This didn't happen to me, I'm just passing on the info in interest of protecting people or getting some answers
short version: a day or two ago, aethero received a wallet.dat from someone who claimed they couldn't open it, asking for help. thinking it was harmless, he tried to open it, and believes it was an exploit. Seisatsu mentions that LRP tried the same thing on him
[12-19 17:56] <aethero> ;;rate lrp -10 Sent me the currupted and most likely hostile wallet.dat file
[12-19 17:57] <+TheButterZone>
http://66.68.146.89/otc/query.php?imperial[12-19 17:57] <@gribble> Rating entry successful. Your rating of -10 for user lrp has been recorded.
[12-19 17:57] <Keltic> he still an asshole?
[12-19 17:57] <Seisatsu> ah
[12-19 17:57] <+ReliableSource> aethero: lrp was the one with the .dat fil??
[12-19 17:57] <Seisatsu> He was telling me last night
[12-19 17:57] <aethero> Believe so
[12-19 17:57] <+ReliableSource> wow
[12-19 17:57] <+ReliableSource> this guy gets around
[12-19 17:57] <Seisatsu> how his bitcoin software kept crashing
[12-19 17:57] <aethero> Yes
[12-19 17:57] <Seisatsu> and he'd send me his wallet so I could get his key out
[12-19 17:57] <aethero> Its a wallet.dat file with exploit code.
[12-19 17:57] <Seisatsu> so he could auth
[12-19 17:57] QUIT , Reite , , *!~Reite@cm-84.211.71.25.getinternet.no , "Ping timeout: 276 seconds"
[12-19 17:57] <aethero> I had to format the moment I opened it in my qt
[12-19 17:57] <+ReliableSource> please post about this on the forums
[12-19 17:57] <aethero> DO NOT OPEN HOSTILE WALLET.DAT FILES
[12-19 17:57] <Seisatsu> when he found out I was going to use a third party program to extract the key
[12-19 17:57] <Seisatsu> he never sent it
[12-17 19:02] JOIN , MountainDew , #bitcoin-otc , *!4c7c225d@gateway/web/freenode/ip.76.124.34.93 ,
...
[12-17 19:22] <MountainDew> and blockchain.info won't import my wallet.dat
[12-18 10:53] <aethero> **[PUBLIC SERVICE ANNOUNCEMENT] Do _not_ open wallet.dat files in your bitcoin client unless they are from a trusted person.
[12-18 10:53] <+jcpham> can -qt execute a binary
[12-18 10:53] <Enrico1> sounds like a basic thing
[12-18 10:53] <aethero> Apparently there is an exploit. I was infected last night by a hostile wallet.dat file.
[12-18 10:53] <+jcpham> code excution is a basic thing
[12-18 10:54] <Enrico1> you'd think that "wallet" files would be like the bitcoin "documents", things that can be "opened" by the bitcoin program
[12-18 10:54] JOIN , praeconium , #bitcoin-otc , *!~praeconiu@46.33.222.148 ,
[12-18 10:54] <+jcpham> i wouldn't think that in a windows environment
[12-18 10:54] <+jcpham> anything is possible in windows now
[12-18 10:54] <+Cusipzzz> aethero: you sure it was wallet.dat and not walletdat.exe?
[12-18 10:54] JOIN , manuelol , #bitcoin-otc , *!579f9b93@gateway/web/freenode/ip.87.159.155.147 ,
[12-18 10:54] <aethero> Yes.
[12-18 10:54] <FonziScheme> thanks, aethero. (but why would you open a strange wallet.dat? I'm curious)
[12-18 10:54] <Enrico1> but if bitcoin has this problem, it's quite a problem
[12-18 10:54] <savetheintermac> aethero: did it manage to steal any of your coins? (i assume that's its purpose)
[12-18 10:55] <aethero> Nope. I keep all of my coins in an offline cold wallet.
[12-18 10:55] <+jcpham> so common sense is still common sense
[12-18 10:55] <+Cusipzzz> would like to see the file, assuming no money in it of course
[12-18 10:55] <aethero> Cusipzzz PMing
[12-18 10:55] <+jcpham> me too!
[12-18 10:55] <+Cusipzzz> did you post it on the forums?
[12-18 10:55] <aethero> Not yet
[12-18 10:55] <FonziScheme> me 3!
[12-18 10:55] <aldur1> any prodigy fans here?
[12-18 10:56] <+jcpham> i want it,especially if it's a binary
[12-18 10:56] <+jcpham> also i think aethero uses armory
[12-18 10:57] <+jcpham> if screenshot memory serves me correctly
[12-18 10:57] <+Cusipzzz> ahhh, armory? may explain it. prob intentional, from the devs
[12-18 10:57] JOIN , Cylta , #bitcoin-otc , *!~user@94.197.127.86.threembb.co.uk ,
[12-18 10:57] <aldur1> FonziScheme: you in the uk?
[12-18 10:57] <aldur1> i have some spare tickets for tonights london gig
[12-18 10:58] <FonziScheme> nope. USA
[12-18 10:58] <aldur1>
[12-18 10:58] <+jcpham> i'm what you call a visual learner
[12-18 10:58] <+jcpham> difficult to forget what i see
[12-18 10:58] <+Cusipzzz> prodigy was pretty good. cheaper than Compuserve too
[12-18 10:58] <manuelol> the user savetheintermac(here in the chat) identified himself to me as the user savetheinternet,which i checked with the command
[12-18 10:58] <manuelol> is it then okay to deal with him?
