Windows 10 News and info | Forum
June 04, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Extortion Scam Claims EternalBlue Was Used to Install a Backdoor  (Read 289 times)
Hero Member
Online Online

Gender: Male
United States United States

Posts: 31455

I Do Windows

WWW Email
« on: July 01, 2019, 11:42:37 AM »

An extortion scam is being distributed that claims a Remote Access Trojan, or RAT, was installed on your computer using the EternalBlue exploit. The scammers then go on to say that they used the RAT to take videos of you on adult web sites and that you must pay a ransom or they will send it to all of your contacts.

EternalBlue is an exploit allegedly created by the NSA that targets a vulnerability in the SMBv1 protocol. This vulnerability allows attackers to execute commands on a vulnerable computer that can be used to install malware.

The extortion emails being distributed have a subject of "Security Alert. Your account was compromised. Password must be changed" and spins a tale that while visiting a porn site, the EternalBlue exploit was triggered to install a Remote Access Trojan on your computer.

This Trojan was then allegedly used to take videos of you, steal your contacts, and your passwords. It goes on to say if you do not pay a $600 extortion demand, the attacker will send your video to all of your contacts.

Extortion Email

The reality is that this is just a scam and the senders have not utilized any exploits on your computer, there is no RAT installed, and there are no videos of you while using an adult web site. Any passwords or email addresses listed in the email are simply from data breaches where your account info was publicly disclosed.

While you now know this is a scam, unfortunately not everyone else does and some people actually pay the extortion demand. For example, the bitcoin address associated with the above email has a payment of $600 that someone had sent to the attackers.

Extortion Payment

If you ever receive an extortion email, just remember that while they are scary to receive, they are just a scam. The attackers only know the listed email address and password from a data breach and your computer has not been infected and videos were not created.

With that said, if the email does contain your legitimate password, be sure to change it on any site that currently utilizes it as it has been publicly disclosed to many people.

If you are interested in reading the full extortion email, it is shown below.

Hi, dear user of

We have installed one RAT software into you device
For this moment your email account is hacked too.
I know your password for this account []: xxx

Changed your password? You're doing great!
But my software recognizes every such action. I'm updating passwords!
I'm always one step ahead....

So... I have downloaded all confidential information from your system and I got some more evidence.
The most interesting moment that I have discovered are videos records where you masturbating.

I posted EternalBlue Exploit modification on porn site, and then you installed my malicious code (trojan) on your operation system.
When you clicked the button Play on porn video, at that moment my trojan was downloaded to your device.
After installation, your front camera shoots video every time you masturbate, in addition, the software is synchronized with the video you choose.

For the moment, the software has harvrested all your contact information from social networks and email addresses.
If you need to erase all of your collected data, send me $600 in BTC (crypto currency).
This is my Bitcoin wallet: 11NT1KhH3aXsRw4LS6PFFrT5fRkdZFmne
You have 48 hours after reading this letter.

After your transaction I will erase all your data.
Otherwise, I will send video with your pranks to all your colleagues and friends!!!

P.S. I'm asking you - not to answer this letter because the sender's address is fake, just to keep me incognito.

And henceforth be more careful!
Please visit only secure sites!

While receiving one of these emails can be anxiety provoking, always remember that these are just scams and you should not believe anything they state. Instead, just mark it as spam and delete the email.

« Last Edit: July 03, 2019, 11:38:40 AM by javajolt » Logged

Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page April 14, 2020, 06:04:54 AM