|
mralbi (OP)
|
 |
November 18, 2012, 10:18:06 AM |
|
it was windows 7 operating system, i still dont know 100% how i got infected, but it was for sure some trojan horse with keylogger.
Thanks for the info. maybe I really have a chance to catch as soon as he tries to convert to FIAT currency
|
|
|
|
|
|
|
|
|
|
|
|
|
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, but full nodes are more resource-heavy, and they must do a lengthy initial syncing process. As a result, lightweight clients with somewhat less security are commonly used.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
Jaw3bmasters
Full Member
 Offline
Activity: 196
Merit: 100
Another block in the wall
|
|
November 18, 2012, 12:23:35 PM |
|
it was windows 7 operating system, i still dont know 100% how i got infected, but it was for sure some trojan horse with keylogger.
Thanks for the info. maybe I really have a chance to catch as soon as he tries to convert to FIAT currency
Have you ever thought, maybe the Bitcoins were crying out for freedom, yearning to flow among exotic wallets, being one with the community. I guess they got tired of being hoarded. The attacker will be seen as a liberator. Stockholm Syndrome will take effect soon. At this point, it's hopeless dude. |
In Cryptography we trust.
|
|
|
MysteryMiner
Legendary
Offline
Activity: 1470
Merit: 1029
Show middle finger to system and then destroy it!
|
|
November 18, 2012, 12:31:39 PM |
|
Op still haven't told how he got infected.
Now I'm all paranoid.
Damn inconvenience of additional security.
Most likely it was a trojan binded to some executable file that OP run. Also it can be a 0-day exploit on system or some misconfiguration of computer such as reused passwords or something. I suppose it was a windows operating system?
Likely Windows, because to infect Windows you need to double click file. To infect Linux you need to use SU. It is a sanity check and dumbness filter. Message to the thief if he is reading this: I will launder the coins for a small fee. Additional guarantees available. Price and other terms negotiable. Also I can give instructions for do-it-yourself laundering. OP is not going to pay me for my great knowledge! |
bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
|
|
|
|
BTCurious
|
|
November 18, 2012, 12:34:45 PM |
|
For me it's also on Windows 7, and it is indeed probably some trojan*, but it's one that can read password fields, not just keylogging. One of my accounts he got into has a password that I don't physically type.
*I don't remember clicking any, but who knows.
|
|
|
|
MysteryMiner
Legendary
Offline
Activity: 1470
Merit: 1029
Show middle finger to system and then destroy it!
|
|
November 18, 2012, 12:36:18 PM |
|
Most trojans are like remote desktop or Radmin that can give full control over computer. This is nothing special.
|
bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
|
|
|
|
sippsnapp
|
|
November 18, 2012, 01:29:30 PM
Last edit: November 18, 2012, 02:20:07 PM by sippsnapp |
|
The attacker used IP address 178.176.96.4 for one of the exchanges he logged into. He withdrew coins to this address: 15TDgQpCaNjxyBpi7Jp6EmZW1bHAEaxTxYUnused, and the coins have not yet been moved. Interesting, most popular way to spread a virus is warez & exploit kits. http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=49933867http://www.utrace.de/whois/178.176.96.4http://www.utrace.de/ip-adresse/178.177.115.29I would contact this ISP However, russian hosting are not very responsive unless the is a court ruling, maybe offer them the bounty xD. EDIT: There are professional private detectives located in russia of course, maybe thats an option, no idea how much they charge and how high the success probability is. |
Πάντα ῥεῖ
Bitcoin + Altcoin node pool setup - pm
|
|
|
miner-man
Newbie
Offline
Activity: 6
Merit: 0
|
|
November 18, 2012, 02:32:46 PM |
|
Op still haven't told how he got infected.
Now I'm all paranoid.
Damn inconvenience of additional security.
Nothing to worry about too much, download Comodo firewall its a good program for monitoring and blocking any malicious connections. Most malware is spread the traditional way such as via torrents, Youtube, drive by's etc. So staying protected just means staying wise and being cautious of sites you visit and files you download. |
|
|
|
|
|
prezbo
|
|
November 18, 2012, 02:37:16 PM |
|
Op still haven't told how he got infected.