[12-18 10:58] <FonziScheme> I think savetheintermac == savetheinternet. is he authed?
[12-18 10:59] <FonziScheme> ;;ident savetheintermac
[12-18 10:59] <+pigeons> ;;gettrust manuelol [ident savetheintermac]
[12-18 10:59] <@gribble> Trust relationship from user manuelol to user savetheinternet: Level 1: 0, Level 2: 0 via 0 connections. Graph:
http://serajewelks.bitcoin-otc.com/trustgraph.php?source=manuelol&dest=savetheinternet[12-18 10:59] <+jcpham> ;;ident FonziScheme
[12-18 10:59] <@gribble> Nick 'FonziScheme', with hostmask 'FonziScheme!farg@unaffiliated/fbastage', is not identified.
[12-18 10:59] <FonziScheme> gribble says he's savetheinternet [12-18 11:00:13] <gribble> Nick 'savetheintermac', with hostmask 'savetheintermac!~sti@CPE-58-175-28-253.mqdl1.lon.bigpond.net.au', is identified as user savetheinternet, with GPG key id 080CC10AC3E7E093, key fingerprint 9D8100004B70196CD780C3C0080CC10AC3E7E093, and bitcoin address None
[12-18 10:59] <+pigeons> ;;gettrust [ident savetheintermac]
[12-18 10:59] <@gribble> Trust relationship from user pigeons to user savetheinternet: Level 1: 0, Level 2: 7 via 5 connections. Graph:
http://serajewelks.bitcoin-otc.com/trustgraph.php?source=pigeons&dest=savetheinternet[12-18 11:01] <aethero> Cusipzzz no, this had nothing to do with armory
[12-18 11:01] <aethero> I specifically loaded this in bitcoin-qt
[12-18 11:02] <+pigeons> where did you get the file? what happened?
[12-18 11:02] <manuelol> yes i get the in gribble this ...is identified as user savetheinternet, with GPG key id....
[12-18 11:03] <+jcpham> so no armoury
[12-18 11:03] <+jcpham> this is a -qt wallet
[12-18 11:03] <+jcpham> what is the source, be vague
[12-18 11:03] <aethero> I no longer have logs as I immedately pulled my net connection and wiped my system, but there was a guy in here last night who was having issues with his wallet.dat file. He asked for help because the wallet.dat crashed his QT every time he loaded it. I grabbed the file and loaded it in mine.
[12-18 11:04] * gribble sets mode: +v StoneHead
[12-18 11:04] <+jcpham> hrm
[12-18 11:04] <aethero> He needed to auth with gribble using one of the private keys
[12-18 11:04] <+jcpham> so i need a new virtual machine for this
[12-18 11:04] <+jcpham> that's what you are saying to me
[12-18 11:04] <aethero> Yes
[12-18 11:04] <+jcpham> with -qt
[12-18 11:04] <aethero> I was going to spin up a VM for it, but I figured there was almost 0 chance of there being an exploit
[12-18 11:05] <FonziScheme> and what do you mean when you say you were "infected"? what happend?
[12-18 11:05] <FonziScheme> also, which version of qt were you running?
[12-18 11:05] <Enrico1> you can't tell these things. it's not like the flu that you can tell when you are ill
[12-18 11:05] <+jcpham> actually i don't need a vm
[12-18 11:06] <FonziScheme> and yet, he's telling us these things
[12-18 11:06] <+jcpham> i have a pc right here i can throw away
[12-18 11:06] <+helo> pcs have feelings too
[12-18 11:06] <aethero> I dont remember. It was either latest stable or the one right before that. I was able to sign a message for him to change nicks with gribble. The wallet showed 2.6 coins in it, which I attempted to send, which is when the QT client crashed. I think I still have a pic of the error message, one sec
[12-18 11:07] <Enrico1> a core dump would be better, but i guess you are on windows?
[12-18 11:07] QUIT , darkee| , , *!~darkee@gateway/tor-sasl/darkee , "Read error: Connection reset by peer"
[12-18 11:07] JOIN , Sealy , #bitcoin-otc , *!~Sealy@unaffiliated/sealy ,
[12-18 11:07] <+pigeons> it crashed, but what made you think it tried to execute code or was even crafted to crash?
[12-18 11:07] JOIN , darkee| , #bitcoin-otc , *!~darkee@gateway/tor-sasl/darkee ,
[12-18 11:08] <aethero> Well, his behavior the whole time was suspicious, so after it crashed I checked for any unknown processes. There was a new startup entry that I did not recognize in autoruns
[12-18 11:08] <aethero> At that point I pulled my net connection and formatted
[12-18 11:08] JOIN , a5m0 , #bitcoin-otc , *!~a5m0@cpe-76-187-157-34.tx.res.rr.com ,
[12-18 11:08] QUIT , a5m0 , , *!~a5m0@cpe-76-187-157-34.tx.res.rr.com , "Changing host"
[12-18 11:08] JOIN , a5m0 , #bitcoin-otc , *!~a5m0@unaffiliated/a5m0 ,
[12-18 11:08] <+pigeons> and you don't have a backup of the file?
[12-18 11:08] QUIT , taub , , *!~taub@ip-109-47-246-56.web.vodafone.de , "Read error: Connection reset by peer"
[12-18 11:08] <aethero> I already PM'd the wallet.dat to Cusipzzz and jcpham
somewhat related news, LRP allegedly scammed Seisatsu and bottles in #bitcoin-otc
