The IT Nerd

Wow. It’s been almost two weeks since I have written about an extortion phishing email. But tonight I’m writing about a brand new one. Here it is for your reading pleasure:

Dear user of [DOMAIN REDACTED]!

I am a spyware software developer.
Your account has been hacked by me in the summer of 2018.

I understand that it is hard to believe, but here is my evidence:
– I sent you this email from your account.
– Password from account [EMAIL ADDRESS REDACTED]: [PASSWORD REDACTED] (on moment of hack).

The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).

I went around the security system in the router, installed an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
This is driver software, I constantly updated it, so your antivirus is silent all time.

Since then I have been following you (I can connect to your device via the VNC protocol).
That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I periodically take photos and videos with you.

At the moment, I have harvested a solid dirt… on you…
I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.

I note that it is useless to change the passwords. My malware update passwords from your accounts every times.

I know what you like hard funs (adult sites).
Oh, yes .. I’m know your secret life, which you are hiding from everyone.
Oh my God, what are your like… I saw THIS … Oh, you dirty naughty person … 🙂

I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!

So, to the business!
I’m sure you don’t want to show these files and visiting history to all your contacts.

Transfer $837 to my Bitcoin cryptocurrency wallet: [BITCOIN WALLET ADDRESS REDACTED]
Just copy and paste the wallet number when transferring.
If you do not know how to do this – ask Google.

My system automatically recognizes the translation.
As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.
Do not worry, I really will delete everything, since I am “working” with many people who have fallen into your position.
You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.

Since opening this letter you have 48 hours.
If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted,
and from my server will automatically send email and sms to all your contacts with compromising material.

I advise you to remain prudent and not engage in nonsense (all files on my server).

Good luck!

Now the user who forwarded this email to me knew that his was fake because the email that was being quoted in the letter was one that was used almost six years ago. So he suspected that his loser was full of it. I’ll add to this by talking about the exploit that he used, or supposedly used which was CVE-2018-0296. If you read the vulnerability it says this:

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques.

In English, the attacker could overwhelm a Cisco security appliance with bogus data, perhaps take it down entirely, and perhaps view sensitive data. That sounds like a way to steal a password. But this exploit was disclosed in 2018. Which makes it kind of implausible that this was used six years ago. Not impossible. But implausible. But the fact is that they added this to give this email some sense of legitimacy that the scumbags behind this email hope will fool the less technically savvy. Other than that, it’s the same playbook as the last last nine extortion phishing scams that I told you about in the last few months. Sigh. If you get one of these emails, simply delete it. It’s bogus.

This entry was posted on November 10, 2018 at 10:00 pm and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.