Now I'm all paranoid.
Damn inconvenience of additional security.
If you're worried just send bitcoins to a paper wallet, and you'll be fine. |
|
|
|
|
Jaw3bmasters
Full Member
Offline
Activity: 196
Merit: 100
Another block in the wall
|
|
November 18, 2012, 03:18:29 PM |
|
Most malware is spread the traditional way such as via torrents, Youtube, drive by's etc. So staying protected just means staying wise and being cautious of sites you visit and files you download.
Isn't it possible to port scan then buffer overflow whatever listening service? |
In Cryptography we trust.
|
|
|
miner-man
Newbie
Offline
Activity: 6
Merit: 0
|
|
November 18, 2012, 03:20:29 PM |
|
Most trojans are like remote desktop or Radmin that can give full control over computer. This is nothing special.
Yeah all it is, is either a RAT or IRC/HTTP bot which has downloaded and executed a open source wallet stealer which uploads the wallet to an FTP. If its a rat then the attacker would of just used remote file manager. Either way nothing special, having the binary used however would allow us to find the point of origin. Especially if a RAT was used because they make connection to the attacker themselves and not a centralized command and control server. I think OP you being infected and having your wallet stolen would of been in the time frame of 24 hours max. So thinking back to when your had you wallet stolen anything within a day of downloading some form of exe would help. Not only would you wallet of been stolen but you would of probably fell victim to the attacker actually mining on your computer. This is something else that saddens me because people who do this do very little to hide the login and password to the Pool they are mining for  . I would try a simple dictionary attack on the mail.ru for the email however I do not posses and Russian based pass lists. Either way ill keep trying and see what I can find. Why does this happen to other people and not me, I WANT to be infected by such malware . |
|
|
|
|
Jaw3bmasters
Full Member
Offline
Activity: 196
Merit: 100
Another block in the wall
|
|
November 18, 2012, 03:21:46 PM |
|
If you're worried just send bitcoins to a paper wallet, and you'll be fine.
Cold-storage? Agreed. That's why I'm annoyed with the inconvenience of that security. |
In Cryptography we trust.
|
|
|
|
prezbo
|
|
November 18, 2012, 04:54:12 PM |
|
If you're worried just send bitcoins to a paper wallet, and you'll be fine.
Cold-storage? Agreed. That's why I'm annoyed with the inconvenience of that security. I hope multisig transactions will soon be implemented in a way that they are easy to use, that will make things a lot safer. |
|
|
|
|
MysteryMiner
Legendary
Offline
Activity: 1470
Merit: 1029
Show middle finger to system and then destroy it!
|
|
November 18, 2012, 05:35:04 PM |
|
Nothing to worry about too much, download Comodo firewall its a good program for monitoring and blocking any malicious connections. 3-rd party software firewalls are shit. Windows7 built-in firewall is great if configured properly, but firewall is like last line of defense if malicious code already is executed on computer. Advanced malware can disable all software firewalls. And they are useless if lamer does not know how to use them properly. Most malware is spread the traditional way such as via torrents, Youtube, drive by's etc. So staying protected just means staying wise and being cautious of sites you visit and files you download. Most malware is spread by social engineering retards into downloading and running the malware on computer. So You are correct. Isn't it possible to port scan then buffer overflow whatever listening service? Not anymore. You need to have service with working exploit accessible from outside. Router/NAT between your computer and internet prevent this. The address space layout randomization and data execution prevention makes these types of attacks very hard. Yeah all it is, is either a RAT or IRC/HTTP bot which has downloaded and executed a open source wallet stealer which uploads the wallet to an FTP. If its a rat then the attacker would of just used remote file manager. The FTP wallet stealer was more proof of concept code than real malware but I know it was used successfully on many times  For grabbing the password you need RAT. Either way nothing special, having the binary used however would allow us to find the point of origin. Especially if a RAT was used because they make connection to the attacker themselves and not a centralized command and control server. The best rats now use Tor and Tor hidden services for C&C. But the RAT or the haxor might not be so advanced and it really might contain some leads. Why does this happen to other people and not me, I WANT to be infected by such malware You are too smart to infect your own computer Cold-storage? Agreed. That's why I'm annoyed with the inconvenience of that security. Second computer for cold wallet without network connection and Armory on both of them is workable solution. Offline computer might be any computer capable of running WindowsXP such as Pentium3 or 4. They are really cheap. You don't need to keep 2000 coins online. I hope multisig transactions will soon be implemented in a way that they are easy to use, that will make things a lot safer. They will not be completely safe and will create additional problems. Armory and offline wallets are the way to go. |
bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
|
|
|
|
thebaron
|
|
November 18, 2012, 05:42:22 PM |
|
Nothing will ever protect against the competency of the operator.
