Bitcoin kelmus: arvuti on häkitud

Kiri saadetakse sinu e-maili aadressilt ja väidetakse, et see sai võimalikuks, sest sinu arvuti/e-mail on häkitud. Nõutakse bitcoine, ähvardatatkse sinust piinlikku video avaldamisega.

Selliseid spami kirju leiab filtritest ja ainult ebaturvalise serveriga kasutajad näevad seda oma postkastis. Selle petukirja omadused peaks mitmesse filtrisse kinni jääma ja takistama inimesel selle nägemist.

Rule Score Rule Description
BAYES_95 3.00 Bayes spam probability is 95 to 99%
BITCOIN_DEADLINE 2.73 BitCoin with a deadline
BITCOIN_MALWARE 3.00 BitCoin + malware
BITCOIN_SPAM_07 3.00 BitCoin spam pattern 07
DCC_CHECK 1.10 Detected as bulk mail by DCC (dcc-servers.net)
DIGEST_MULTIPLE 0.29 Message hits more than one network digest check
DOS_OUTLOOK_TO_MX 2.84 Delivered direct to MX with Outlook headers
FSL_BULK_SIG 0.84 Bulk signature with no Unsubscribe
MIMEOLE_DIRECT_TO_MX 2.00 MIMEOLE + direct-to-MX
PYZOR_CHECK 1.79 Listed in Pyzor (https://pyzor.readthedocs.io/en/latest/)
RCVD_IN_XBL 4.50 Received via a relay in Spamhaus XBL
RDNS_NONE 2.00 Delivered to internal network by a host with no rDNS
SPF_SOFTFAIL 1.50 SPF: sender does not match SPF record (softfail)
TO_EQ_FM_DIRECT_MX 2.50 To == From and direct-to-MX
SpamAssassin Score 31.09
185.239.55.179 IQ AS51018 Seven Net Layers for General Trading & Information Technology LTD.

I’ve been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence.

Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks.
I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this,
transfer the amount of $703 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”).

My bitcoin address (BTC Wallet) is: 1GoWy5yMzh3XXBiYxLU9tKCBMgibpznGio

After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.

Best regards!

Kiri saadeti tõesti samasuguse e-maili aadressiga nagu oli saajal aga IP oli hoopis riigist koodiga IQ, kus igane see siis ka asub
From: <.ee>
To: <.ee>
Subject: Security Notice. Someone have access to your system.
Date: 1 Mar 2019 02:11:35 +0200
X-Mailer: Microsoft Office Outlook 11

Tõlge kirja sisust:
Ma olen sind mitu kuud jälginud. Fakt on sinu nakatamine pahavaraga läbi sinu külastatud täiskasvanute lehekülje.
Kui sa ei ole sellega tuttav, siis ma selgitan. Trooja viirus annab mulle täieliku ligipääsu ja kontrolli arvuti või muu seadme üle. See tähendab, et ma näen kõike sinu ekraanilt, lülitan sisse kaamera ja mikrofoni aga sina sellest ei tea. Mul on ka ligipääs kõigile sinu kontaktidele ja kirjadele.
Miks sinu antiviirus ei tuvastanud pahavara?
Vastus: Minu pahavara kasutab draiverit, ma uuendan selle allkirja iga 4 tunniga, nii on sinu antiviirus vait.
Ma tegin video sellest, kuidas sa rahuldad ennast(video vasak pool) ja paremal poolel on näha samal ajal vaadatud video.
Ühe hiire klahvi vajutusega ma saan saata selle video kõigile sinu e-mailidele ja sotsiaalmeedia kontaktidele./…/
Kui sa tahad seda ära hoida, kanna üle $703 minu bitcoini aadressile
My bitcoin address (BTC Wallet) is: 1GoWy5yMzh3XXBiYxLU9tKCBMgibpznGio
Pärast makse saamist ma kustutan video ja sa ei kuule minust enam. Ma annan sulle 48 tundi maksmiseks. Mul on kirja lugemisest teavitus ja aeg hakkab jooksma selle kirja lugemisest.
Kaebuse esitamisel kuhugi ei ole mõtet, sest seda e-maili ei saa jälitada nagu minu bitcoini aadressi.
Kui ma saan teada, et sa oled jaganud seda sõnumit kellegi teisega, siis videot levitatakse otsekohe.
Parimate soovidega.

Lisatud aprill 2019

Sarnane kiri, väike muutus nõudmistes:

If you want to prevent this, transfer the amount of $733 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”). My bitcoin address (BTC Wallet) is: 1JBFFHR8tGiMgYLpnZCVG8n4cSpm591urc

After receiving the payment, I will delete the video and you will never hear me again. I give you 50 hours (more than 2 days) to pay. I have a notice reading this letter, and the timer will work when you see this letter.

või

$956 to my bitcoin address. : 1AbK2rpS1gqw8AhTy7NPWDVBLhoJmxYFmw

Või lisatud 5. aprill

From: “Glinda Driscoll” <glindadriscoll@g.untracable.tk>Do I have your attention?
You are really screwed now and you better read this… !

