I tested the ROS framework yesterday on the TheConstrucSim platform, everything worked. But today I received a scam e-mail requesting payment in bitcoin…
Next that, I performed a “Full Scan” with Clamav and I found the result below:
I tested the ROS framework yesterday on the TheConstrucSim platform, everything worked. But today I received a scam e-mail requesting payment in bitcoin…
Next that, I performed a “Full Scan” with Clamav and I found the result below:
Hi @jefersonjl82 ,
thanks for your post.
Could you paste here the email message you received, and who sent it?
By investigating this CVE_2016_3271-2, I see it is related to Jenkins, which we don’t even use.
We want to publicly show here that we are concerned about Security in our platform, and as soon as someone reports anything, we are going to investigate, and if a threat is really found, it will be solved.
Please let us know if you have any new information.
Hi @ralves, thanks for your answer,
The scam e-mail was written in Portuguese (my native language) and it has offensive words, I’m not comfortable to share here. I don’t know if there is a relationship between the e-mail and the virus.
First of all, I’m not a Vulnerability Expert, I’m just an Engineer. What I know is:
cat command
in this file and in the tail I got to see a lot of information about theconstructsim. Let me share some screens:Hi @jefersonjl82,
Thanks for the clarifications.
Could you please help with a few more questions?
from
address of the email?theconstructsim.com
anywhere?Some viruses and malware (or even adware) are able to track your browser history and then exploit them to send fake emails posing to be from the authentic domains therein. This is probably what happened (the addresses in the binary of the virus are the addresses your browser contacted while using our app).
It’s a good thing that you recognized the email as a scam in addition to having an up-to-date antivirus, as we need more than a good antivirus to fight cyberspace threats.
No cause for alarm here - just keep being vigilant as you keep pushing your ROS learning.
Hi @bayodesegun,
I’m here to help anyone that have the same problem … I can’t understand why did you guys rewrite the issue tittle as a INCORRECT tag?
- What’s the
from
address of the email?
No. The scam e-mail was send fromdontcare@caribserve.net
- Did the email mention
theconstructsim.com
anywhere?
No- Did you open any link in the email or any of its attachments?
No
I want to apologize for the created confusion! The scam email is not from theconstructsim
… but the virus has information about theconstruction.com
… this is a fact! I’m done here!
Hi @jefersonjl82,
Thanks again for clarifying.
We put the incorrect tag to indicate that the conclusion that the virus is a “The Construct VM virus” is incorrect, for the sake of members of the community who might be alarmed.
Those URLs you found in the virus are the ones your browser contacted recently, and this suggests that the virus had access to your browsing history and is probably trying to exploit that. And, based on your clarification, the virus may even have nothing to do with the email.
We appreciate that you voiced your doubts. Please don’t hesitate to contact us again if you find anything suspicious.