|
|
|
|
|
|
prezbo
|
|
November 18, 2012, 05:57:48 PM |
|
I hope multisig transactions will soon be implemented in a way that they are easy to use, that will make things a lot safer. They will not be completely safe and will create additional problems. Armory and offline wallets are the way to go. Obviously nothing will ever be as safe as cold storage. Unfortunately, armory is far from being user friendly (it requires shitload of memory, for starters). Multisig txs seem to be like a decent solution when needing good security and easy access to bitcoins. Obviously cold storage will still be the way to go for any large amount of coins. |
|
|
|
|
|
prezbo
|
|
November 18, 2012, 06:48:24 PM |
|
Because I cannot post to the thread in Bitcoin/Legal I'm posting this here. Yes i could prove this, i have a backup copy of the wallet.dat and everything is connected to me (my identity) via mtgox
In case you're not aware of it, you can prove ownership of any address by signing a message with the corresponding private key. You can use brainwallet.org to do this. |
|
|
|
|
malevolent
can into space
Legendary
Offline
Activity: 3472
Merit: 1721
|
|
November 18, 2012, 06:56:05 PM |
|
600 BTC (~$7000 at current rates) is a lot of money, I hope the thief made (or will make) some mistake along the way, I wish I could help but my knowledge of how the bitcoin/blockchain works is poor.
|
Signature space available for rent.
|
|
|
|
sippsnapp
|
|
November 18, 2012, 07:22:56 PM |
|
600 BTC (~$7000 at current rates) is a lot of money, I hope the thief made (or will make) some mistake along the way, I wish I could help but my knowledge of how the bitcoin/blockchain works is poor.
yep, for this bucks you can eventually get things moving even in russia^^. |
Πάντα ῥεῖ
Bitcoin + Altcoin node pool setup - pm
|
|
|
Jutarul
Donator
Legendary
Offline
Activity: 994
Merit: 1000
|
|
November 18, 2012, 07:29:19 PM |
|
Nothing will ever protect against the competency of the operator.
There are a lot of people who demand that bitcoin is not user friendy and should be plug-and-playable. When I see thefts like this, I'd rather demand the opposite. Maybe that'll force people to understand which precautions are necessary to avoid digital theft. |
|
|
|
|
BTCurious
|
|
November 18, 2012, 09:08:14 PM |
|
Not to burst the little mutual agreements you guys seem to be having, but I don't regard myself as a retard who was social engineered to click yes to every dialog box. I use a separate password for every site, have encrypted backups of my wallet and gpg identity, use 2-factor authentication whenever possible, and don't just execute random stuff.
Apparently, that isn't enough. Granted, some of those habits prevented much larger losses: I only lost 101 Bitcoins because the attacker couldn't access my accounts with 2-factor authentication, and I had no Bitcoins in my wallet. However, my wallet encryption means nothing if my computer is compromised, and technically I should consider my gpg identity compromised as well, which sucks major ass.
The thing is, it doesn't take a retard to have an unsecure computer. It only takes one slip-up, or sometimes not even that (0-days).
So what would be the best way to make something secure, but still usable? (ie, not cold storage, I need to trade my coins on exchanges) My current plan is to buy a lightweight netbook, carry it with me all the time, put ubuntu and full-disk encryption on it, and only do bitcoin stuff from there.
Oh, and I'll try to find out what infected me, but it might take a while.
|
|
|
|
|
