.8.0 2009.06.23 - Panda 10.0.0.16 2009.06.23 - PCTools 4.4.2.0 2009.06.22 - Prevx 3.0 2009.06.23 Medium Risk Malware Dropper Rising 21.35.14.00 2009.06.23 - Sophos 4.42.0 2009.06.23 Mal/Generic-A Sunbelt 3.2.1858.2 2009.06.23 VIPRE.Suspicious Symantec 1.4.4.12 2009.06.23 - TheHacker 6.3.4.3.351 2009.06.22 - TrendMicro 8.950.0.1094 2009.06.23 - VBA32 3.12.10.7 2009.06.23 - ViRobot 2009.6.23.1800 2009.06.23 Not_a_virus:PSWTool.Messen.2343936 VirusBuster 4.6.5.0 2009.06.23 Win32.Vundo.EX Additional information File size: 2343936 bytes MD5...: ef8bc3ea83f3989c4b8c196f65c3a4bf SHA1..: 753e0e7e77f9f1ebed85929f9099a669a88aee13 SHA256: 08d8af59c3c2ec6d2814be7eeb5f3037b1a8de9f6ae9c889a0a45feb8c758ecf ssdeep: 49152:3zWSyrROgSo0R1OJgna0CAup3a2CFUlhnQycgI8y5AP0jveNU:3zWhRjCn G3aIVQFJYg PEiD..: - TrID..: File type identification Win32 EXE Yoda's Crypter (64.5%) Win32 Executable Generic (20.7%) Win16/32 Executable Delphi generic (5.0%) Generic Win/DOS Executable (4.8%) DOS Executable Generic (4.8%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4760bc timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 0x1000 0x32c000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e 0x32d000 0x13b000 0x13a800 8.00 82dada95a1a5032c894e315af113d144 .rsrc 0x468000 0x102000 0x101800 7.99 1404b74b6b616af57b377b1b9bc5f7db ( 15 imports ) > KERNEL32.DLL: GetTempPathA, GetTempFileNameA, CreateFileA, WriteFile, CloseHandle, GetStartupInfoA, CreateProcessA, GetModuleHandleA, LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess > advapi32.dll: RegFlushKey > comctl32.dll: ImageList_Add > comdlg32.dll: ChooseFontA > crypt32.dll: CertFreeCertificateContext > gdi32.dll: SaveDC > imm32.dll: ImmGetContext > ole32.dll: DoDragDrop > oleaut32.dll: VariantCopy > shell32.dll: DragFinish > SHFolder.dll: SHGetFolderPathA > user32.dll: GetDC > version.dll: VerQueryValueA > winmm.dll: PlaySoundA > winspool.drv: OpenPrinterA ( 0 exports ) PDFiD.: - RDS...: NSRL Reference Data Set - packers (Kaspersky): UPX, UPX, UPX, PE_Patch.UPX, UPX, UPX Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=4EAE4F40006F3399C4D023C86CF809001ADD86A1' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=4EAE4F40006F3399C4D023C86CF809001ADD86A1</a> Last edited by zot; 06-23-2009 at 07:42 PM.. |
|
|
|
|
| Bookmarks |
| Thread Tools | |
|
|
