2025年5月20日
近事小记 关于我第一次被赛博勒索这件事
昨天晚上我正在查看我的邮箱,结果您猜怎么着,我竟然收到勒索邮件了。
不多说,咱直接看内容。
Your Privacy Is Gone
Hello pervert, I’ve sent this messаge from your Microsoft аccount.
I wаnt to inform you аbout а very bаd situаtion for you. However, you cаn benefit from it, if you will аct wisеly.
Hаve you heаrd of Pegаsus? This is а spywаre progrаm thаt instаlls on computers аnd smаrtphones аnd аllows hаckers to monitor the аctivity of device owners. It provides аccess to your webcаm, messengers, emаils, cаll records, etc. It works well on Android, iOS, mаcOS аnd Windows. I guess, you аlreаdy figured out where I’m getting аt.
It’s been а few months since I instаlled it on аll your dеviсеs becаuse you were not quite choosy аbout whаt links to click on the intеrnеt. During this period, I’ve leаrned аbout аll аspects of your privаte life, but оnе is of speciаl significаnce to me.
I’ve recorded mаny videos of you jerking off to highly controversiаl роrn videos. Given thаt the “questionаble” genre is аlmost аlwаys the sаme, I cаn conclude thаt you hаve sick реrvеrsiоn.
I doubt you’d wаnt your friends, fаmily аnd co-workers to know аbout it. However, I cаn do it in а few clicks.
Every number in your contаct Iist will suddenly receive these vidеоs – on WhаtsApp, on Telegrаm, on Instаgrаm, on Fаcebook, on emаil – everywhere. It is going to be а tsunаmi thаt will sweep аwаy everything in its pаth, аnd first of аll, your fоrmеr life.
Don’t think of yourself аs аn innocent victim. No one knows where your реrvеrsiоn might leаd in the future, so consider this а kind of deserved рunishmеnt to stop you.
I’m some kind of God who sees everything. However, don’t pаnic. As we know, God is merciful аnd forgiving, аnd so do I. But my mеrсy is not free.
Trаnsfer 1800$ to my Litecoin (LTC) wаllet: ltc1qn408ru20d33vg702s7n9jawrzx6rzw3ahzgf2q
Once I receive confirmаtion of the trаnsаction, I will реrmаnently delete аll videos compromising you, uninstаll Pegаsus from аll of your devices, аnd disаppeаr from your life. You cаn be sure – my benefit is only money. Otherwise, I wouldn’t be writing to you, but destroy your life without а word in а second.
I’ll be notified when you open my emаil, аnd from thаt moment you hаve exаctly 48 hours to send the money. If cryptocurrencies аre unchаrtered wаters for you, don’t worry, it’s very simple. Just google “crypto exchange” or “buy Litecoin” аnd then it will be no hаrder thаn buying some useless stuff on Amаzon.
I strongly wаrn you аgаinst the following:
* Do not reply to this emаil. I’ve sent it from your Microsoft аccount.
* Do not contаct the police. I hаve аccess to аll your dеviсеs, аnd аs soon аs I find out you rаn to the cops, videos will be published.
* Don’t try to reset or destroy your dеviсеs. As I mentioned аbove: I’m monitoring аll your аctivity, so you either аgree to my terms or the vidеоs аre рublished.
Also, don’t forget thаt cryptocurrencies аre аnonymous, so it’s impossible to identify me using the provided аddrеss.
Good luck, my perverted friend. I hope this is the lаst time we heаr from eаch other.
And some friendly аdvice: from now on, don’t be so cаreless аbout your online security.
