IH-Antonio (OP)
Member
Offline
Activity: 79
Merit: 10
|
|
November 27, 2016, 07:54:41 AM Last edit: December 04, 2016, 11:18:31 AM by IH-Antonio |
|
Just downloaded the latest Bitcoin Core from bitcoin.org, scanned it at https://www.virustotal.comAnd bingo SHA256 from bitcoin-qt.exe 90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338 SHA256 from the bitcoin core zip file match the right one: 3956daf2c096c4002c2c40731c96057aecd9f77a559a4bc52b409cc13d1fd3f2 bitcoin-0.13.1-win64.zip Edit: The SHA256 match the signatures specified in the Bitcoin.org website Link to the scanner results: https://www.virustotal.com/es/file/90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338/analysis/AegisLab Uds.Dangerousobject.Multi!c 20161127 Kaspersky Trojan.MSIL.CoinStealer.km 20161127 Rising Trojan.CoinStealer!8.168F-c5irH5Q00gL (cloud) 20161127 Edit2: Seems like the Rising antivirus doesnt mark it anymore as a malware. Edit 2.1: Added again as malware Edit3: I see that the 32 bits binary is totally clean in virustotal. This only happen with the 64 bits binary of bitcoin-qt.exe Edit4: Confirmed. Kaspersky deletes the file on sight, and more antivirus marked the file as infected. Doesnt seems to be a false positive.
|
Donations for keeping x2 Bitcoin Full Node online 24/7 are welcome: 14GPNioy3mi3D9iMge67j5UAoEy5hT4btn
|
|
|
dsattler
Legendary
Offline
Activity: 924
Merit: 1000
|
|
November 27, 2016, 08:12:33 AM |
|
This is serious. Chances are that this is a false positive (I hope so). Please report back to bitcoin.org!
|
Bitcointalk member since 2013!
|
|
|
monsanto
Legendary
Offline
Activity: 1241
Merit: 1005
..like bright metal on a sullen ground.
|
|
November 27, 2016, 09:17:30 AM |
|
https://securelist.com/blog/virus-watch/58553/analysis-of-malware-from-the-mtgox-leak-archive/The malware creates and executes the TibanneSocket.exe binary and searches for the files bitcoin.confand wallet.dat v the latter is a critical data file for a Bitcoin crypto-currency user: if it is kept unencrypted and is stolen, cybercriminals will gain access to all Bitcoins the user has in his possession for that specific account.
|
|
|
|
~Bitcoin~
Legendary
Offline
Activity: 994
Merit: 1000
|
|
November 27, 2016, 09:41:37 AM |
|
I think you have to have better look at this https://bitcoin.org/en/alert/2016-08-17-binary-safety Furthermore, we recommend verifying your download using signatures from multiple developers using the gitian signatures repository. And also report this to bitcoin.org team.
|
| ligma | | | | ███ ███ █ ███ █ ███ █ ███ █ ███ █ ███ █ ███ █ ███ █ ███ █ ███ ███ ███ | | ███ ███ ███ █ ███ █ ███ █ ███ █ ███ █ ███ █ ███ █ ███ █ ███ █ ███ ███ | | |
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1520
No I dont escrow anymore.
|
|
November 27, 2016, 09:45:08 AM Last edit: November 27, 2016, 10:07:08 AM by shorena |
|
Why? I only see 3 options here. #1 bitcoin devs did slip malware in the code, what do you expect them to do if you tell them you found it? Confess? #2 bitcoin devs did not slip malware in the code, its a false positive. Contacting them is useless, because they cant change the situation. Contact the anti virus vendor instead.#3 bitcoin devs did not slip malware in the code, its not a false positive. Verifiying you are downloading the real thing solves this without contacting anyone.
|
Im not really here, its just your imagination.
|
|
|
IH-Antonio (OP)
Member
Offline
Activity: 79
Merit: 10
|
|
November 27, 2016, 09:51:58 AM |
|
Why? I only see 3 options here. #1 bitcoin devs did slip malware in the code, what do you expect them to do if you tell them you found it? Confess? #2 bitcoin devs did not slip malware in the code, its a false positive. Contacting them is useless, because they cant change the situation. Contact the anti virus vendor instead.#3 bitcoin devs did not slio malware in the code, its not a false positive. Verifiying you are downloading the real thing solves this without contacting anyone. The SHA256 signatures match the signatures specified by bitcoin.org. I will contact ASAP Bitcoin.org and some antivirus vendors...
|
Donations for keeping x2 Bitcoin Full Node online 24/7 are welcome: 14GPNioy3mi3D9iMge67j5UAoEy5hT4btn
|
|
|
BiTZeD
|
|
November 27, 2016, 09:52:38 AM |
|
For me, its sounds like a false positive, but if you downloaded it from shady sources, be careful.
