Everyday thoughts, but not every day

Whack (off) job

Just a random hacker who's compromised my computer with malware, cunningly bypassing my antivirus defences. Either that, or a two-bit shithead trying to extort easy money out of fear over a false threat. You choose. (shrug)

Touchingly, these BTC scams are so common, they even have their own SpamAssassin reporting codes.

I've seen this sort of thing many times before. As has my wife. Past 1337 h4xx0rz have claimed to have included a tracking pixel in the message, so they knew when I read it. Those messages were, like this one, sent in plain text format, not HTML; so, needless to say, image elements—tracking pixels—could never be present. This loser claims to have a notification, although he doesn't specify what it is. It's not a tracking pixel though, that's for sure! (LOL)

Anyway, the only reason for this post was to respond to my correspondent's threat: If I find that you have shared this message with someone else, the video will be immediately distributed.

And now he genuinely has a notification of my having read his message!

Hello! I am a hacker who has access to your operating system. I also have full access to your account. I've been watching you for a few months now. The fact is that you were infected with malware through an adult site that you visited. If you are not familiar with this, I will explain. Trojan Virus gives me full access and control over a computer or other device. This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it. I also have an access to all your contacts and all your correspondence. Why your antivirus did not detect malware? Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent. I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched. With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use. If you want to prevent this, transfer the amount of $ 1300 to my bitcoin address (if you do not know how to do this, search in Google: "Buy Bitcoin"). My bitcoin address (BTC Wallet) is: bc1qg86s30n0ruk4jk02tlekmltd7temxnsgzm97js After receiving the payment, I will delete the video and you will never hear me again. I give you 50 hours (more than 2 days) to pay. I have a notification of you reading this letter, and the timer will start right after you open it. Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address. I do not make any mistakes. If I find that you have shared this message with someone else, the video will be immediately distributed. Best regards!

I appreciated the phuqueue Best regards at the end there. That's a nice touch.

Subject: Re: Fwd:
Date: Tue, 9 May 2023 17:05:09 +0200
To: m.kazemi@sepanta.com
Hello I didn’t realise that simple pleasures could be so difficult. Honestly, if you can’t enjoy a good whacking-off in the privacy of your own home, where can you? Unless you’re a catholic priest, that is. You say that I shouldn’t share your message with anyone else. Does posting it to my blog count? As far as I know, no one reads it. Best regards!

That message in full.