下面这个是我用DeepSeek翻译的版本。
( 试了好几次,同样的提示词感觉DPSK的翻译质量确实比其他家要好。
《你的隐私已全面泄露》
变态狂你好,这封邮件是通过你的微软账户发送的。
我要告诉你一个非常糟糕的消息。不过只要你配合,事情还有转圜余地。
听说过”飞马”间谍软件吗?它能悄无声息地植入电脑和手机,让黑客全面监控你的设备——包括摄像头、社交软件、电子邮件、通话记录等,安卓/iOS/macOS/Windows系统统统适用。说到这里,你应该明白我的意思了。
由于你平时随意点击网络链接,早在数月前我就通过漏洞在所有设备安装了该程序。这段时间里,我掌握了你的全部隐私,尤其发现了令人震惊的事实。
我录制了大量你观看极端争议色情影片自慰的视频。从这些”问题”影片几乎如出一辙的内容来看,我断定你有病态的变态癖好。
想必你不希望亲友同事看到这些内容。而我只需轻点鼠标,就能通过WhatsApp/Telegram/Instagram/Facebook/电子邮件等渠道,让你的所有联系人同时收到这些视频。这将像海啸般彻底摧毁你现在的生活。
别以为自己是什么无辜受害者。谁知道你的变态癖好今后会发展成什么样?就当这是让你悬崖勒马的应有惩罚。
我就像全知的神明。不过别慌,神明也有慈悲心——当然,我的慈悲需要代价。
请向我的莱特币(LTC)钱包转账1800美元:
ltc1qn408ru20d33vg702s7n9jawrzx6rzw3ahzgf2q
到账后我会立即:
1.删除所有视频
2.卸载所有设备上的间谍程序
3.永久消失。你大可放心,我只求财。否则早就直接公开视频了。
邮件打开后48小时内必须完成转账。若你不熟悉加密货币,搜索”加密货币交易所”或”购买莱特币”即可,操作比网购还简单。
严正警告:
1.不要回复此邮件(用你本人账户发送)
2.不要报警(我能监控设备,发现报警立即公开视频)
3.不要重置或损坏设备(所有操作都在我监控下)
温馨提示:莱特币地址无法追踪,别白费力气。
祝你好运,变态先生。建议今后上网时多长点心。
好家伙,这是看我博客太久没更新所以来催更了是吧。
然后我就去检查了一下我账户的登录记录。
很经典的弱密码爆破,还用上了代理。
但是很遗憾,宁可慢慢爆破去吧,我二十多位长度随机数字特殊符号大小写字母组合成的,这你能运气好试出来那这账号就归你了。
哦对了,我还开了双重验证哦。
所以只要不是从我这泄露Token出去,这号被盗的几率无穷小。
至于邮件里说的我的设备已经被安装了锡安恐怖分子制作的Pegаsus病毒?
你宁愿相信它给我植入了病毒;
你宁愿相信它手里真有数据;
你宁愿相信转账1800刀过去它真会删除数据;
你宁愿相信这些也不愿相信我是秦始皇。
这就是很典型的广撒网虚空勒索嘛,骗到一个是一个。
为什么说是广撒网呢?它甚至没有对被骗对象做特化。
你就看看WhatsApp/Telegram/Instagram/Facebook这一串,中国(大陆)人有几个用这些东西的?又有几个人网购是从Amazon上买东西的?
