Protecting your Bitcoins? - Infostealer.Coinbit

[bbit]

Looks like Symantec just released the culprit who steals bitcoins from wallets  

Source: Symantec http://www.symantec.com/security_response/writeup.jsp?docid=2011-061615-3651-99&tabid=2

So I started looking around for anything to help protect BitCoins (besides encrypting).

[1714120911]

1714120911

[1714120911]

1714120911

[1714120911]

1714120911

[1714120911]

1714120911

[tymothy]

I would be fine uploading an encrypted wallet file to a "secure" server. If the server's compromised, oh well.

[jackjack]

Renting a server costs only few $ a year
Even if the storage is ridiculous, it's far enough to store a encrypted wallet.dat...
I think it's worth it

[allinvain]

Does anyone know what possible filename this infection may come under? Or anything that can help me locate the infection if it is still in the system? Or at least to figure out if I indeed had this trojan.

[bbit]

Renting a server costs only few $ a year
Even if the storage is ridiculous, it's far enough to store a encrypted wallet.dat...
I think it's worth it

I contacted the service - basically, they offer 2 things:

1.) wallet.dat back up via upload - 100 percent coverage for your BTC if anything should go wrong on their end.
2.) wallet.dat no upload - 100 percent coverage for your BTC wallet.

So either way you are covered for the coins you have. Finding out more

[bbit]

Does anyone know what possible filename this infection may come under? Or anything that can help me locate the infection if it is still in the system? Or at least to figure out if I indeed had this trojan.

Allinvain - I'm looking up that information as we speak. I'll post more shortly.

[rezin777]

That has to be the lamest trojan I've ever seen! If it netted this guy half a million dollars, well damn.

The first very small step towards security I took was change the default place where the wallet.dat was stored...

Apparently I wouldn't have to worry anyway, as I don't use any of those operating systems!

[bbit]

That has to be the lamest trojan I've ever seen! If it netted this guy half a million dollars, well damn.

The first very small step towards security I took was change the default place where the wallet.dat was stored...

Apparently I wouldn't have to worry anyway, as I don't use any of those operating systems!

Rezin777 it is pretty crazy when you think about it!  The location path should be the first thing you should change I totally agree.

[TraderTimm]

Of course any malicious payload could change, but as a precaution you may want to put the following in your 'hosts' file:

(Depends on your windows install, but do a search for hosts*)

127.0.0.1  smtp.wp.pl

Or just move your savings wallet to an appropriately encrypted container with backups under your Linux distro of choice.

[error]

Risk Level 1: Very Low

Ummmmm... FAIL

[allinvain]

That has to be the lamest trojan I've ever seen! If it netted this guy half a million dollars, well damn.

The first very small step towards security I took was change the default place where the wallet.dat was stored...

Apparently I wouldn't have to worry anyway, as I don't use any of those operating systems!

Rezin777 it is pretty crazy when you think about it!  The location path should be the first thing you should change I totally agree.

The wallet.dat should not be called wallet.dat and it should be stored in a random directory in the user's profile/home directory - preferrably a randomly generated name. The location of this directory with the randomly generated .dat file should be visible and known only to the bitcoin client. What I'm saying is the wallet.dat should be separated from the .bitcoin or "Bitcoin" directory.

Not to mention the location should be stored encrypted in the bitcoin configuration file.

[Rob P.]

That has to be the lamest trojan I've ever seen! If it netted this guy half a million dollars, well damn.

The first very small step towards security I took was change the default place where the wallet.dat was stored...

Apparently I wouldn't have to worry anyway, as I don't use any of those operating systems!

Rezin777 it is pretty crazy when you think about it!  The location path should be the first thing you should change I totally agree.

The wallet.dat should not be called wallet.dat and it should be stored in a random directory in the user's profile/home directory - preferrably a randomly generated name. The location of this directory with the randomly generated .dat file should be visible and known only to the bitcoin client. What I'm saying is the wallet.dat should be separated from the .bitcoin or "Bitcoin" directory.