Return-Path: <m.kazemi@sepanta.com>
Delivered-To: [snip]
Received: from mail-lb1.adm.[webhost] ([10.4.2.214])
	by popimap006.mail.[webhost].internal with LMTP
	id 6GXcJdRBWmTuvwAA9BAvQA:P1
	(envelope-from <m.kazemi@sepanta.com>)
	for [snip]; Tue, 09 May 2023 14:51:32 +0200
Received: from mxin014.mail.[webhost] ([10.4.2.214])
	by mail-lb1.adm.[webhost] with LMTP
	id 6GXcJdRBWmTuvwAA9BAvQA
	(envelope-from <m.kazemi@sepanta.com>)
	for [snip]; Tue, 09 May 2023 14:51:32 +0200
Received: from mailnull by mxin014.mail.[webhost] with local_accounts_spamscanned (Exim 4.95 (FreeBSD))
	(envelope-from <m.kazemi@sepanta.com>)
	id 1pwMoU-00062l-UN
	for [snip];
	Tue, 09 May 2023 14:51:32 +0200
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on
	mxin014.mail.[webhost]
X-Spam-Flag: YES
X-Spam-Level: ****************
X-Spam-Status: Yes, score=16.6 required=4.0 tests=BITCOIN_EXTORT_01,
	BITCOIN_SPAM_03,DCC_CHECK,DIGEST_MULTIPLE,DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DKIM_VALID_EF,FSL_BULK_SIG,HP_VS_SPAM,PDS_BTC_ID,
	PYZOR_CHECK,RCVD_IN_PSBL,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
	autolearn=disabled version=4.0.0
X-Spam-Report: 
	*  0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
	* -0.0 SPF_PASS SPF: sender matches SPF record
	* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	* -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
	*      envelope-from domain
	*  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
	*      valid
	* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
	*       domain
	*  1.1 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
	*  5.0 HP_VS_SPAM No description available.
	*  2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
	*      [85.133.129.194 listed in psbl.surriel.com]
	* -0.0 T_SCC_BODY_TEXT_LINE No description available.
	*  1.0 BITCOIN_SPAM_03 BitCoin spam pattern 03
	*  5.0 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin
	*  0.0 PDS_BTC_ID FP reduced Bitcoin ID
	*  2.0 PYZOR_CHECK Listed in Pyzor
	*      (https://pyzor.readthedocs.io/en/latest/)
	*  0.0 DIGEST_MULTIPLE Message hits more than one network digest check
	*  0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe
Received: from mail.sepanta.net ([85.133.129.194])
	by mxin014.mail.[webhost] with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.95 (FreeBSD))
	(envelope-from <m.kazemi@sepanta.com>)
	id 1pwMoU-00061V-Il
	for [snip];
	Tue, 09 May 2023 14:51:30 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=sepanta.com; s=MDaemon; t=1683636133; x=1684240933;
	i=m.kazemi@sepanta.com; q=dns/txt; h=Date:To:MIME-Version:From:
	Content-Transfer-Encoding:Content-Type:Message-ID:Subject:
	Require-Recipient-Valid-Since; bh=ncqBSemmpnvd9JCi4bQP0rHqvigasQ
	wEy7j85YhBOuM=; b=uBAG38sU3RNx1fY/kh5ULV/s8Lg6aBRbijDmO/xbYWfv+v
	rpJ26t1NGYnlwbO1H0YFo9gvVCJ64H6XJHtwEoOlkDImGmqxDWMv1ZmMyMUYtl1z
	Br9e7yxVeWnsc3dGfvFXI/JDNPAO4PcDnT3uG4oFFTDoiRU6zPKtENXT1h/Tc=
X-MDAV-Result: clean
X-MDAV-Processed: mail.sepanta.net, Tue, 09 May 2023 16:12:13 +0330
Received: by mail.sepanta.net with ESMTPSA id md5001001995216.msg; Tue, 09 May 2023 16:12:11 +0330
X-MDRemoteIP: 187.102.16.197
X-MDArrival-Date: Tue, 09 May 2023 16:12:11 +0330
X-Authenticated-Sender: m.kazemi@sepanta.com
X-Return-Path: m.kazemi@sepanta.com
X-Envelope-From: m.kazemi@sepanta.com
X-MDaemon-Deliver-To: [snip]
Date: Tue, 9 May 2023 15:42:06 +0300
To: [snip]
MIME-Version: 1.0
From: m.kazemi@sepanta.com
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
Message-ID: <5o10o802-7z69-7d59-sp49-055h0kl0312o@sepanta.com>
Subject: *** SPAM *** Fwd:
Require-Recipient-Valid-Since: [snip]; Tue, 9 May 2023
X-MDCFSigsAdded: sepanta.com
X-Vs-State: 1
X-Spam-Prev-Subject: Fwd:
X-[webhost]-Spambox:  YES 

Hello!

I am a hacker who has access to your operating system.
I also have full access to your account.

I've been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have an access to all your contacts and all your correspondence.

Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks.
I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this,
transfer the amount of $ 1300 to my bitcoin address (if you do not know how to do this, search in Google: "Buy Bitcoin").

My bitcoin address (BTC Wallet) is: bc1qg86s30n0ruk4jk02tlekmltd7temxnsgzm97js

After receiving the payment, I will delete the video and you will never hear me again.
I give you 50 hours (more than 2 days) to pay.
I have a notification of you reading this letter, and the timer will start right after you open it.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.

Best regards!