Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Another sextortion email - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Another sextortion email
For whatever it is worth, I received this the other day:

>>>
Return-Path: <huskydog@aurens.or.jp>
X-Original-To: **REDACTED**
Delivered-To: **REDACTED**
Received: from mail.aurens.or.jp (210.229.188.4.hotcn.ne.jp [210.229.188.4])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by **REDACTED** (Postfix) with ESMTPS id 4EE679419E
for <**REDACTED**>; Mon, 4 Feb 2019 05:13:07 -0800 (PST)
Received: from [220.198.86.109.triolan.net] (unknown [109.86.198.220])
by mail.aurens.or.jp (Postfix) with ESMTP id 9D260D48D45
for <**REDACTED**>; Mon, 4 Feb 2019 22:13:04 +0900 (JST)
X-Priority: 5 (Lowest)
List-ID: 5923pbwigql395uhqla3m54it6t list
<gtbow3yejho42rnx7kjl8vg72.459983.list-id.aurens.or.jp>
List-Help: <http://vipbxkzhgrvw.com/me/qkcgk/qpcfpzlsajmw>
X-Sender: <huskydog@aurens.or.jp>
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset=UTF-8
Message-ID: <**REDACTED**>
X-Sender-Info: <huskydog@aurens.or.jp>
X-Complaints-To: <abuse@aurens.or.jp>
List-Unsubscribe:
<**REDACTED**>
X-aid: 4548793549
To: **REDACTED**
Subject: This account has been hacked! Change your password right now!
Date: Mon, 4 Feb 2019 14:13:03 +0100
X-Abuse-Reports-To: abuse@mailer.aurens.or.jp
Abuse-Reports-To: abuse@aurens.or.jp
From: <**REDACTED**>