|
|
|
|
LFC_Bitcoin
Legendary
Offline
Activity: 3584
Merit: 9871
#1 VIP Crypto Casino
|
|
November 27, 2016, 11:26:43 AM |
|
This is terrible, I don't supppse you'll ever know the full truth here though. I'm hesitant to upgrade my Core Client to 0.13.1 now.
|
|
|
|
Kprawn
Legendary
Offline
Activity: 1904
Merit: 1074
|
|
November 27, 2016, 11:41:42 AM |
|
Sites like https://www.virustotal.com makes use of Heuristics and code that might look or behave like a virus, will be flagged. Do you really think code that are not proprietary, would hide viruses or Malware? It is under constant scrutiny from competitors to find "weakpoints" to discredit it, so why would people insert Malware on purpose? Make sure you are downloading it from "trusted" sites.
|
|
|
|
ashiqdey
|
|
November 27, 2016, 01:02:30 PM |
|
Malware creator always keeps eye on prey that where they could ignite their malware on system. And bitcoin software is one such source through which they could spead their bad codes. We should be really carefull even with bitcoin softwares also.
|
|
|
|
achow101
Staff
Legendary
Offline
Activity: 3444
Merit: 6748
Just writing some code
|
|
November 27, 2016, 04:14:42 PM |
|
There is no problem here. If the hashes match and you properly verify the download by following: https://bitcointalk.org/index.php?topic=1588906.0 then there will be absolutely no problems. The AV warnings are all false positives. They usually flag Bitcoin Core as a coin stealer (because it looks for a wallet.dat since it creates the file) or a bitcoin miner (because it contains a miner in the software if you want to mine on regtest or testnet).
|
|
|
|
pereira4
Legendary
Offline
Activity: 1610
Merit: 1183
|
|
November 27, 2016, 04:21:16 PM |
|
If the hashes match with bitcoin.org then there's nothing to worry about, just false positives. It happens all the time. I remember back in the day when I used to mine altcoins with my humble graphics card, the mining software started to show up as malware because the developers of antivirus and anti malware tools decided so... I don't understand why they would label bitcoin malware, unless someone with an agenda is paying them to do so?
It could always be that bitcoin.org got compromised and the hashes got changed but that would quickly be spotted and core developers would post about it here or tweet or whatever.
|
|
|
|
Yakamoto
Legendary
Offline
Activity: 1218
Merit: 1007
|
|
November 27, 2016, 04:29:45 PM |
|
I'm essentially parroting what everyone else has said in the thread so far; if there are matching hash keys and you got it from a respectable source, or your usual one, then it should be fine.
I'd be incredibly surprised if the core team slipped malware in, but you never know for sure.
|
|
|
|
rapazev
|
|
November 27, 2016, 04:43:58 PM |
|
Why? I only see 3 options here. #1 bitcoin devs did slip malware in the code, what do you expect them to do if you tell them you found it? Confess? #2 bitcoin devs did not slip malware in the code, its a false positive. Contacting them is useless, because they cant change the situation. Contact the anti virus vendor instead.#3 bitcoin devs did not slip malware in the code, its not a false positive. Verifiying you are downloading the real thing solves this without contacting anyone. Maybe: #4 bitcoin devs didnt slip the malware, but a security breach allowed a hack to do it. Contact them to solve the problem.
|
|
|
|
NorrisK
Legendary
Offline
Activity: 1946
Merit: 1007
|
|
November 27, 2016, 05:19:17 PM |
|
It is most likely a false positive.
Any serious malware dev will write something that is not going to be detected by a website like virustotal if they want to make a big splash. Best to notify the devs that this happens so they can fix it. There is probably a small part of code that triggers this.
Until an official response, I wouldn't touch it though.
|
|
|
|
|
calkob
|
|
November 27, 2016, 06:56:57 PM |
|
This happens all the time, although be safe and not sorry, i had an antivirus constantly find malware in the appdata folder of bitcoin block chain. usually a false positive.
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3724
Merit: 6447
Looking for campaign manager? Contact icopress!
|
|
November 27, 2016, 07:28:14 PM |
|
I have 0.13.1 installed from Friday. You scared me! But I scanned now bitcoin-qt.exe (since I didn't keep the installer) with virustotal and I've found it clean (wtf?!). I will try to boot that computer from a stick tomorrow and scan it, but I doubt that I'll find anything. Maybe you should do the same. Better safe than sorry, always.
|
|
|
|
0xfff
|
|
November 27, 2016, 08:44:43 PM |
|
|
|
|
|
calkob
|
|
November 27, 2016, 09:07:14 PM |
|
I also run a full node at home It's fine for me cause i run my computer 24/7 anyway and i dont have any limits from my broadband provider, everyone who can, should run a full node.
|
|
|
|
|