Bitcoin Forum

Bitcoin => Development & Technical Discussion => Topic started by: r.willis on April 07, 2013, 07:55:18 AM



Title: [ATTN] New trojan spreads through skype and (possibly) steals wallet.dat.
Post by: r.willis on April 07, 2013, 07:55:18 AM
http://www.securelist.com/en/blog/208194206/An_avalanche_in_Skype
Quote
There is a new malicious ongoing campaign on Skype. It’s active and kicking yet.
The infection vector is via social engineering abusing infected Skype by sending massive messages to the contacts like these ones:
i don't think i will ever sleep again after seeing this photo http://www.goo.gl/XXXXX?image=IMG0540250-JPG
tell me what you think of this picture i edited http://www.goo.gl/XXXXX?image=IMG0540250-JPG
<snip>
Finally something interesting is this:
http://www.securelist.com/en/images/pictures/klblog/208194209.png
And similar malware spreads bitcoin miner:
http://www.securelist.com/en/blog/208194210/Skypemageddon_by_bitcoining
Quote
So what does malware do? To be honest many things but one of the most interesting is it turns the infected machine to a slave of the bitcoin generator. The usage of CPU grows up significantly. Here is an example:
http://www.securelist.com/en/images/pictures/klblog/208194215.png
The mentioned process runs with the command ?bitcoin-miner.exe -a 60 -l no -o http://suppp.cantvenlinea.biz:1942/ -u XXXXXX0000001@gmail.com -p XXXXXXXX (sensitive data was replaced by XXXXXX) It abuses the CPU of infected machine to mine Bitcoins for the criminal.


Title: Re: [ATTN] New trojan spreads through skype and (possibly) steals wallet.dat.
Post by: Severian on April 07, 2013, 07:58:08 AM
Bitcoin on Windows?

*shudder*


Title: Re: [ATTN] New trojan spreads through skype and (possibly) steals wallet.dat.
Post by: Bit_Happy on April 07, 2013, 08:24:40 AM
Bitcoin on Windows?

*shudder*

Bitcoin $150 each way too soon?
*shudder*   


Title: Re: [ATTN] New trojan spreads through skype and (possibly) steals wallet.dat.
Post by: MaGNeT on April 07, 2013, 08:30:50 AM
- Use long passphrase wallet.dat encryption (>20 characters).
- Keep at least one copy offline.

Now they can steal your wallet.dat and you still have plenty of time to send the coins to another wallet and change the receiving adresses at pools and exchanges.



Title: Re: [ATTN] New trojan spreads through skype and (possibly) steals wallet.dat.
Post by: luffy on April 07, 2013, 08:37:48 AM
How do you realize that your wallet has been stolen before it is too late?


Title: Re: [ATTN] New trojan spreads through skype and (possibly) steals wallet.dat.
Post by: r.willis on April 07, 2013, 09:06:03 AM
How do you realize that your wallet has been stolen before it is too late?
This, and they can log your passphrase just fine.


Title: Re: [ATTN] New trojan spreads through skype and (possibly) steals wallet.dat.
Post by: MaGNeT on April 07, 2013, 10:29:14 AM
How do you realize that your wallet has been stolen before it is too late?
This, and they can log your passphrase just fine.

That's another reason to have one wallet for trading and one offline for keeping.


Title: Re: [ATTN] New trojan spreads through skype and (possibly) steals wallet.dat.
Post by: Jobe7 on April 07, 2013, 10:44:14 AM
or don't use skype, I hate skype.

Or have a separate laptop/desktop that you use skype on.


Title: Re: [ATTN] New trojan spreads through skype and (possibly) steals wallet.dat.
Post by: MaGNeT on April 07, 2013, 10:50:03 AM
or don't use skype, I hate skype.

Or have a separate laptop/desktop that you use skype on.

+1


Title: Re: [ATTN] New trojan spreads through skype and (possibly) steals wallet.dat.
Post by: Dabs on April 07, 2013, 02:29:01 PM
My computer is bare bones OS and office only. Everything else is either installed and run, or portable (as in portable apps, run from its own directory.) I use Deep Freeze to essentially make my computer it's own virtual machine. Once rebooted or shut down, it reverts back to it's "clean" state.

I don't use Skype or Yahoo messenger or any other software. If I have to use them, I download the app, save it somewhere, reboot (optional), install the app, use it, then reboot or shutdown as appropriate.

Now, my computer could be subject to some zero day malware, but I find that unlikely. I almost always sit behind some hardware firewall (router) and the other computers in the network have different anti-virus / anti-malware installed.

Or I could always take a look at GMER. (rootkit detector).