Not to mention the location should be stored encrypted in the bitcoin configuration file.

The devs are working on this.  But, it's not hard overall:

Fire up client.
Ask user for password.
Create wallet.dat.
Encrypt data in wallet.dat with user password.
Whenever wallet.dat is accessed, prompt user for password to decrypt data.

You don't actually need the private keys to do anything but send coins.  So, the wallet.dat data only needs to be accessed if you're sending coins and/or adding addresses.  So, it wouldn't be that annoying to be prompted.

Now if someone steals your wallet.dat, it's useless unless they know the password.
As long as you have backups, you cannot lose your coins.

Of course, if you have malware on your system, they can keylog the password and then all bets are off.

[allinvain]

That has to be the lamest trojan I've ever seen! If it netted this guy half a million dollars, well damn.

The first very small step towards security I took was change the default place where the wallet.dat was stored...

Apparently I wouldn't have to worry anyway, as I don't use any of those operating systems!

Rezin777 it is pretty crazy when you think about it!  The location path should be the first thing you should change I totally agree.

The wallet.dat should not be called wallet.dat and it should be stored in a random directory in the user's profile/home directory - preferrably a randomly generated name. The location of this directory with the randomly generated .dat file should be visible and known only to the bitcoin client. What I'm saying is the wallet.dat should be separated from the .bitcoin or "Bitcoin" directory.

Not to mention the location should be stored encrypted in the bitcoin configuration file.

The devs are working on this.  But, it's not hard overall:

Fire up client.
Ask user for password.
Create wallet.dat.
Encrypt data in wallet.dat with user password.
Whenever wallet.dat is accessed, prompt user for password to decrypt data.

You don't actually need the private keys to do anything but send coins.  So, the wallet.dat data only needs to be accessed if you're sending coins and/or adding addresses.  So, it wouldn't be that annoying to be prompted.

Now if someone steals your wallet.dat, it's useless unless they know the password.
As long as you have backups, you cannot lose your coins.

Of course, if you have malware on your system, they can keylog the password and then all bets are off.

I wonder if there is a way to work around malware infections. Can the bitcoin client run in some sort of protected memory space? I got an idea though. How about one of those secure cryptokeys features. Essentially you'd use your mouse to click on a virtual keyboard which is scrambled by client so each time you click on say on the keys of the virtual keyboard the input would correspond to a different output. This way even if the hacker screenshots your system they can't really get your secret password? Elaborate - yes Necessary - yes...unless we expect every future bitcoin user to not run the client on any M$ operating system?

[Rob P.]

I wonder if there is a way to work around malware infections. Can the bitcoin client run in some sort of protected memory space? I got an idea though. How about one of those secure cryptokeys features. Essentially you'd use your mouse to click on a virtual keyboard which is scrambled by client so each time you click on say on the keys of the virtual keyboard the input would correspond to a different output. This way even if the hacker screenshots your system they can't really get your secret password? Elaborate - yes Necessary - yes...

The client could also be written to utilize two-factor authentication schemes, but then you'd need a centralized authority to manage the other side of the two-factor authentication.  That kind of goes against the philosophy of Bitcoin.

unless we expect every future bitcoin user to not run the client on any M$ operating system?

That's the best idea I've heard.  Seriously, why would anyone have:

1)  A single wallet.dat that contained 25,000 BTC.  That's like carrying $500,000 in cash, in your wallet.  Insane.
2)  Trust any wallet.dat files to Windows.

Just my $0.02 worth.  If what happened really happened to you, I'm sorry.  But, when I saw BTC go over $0.10 I'd have started moving things around and securing an offline wallet.

[allinvain]

Does anyone know what possible filename this infection may come under? Or anything that can help me locate the infection if it is still in the system? Or at least to figure out if I indeed had this trojan.

Allinvain - I'm looking up that information as we speak. I'll post more shortly.

Did you find anything useful? Since you haven't posted I presume no, or you must've forgotten?