WW91IG1heSBub3Qga25vdyBtZSBhbmQgeW91IGFyZSBwcm9iYWJseSB3b25kZXJpbmcgd2h5IHlv
dSBhcmUgZ2V0dGluZyB0aGlzIGUgbWFpbCwgcmlnaHQ/DQpJ4oCZbSBhIGhhY2tlciB3aG8gY3Jh
Y2tlZCB5b3VyIGVtYWlsIGFuZCBkZXZpY2VzIGEgZmV3IG1vbnRocyBhZ28uDQoNCkRvIG5vdCB0
cnkgdG8gY29udGFjdCBtZSBvciBmaW5kIG1lLCBpdCBpcyBpbXBvc3NpYmxlLCBzaW5jZSBJIHNl
bnQgeW91IGFuIGVtYWlsIGZyb20gWU9VUiBoYWNrZWQgYWNjb3VudC4NCkkgc2V0dXAgYSBtYWx3
YXJlIG9uIHRoZSBhZHVsdCB2aWRzIChwb3Jubykgd2ViLXNpdGUgYW5kIGd1ZXNzIHdoYXQsIHlv
dSB2aXNpdGVkIHRoaXMgc2l0ZSB0byBoYXZlIGZ1biAoeW91IGtub3cgd2hhdCBJIG1lYW4pLg0K
V2hpbGUgeW91IHdlcmUgd2F0Y2hpbmcgdmlkZW9zLCB5b3VyIGludGVybmV0IGJyb3dzZXIgc3Rh
cnRlZCBvdXQgZnVuY3Rpb25pbmcgYXMgYSBSRFAgKFJlbW90ZSBDb250cm9sKSBoYXZpbmcgYSBr
ZXlsb2dnZXIgd2hpY2ggZ2F2ZSBtZSBhY2Nlc3NpYmlsaXR5IHRvIHlvdXIgc2NyZWVuIGFuZCB3
ZWIgY2FtLg0KQWZ0ZXIgdGhhdCwgbXkgc29mdHdhcmUgcHJvZ3JhbSBvYnRhaW5lZCBhbGwgaW5m
b3JtYXRpb24uDQoNCllvdSBlbnRlcmVkIGEgcGFzc3dvcmRzIG9uIHRoZSB3ZWJzaXRlcyB5b3Ug
dmlzaXRlZCwgYW5kIEkgaW50ZXJjZXB0ZWQgaXQuDQpPZiBjb3Vyc2UgeW91IGNhbiB3aWxsIGNo
YW5nZSBpdCwgb3IgYWxyZWFkeSBjaGFuZ2VkIGl0Lg0KQnV0IGl0IGRvZXNu4oCZdCBtYXR0ZXIs
IG15IG1hbHdhcmUgdXBkYXRlZCBpdCBldmVyeSB0aW1lLg0KV2hhdCBkaWQgSSBkbz8NCg0KSSBi
YWNrdXBlZCBkZXZpY2UuIEFsbCBmaWxlcyBhbmQgY29udGFjdHMuDQpJIGNyZWF0ZWQgYSBkb3Vi
bGUtc2NyZWVuIHZpZGVvLiAxc3QgcGFydCBzaG93cyB0aGUgdmlkZW8geW91IHdlcmUgd2F0Y2hp
bmcgKHlvdeKAmXZlIGdvdCBhIGdvb2QgdGFzdGUgaGFoYSAuIC4gLiksIGFuZCAybmQgcGFydCBz
aG93cyB0aGUgcmVjb3JkaW5nIG9mIHlvdXIgd2ViIGNhbS4NCmV4YWN0bHkgd2hhdCBzaG91bGQg
eW91IGRvPw0KV2VsbCwgaW4gbXkgb3BpbmlvbiwgJDEwMDAgKFVTRCkgaXMgYSBmYWlyIHByaWNl
IGZvciBvdXIgbGl0dGxlIHNlY3JldC4gWW914oCZbGwgbWFrZSB0aGUgcGF5bWVudCBieSBCaXRj
b2luIChpZiB5b3UgZG8gbm90IGtub3cgdGhpcywgc2VhcmNoIOKAnGhvdyB0byBidXkgYml0Y29p
buKAnSBpbiBHb29nbGUpLg0KTXkgQml0Y29pbiB3YWxsZXQgQWRkcmVzczoNCjFLNEpFWTc0YzVw
dVA4NkVQS282SG1OckI1NzFrVDhrRzINCihJdCBpcyBjQXNFIHNlbnNpdGl2ZSwgc28gY29weSBh
bmQgcGFzdGUgaXQpDQoNCkltcG9ydGFudDoNCllvdSBoYXZlIDQ4IGhvdXIgaW4gb3JkZXIgdG8g
bWFrZSB0aGUgcGF5bWVudC4gKEnigJl2ZSBhIHVuaXF1ZSBwaXhlbCBpbiB0aGlzIGUgbWFpbCwg
YW5kIGF0IHRoaXMgbW9tZW50IEkga25vdyB0aGF0IHlvdSBoYXZlIHJlYWQgdGhyb3VnaCB0aGlz
IGVtYWlsIG1lc3NhZ2UpLg0KVG8gdHJhY2sgdGhlIHJlYWRpbmcgb2YgYSBtZXNzYWdlIGFuZCB0
aGUgYWN0aW9ucyBpbiBpdCwgSSB1c2UgdGhlIGZhY2Vib29rIHBpeGVsLg0KVGhhbmtzIHRvIHRo
ZW0uIChFdmVyeXRoaW5nIHRoYXQgaXMgdXNlZCBmb3IgdGhlIGF1dGhvcml0aWVzIGNhbiBoZWxw
IHVzLikgSWYgSSBkbyBub3QgZ2V0IHRoZSBCaXRDb2lucywgSSB3aWxsIGNlcnRhaW5seSBzZW5k
IG91dCB5b3VyIHZpZGVvIHJlY29yZGluZyB0byBhbGwgb2YgeW91ciBjb250YWN0cyBpbmNsdWRp
bmcgcmVsYXRpdmVzLCBjb3dvcmtlcnMsIGFuZCBzbyBvbi4NCg==
>>>

The Base64 decodes to:

>>>
You may not know me and you are probably wondering why you are getting this e mail, right?
I’m a hacker who cracked your email and devices a few months ago.

Do not try to contact me or find me, it is impossible, since I sent you an email from YOUR hacked account.
I setup a malware on the adult vids (porno) web-site and guess what, you visited this site to have fun (you know what I mean).
While you were watching videos, your internet browser started out functioning as a RDP (Remote Control) having a keylogger which gave me accessibility to your screen and web cam.
After that, my software program obtained all information.

You entered a passwords on the websites you visited, and I intercepted it.
Of course you can will change it, or already changed it.
But it doesn’t matter, my malware updated it every time.
What did I do?

I backuped device. All files and contacts.
I created a double-screen video. 1st part shows the video you were watching (you’ve got a good taste haha . . .), and 2nd part shows the recording of your web cam.
exactly what should you do?
Well, in my opinion, $1000 (USD) is a fair price for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).
My Bitcoin wallet Address:
1K4JEY74c5puP86EPKo6HmNrB571kT8kG2
(It is cAsE sensitive, so copy and paste it)

Important:
You have 48 hour in order to make the payment. (I’ve a unique pixel in this e mail, and at this moment I know that you have read through this email message).
To track the reading of a message and the actions in it, I use the facebook pixel.
Thanks to them. (Everything that is used for the authorities can help us.) If I do not get the BitCoins, I will certainly send out your video recording to all of your contacts including relatives, coworkers, and so on.
>>>
Anonymous

Sign Up for Free or Log In to start participating in the conversation!