如果你这就被这封邮件唬住了,那只能说是非常遗憾了。
下次长点心吧。
好了,咱再来看点别的。
关于Microsoft Community那个帖子的回复里提到的查看邮件源,我一打开就看到SPF和DKIM直接炸了。
我也不知道这里面有没有机密信息,所以我截取一段给给各位看一下。
里面内容我看到觉得可能有问题的我就抹了哈。
Received: from SI2PR01MB4322.apcprd01.prod.exchangelabs.com (::1) by
SEYPR01MB5533.apcprd01.prod.exchangelabs.com with HTTPS; Thu, 17 Apr 2025
08:53:57 +0000
Received: from DU6P191CA0049.EURP191.PROD.OUTLOOK.COM (2603:10a6:10:53e::8) by
SI2PR01MB4322.apcprd01.prod.exchangelabs.com (2603:1096:4:1ae::6) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.34; Thu, 17 Apr
2025 08:53:54 +0000
Received: from DU6PEPF0000A7E3.eurprd02.prod.outlook.com
(2603:10a6:10:53e:cafe::93) by DU6P191CA0049.outlook.office365.com
(2603:10a6:10:53e::8) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8655.18 via Frontend Transport; Thu,
17 Apr 2025 08:53:52 +0000
Authentication-Results: spf=fail (sender IP is 149.126.200.251)
smtp.mailfrom=hotmail.com; dkim=none (message not signed)
header.d=none;dmarc=fail action=none header.from=hotmail.com;compauth=fail
reason=001
Received-SPF: Fail (protection.outlook.com: domain of hotmail.com does not
designate 149.126.200.251 as permitted sender)
receiver=protection.outlook.com; client-ip=149.126.200.251;
helo=xwhisperglide.com;
Received: from xwhisperglide.com (149.126.200.251) by
DU6PEPF0000A7E3.mail.protection.outlook.com (10.167.8.41) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.8655.12 via Frontend Transport; Thu, 17 Apr 2025 08:53:52 +0000
然后我自己给自己传了封测试邮件,这是结果:
这是元数据的一段。
Received: from SY2PPF6DD86D4C5.AUSP282.PROD.OUTLOOK.COM (2603:10c6:18::21f) by
ME0P282MB5492.AUSP282.PROD.OUTLOOK.COM with HTTPS; Mon, 19 May 2025 23:58:14
+0000
ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass;
b=***
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=***;
b=***
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
52.103.72.5) smtp.rcpttodomain=outlook.com smtp.mailfrom=outlook.com;
dmarc=pass (p=none sp=quarantine pct=100) action=none
header.from=outlook.com; dkim=pass (signature was verified)
header.d=outlook.com; arc=pass (0 oda=0 ltdi=1)
Received: from BYAPR02CA0065.namprd02.prod.outlook.com (2603:10b6:a03:54::42)
by SY2PPF6DD86D4C5.AUSP282.PROD.OUTLOOK.COM (2603:10c6:18::21f) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8746.31; Mon, 19 May
2025 23:58:12 +0000
Received: from SJ1PEPF00001CE6.namprd03.prod.outlook.com
(2603:10b6:a03:54:cafe::ca) by BYAPR02CA0065.outlook.office365.com
(2603:10b6:a03:54::42) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8746.29 via Frontend Transport; Mon,
19 May 2025 23:58:12 +0000
Authentication-Results: spf=pass (sender IP is 52.103.72.5)
smtp.mailfrom=outlook.com; dkim=pass (signature was verified)
header.d=outlook.com;dmarc=pass action=none
header.from=outlook.com;compauth=pass reason=100
Received-SPF: Pass (protection.outlook.com: domain of outlook.com designates
52.103.72.5 as permitted sender) receiver=protection.outlook.com;
client-ip=52.103.72.5; helo=SY8PR01CU002.outbound.protection.outlook.com;
pr=C
Received: from SY8PR01CU002.outbound.protection.outlook.com (52.103.72.5) by
SJ1PEPF00001CE6.mail.protection.outlook.com (10.167.242.22) with Microsoft
SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8769.18
via Frontend Transport; Mon, 19 May 2025 23:58:11 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:***;SizeAsReceived:7162;Count:38
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=***
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=***;
b=***
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=***;
b=***
Received: from ME0P282MB5492.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:245::10)
by SY4P282MB1177.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:b2::15) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8746.31; Mon, 19 May
2025 23:58:09 +0000
Received: from ME0P282MB5492.AUSP282.PROD.OUTLOOK.COM
([fe80::475b:402e:152a:e776]) by ME0P282MB5492.AUSP282.PROD.OUTLOOK.COM
([fe80::475b:402e:152a:e776%6]) with mapi id 15.20.8746.030; Mon, 19 May 2025
23:58:09 +0000
你看嘛,如果真是自己给自己发邮件的话包有有效签名的。