Your device was recently infected with a software I developed,
and now you have a problem you need to solve,
because it has gone too far..

You probably noticed your device is acting strangely lately.
That’s because you downloaded a nasty software I created
while you were browsing the Ƿornographic website…

The software automatically:
1) Started your Ƈamera and begun recoding you,
uploading the footage to my server…
2) Recording your device screen
3) Copied all your contact lists from mail program, facebook
and your device chain
4) Started logging what you write

The problem is that it has cought you while you have been
ʍasturbating.. and I didn’t plan to see that.. but I did.

I now have the (kasutajanimi@).mp4 file with you
ʍasturbating to this hardcore stuff… ugly!! :((


Let me get straight to the point.

If you do not do what I ask you now, I will upload this
ugly video file with you … and the stuff you were watching
to several video upload sites and I will send the links
to all your friends, family members and associates.

I am sure they will not like what they will see and I am
also sure you don’t want me to do that, right ?


So do you want me to uninstall the nasty software from
your device and stop recording you?
Do you want me to forget about this whole issue??

I think 2,000 USD is a fair price for my silence. I know you
can handle to send me this money – and it is enough for
me to get lost. So how do you send the cash?? Bitcoin.

I checked right now and 1 Bitcoin is worth 4,960 bucks.
So…

Send exactly 0.405847 BTC to my Bitcoin wallet.

This is my Bitcoin wallet address:
3722F5y981bb5DjcHZ4RukZFTNmpymURzL

If you do not know how to send cash using bitcoin,
type ‘how to buy bitcoin’ in google. There’s plenty
of guides.

Ok.. so what if you decide not to pay ?
Well if you want to test my patience – go on.
I will destroy your social life, you can count on that.

You think that visiting Police is a good idea ? Nope.
I don’t live in your country and I know how to stay
Anonymous. I will send the compromising video to
everyone you know!

Just send me the 2,000 USD and we forget about
the whole thing. I have family to feed too.

***********************************************
Send 2,000 USD worth of bitcoin to this address:

0.405847 BTC
to this address:

3722F5y981bb5DjcHZ4RukZFTNmpymURzL

(copy and paste it – it’s cAsE sensitive)
***********************************************

After you send the money to my wallet (exact
amount!) – I will see it and I will remove the video
and deactivate the rec software.

I give you 5 days only to send the transfer..

The time starts ticking after you open this letter
(I included a pixel in this message and I will
know when you read it).


Don’t try to contact me – I am using an untracable
email to deliver this message to you.

I am waiting for your cash.
And don’t forget the shame if you ignore me.

Glinda

//Selles viimases kirjas antakse aega 5 päeva ja valetatakse, et kirja avamise kohta saadakse teadet sellele lisatud pildiga, mida tegelikult ei ole.

Lisatud 20.04.2019 sarnane kiri, et salvestati kasutaja kohta video ja tema e-mailide kontaktid kui raha üle ei kanta:

Send 2,000 USD (0.381730 BTC)
to this Bitcoin address:

***********************************************
3MDA3e4bNCJb28GZJq5qiXmJTjHe4KwwoG

You have 72 hours left.
P.S. If you need more time to buy and send BTC,
open your notepad and write ’48h more’.
This way you can contact me.
I will consider giving you another 48 hours
before I release the vίd, but only when I see that
you are really struggling to buy bitcoin.
I KNOW you can afford it – so don’t play with me…

Lisatud 16.07.2019. Nüüd küsitakse 50 tunniga 500 dollarit kontodele 34M6WPMzXQSjdKCMZmcUV8YBPs3RNgEjZ7 ja
35E4CLLKvhPuAmFmEUPF4zhrXFR1pCa4p1 ja
37dYTkP5BznzAZ3t1AtX1y9FgZYb2CWTv1 ja
32bGMouwMCZHfuVLL5pK6wWyjxo15QSyAX (22.juuli) ja
16AxNXbDd5ebM2sgCJCtuudDWassRxQKbP (1000 USD, nõue on pildina) ja
1PRuimfEQ7LhoMxXf4bVtuAxCeGhdJvoSH (1000 USD, nõue on pildina) ja
1MCBFzAtDHhHAfTDtzevpGNCi92mQrxub9 (1000 USD, nõue on pildina) ja
1NCiu3M1dXj7BgobZ8cUmmZTMrxHVzgMmj (1000 USD, nõue on pildina) ja

Kokkuvõte. Tavaline petukiri, mis loodab inimese rumalusele ja hirmule. Mingit arvuti häkkimist kirja saatjal ei ole, isegi kui olete videot vaadanud ja samal ajal oli arvutil kaamera.

Kiri saadeti Äriregistis olnud juriidilise isiku üldaadressile. President Toomas Hendrik Ilves juba teadis, et arvuti videokaamera tuleb kinni teipida. Veelgi parem kui kaamerat ja mikrofoni üldse ei olekski (sülearvutil on need kahjuks tootja poolt lisatud).