Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
Dispatches Archive

« December 2017 | Main | May 2018 »

April 21, 2018

Bitcoin Extortion Scam/Spam Permalink

Over the past year or two, mainstream news has reported incidents of ransomware, whereby a crook invades a personal or network computer, encrypts all data on the hard drives, and then demands payment in Bitcoin to retrieve the decryption key. If this happens to you, it can be very scary because there might not be a way to recover without paying ransom to some unknown, shadowy entity.

If you have heard of this real activity, you might be equally terrified to receive a spam email like this one:

From: Shame
Subject: Read this carefully

Hello.
Dont pay attention on my illiteracy, I am from Belgium.

I put mine malicious program onto your device.

At present I thiefted all personal background from your device. Moreover I have slightly more evidence.
The most entertaining compromising which I stole- its a videotape with your masturbation.
I put malicious software on a porn site and then you loaded it. The moment you selected the video and pressed play, my malware at once downloaded on your OS.
After downloading, your front-camera shoot the video with you wanking, additionally I captured exactly the video you masturbated on. In next week my malicious software captured all your social and work contacts.

If you wish to eliminate all the evidence- pay me 209 euro in Bitcoins.
Here is my Bitcoin address - 1KdKczndv8p5TqmKniDh8Ut8oHpQ1NWaxR
You have 20 h. to go from this moment. As soon as I receive transfer I will eliminate the evidence forever. Differently I will send the record to all your friends.

Or another one of its relatives:

Subject: I collected very interesting content

Good dаy.
Do not mind on my illiteraсy, I am from Korеya.

I uploаded thе mаliсious рrogrаm оn your systеm.

Sinсe thаt moment I pilfеrеd all privy backgrоund from yоur systеm. Аdditiоnаlly I hаve some morе cоmрromising evidenсе. Thе most interеsting evidence that I stоle- its а videоtapе with your masturbаtion. I аdjusted virus оn a роrn wеb site аnd aftеr yоu lоaded it. Whеn you dеcided with the vidеo аnd tарpеd on а рlаy button, my deleteriоus sоft at оncе set up on your system. Аfter аdjusting, yоur cаmera shооt the vidеоtаpe with you sеlf-аbusing, in additiоn it sаvеd рrеcisеly the роrn vidеo yоu mаsturbatеd on. In nеxt fеw dаys my malwаre cоllеcted all yоur soсial and wоrk сontаcts.

If you need to destroy the records- transfer me 290 usd in Bitcoins.
I provide you my Btc address - 1EpAQ1ERVhhQMnPx4k28Z8L3uH84Zc2u1Q
You have 12 h. after reading. If I receive transaction I will destroy the videotape evermore. Differently I will forward the tape to all your contacts.

Presuming you can work your way through the tortured English (which may be phony), these messages hit a lot of buttons: Malware, remote capture of your computer's camera, screen grabs, and the threat of, um, exposing your activity to everyone listed in your computer's address book. I'm sure that a lot of people receiving these messages did instant inventory-taking about the last times they downloaded porn to their computers and pressed the Play button. They probably also looked at their computer's camera to imagine what it might have captured, and then visualize what everyone in their address book will see if they don't pay up.

I knew these were fake messages because I don't download or watch porn on my computers. (You may wonder why I even use a computer.) Even if this threat were real, the most shocking thing my computer's camera would catch is me struggling to get up from my desk chair with my arthritic knees. I was also curious why the crook wanted Bitcoin payments in amounts pegged to the Euro or US Dollar. Bitcoin values fluctuate so wildly hour-by-hour, I don't know how one could guarantee coming up with the exact amount to meet the demand (even after figuring out Bitcoin for the first time).

The bottom line on these messages is that they're empty extortion threats from lazy crooks. I don't even imagine there was any malware threat leading up to the sending of these messages. If there were, an up-to-date anti-virus package on your computers would be suitable protection. And for the truly paranoid, a Post-It sticker over the camera can add a bit of comfort (there are also some utility programs out there that block camera access, but I'm a little wary of them).

Also, avoid web sites that require you to download an unknown media player to view or hear their content. I've distrusted those for decades because installing such things is the same as intentionally loading malware onto your machine. You never know what else is piggybacked with the media player.

BTW, I normally block out identifying information associated with crooks, but I left the Bitcoin account numbers intact. Someone might try to hack and drain those accounts. That would be a shame.

Posted on April 21, 2018 at 03:25 PM