[OPSEC/Computer] Potential SCAM/VIRUS.. Vendors! worth checking out.

automod blocks any messages that have executable files.. so please remove asterisks when you read/if you try to view the link..

So I got messaged today on agora by a customer saying that he wants to make a purchase from me, but says my dox are out ther.e. and is sketched out. he sent me a link to the following file hosting site:

filename: iddiotdoxxedvendors.ex*

WARNING: DO NOT OPEN .ex. AS I'm ASSUMING IT'S A VIRUS! *http://s000.tinyupload.com/?file_id=02729064117140291907

can any of you more tech savvy types give me any insight/advice? I obviously didn't open it/download it.. as it's a .ex*.. butttt.. can someone safely open it, without running the risk of f'ing up there computer..? either way.. just wanted to get the word out.


Comments


[6 Points] grandpajoe_dnm:

It's a rat, they through it at every new vendor. Ignore it, just script kiddies.


[5 Points] MLP_is_my_OPSEC:

Antivirus Result Updated
AVG Luhe.Fiha.A 20150504
AVware Trojan.Win32.Generic.pak!cobra 20150504
AhnLab-V3 Backdoor/Win32.DarkKomet 20150504
ESET-NOD32 a variant of MSIL/Injector.FHB 20150504
Kaspersky HEUR:Trojan.Win32.Generic 20150504
VIPRE Trojan.Win32.Generic.pak!cobra 20150504

Source: https://www.virustotal.com/en/file/30ccd3f98f209a53425fdecd465ef16c262cd468475aed3b7bccb6e8ee8e801e/analysis/1430781928/

To add on to what /u/grandpajoe_dnm said, definitely a RAT and a skid. It's forwarding traffic through a DNS provider (no-ip), which is a telltale sign.