Bitcoin Forum
December 03, 2016, 01:50:22 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Protecting your Bitcoins? - Infostealer.Coinbit  (Read 3230 times)
bbit
Legendary
*
Offline Offline

Activity: 1288

Bitcoin


View Profile
June 16, 2011, 09:46:54 PM
 #1

Looks like Symantec just released the culprit who steals bitcoins from wallets  Angry

Source: Symantec http://www.symantec.com/security_response/writeup.jsp?docid=2011-061615-3651-99&tabid=2

So I started looking around for anything to help protect BitCoins (besides encrypting).
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480773022
Hero Member
*
Offline Offline

Posts: 1480773022

View Profile Personal Message (Offline)

Ignore
1480773022
Reply with quote  #2

1480773022
Report to moderator
tymothy
Full Member
***
Offline Offline

Activity: 224


View Profile
June 16, 2011, 10:01:53 PM
 #2

I would be fine uploading an encrypted wallet file to a "secure" server. If the server's compromised, oh well.
jackjack
Hero Member
*****
Offline Offline

Activity: 868


May Bitcoin be touched by his Noodly Appendage


View Profile
June 16, 2011, 10:07:15 PM
 #3

Renting a server costs only few $ a year
Even if the storage is ridiculous, it's far enough to store a encrypted wallet.dat...
I think it's worth it

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 16, 2011, 10:18:13 PM
 #4

Does anyone know what possible filename this infection may come under? Or anything that can help me locate the infection if it is still in the system? Or at least to figure out if I indeed had this trojan.


bbit
Legendary
*
Offline Offline

Activity: 1288

Bitcoin


View Profile
June 16, 2011, 10:20:34 PM
 #5

Renting a server costs only few $ a year
Even if the storage is ridiculous, it's far enough to store a encrypted wallet.dat...
I think it's worth it

I contacted the service - basically, they offer 2 things:

1.) wallet.dat back up via upload - 100 percent coverage for your BTC if anything should go wrong on their end.
2.) wallet.dat no upload - 100 percent coverage for your BTC wallet.

So either way you are covered for the coins you have. Finding out more Grin
bbit
Legendary
*
Offline Offline

Activity: 1288

Bitcoin


View Profile
June 16, 2011, 10:21:52 PM
 #6

Does anyone know what possible filename this infection may come under? Or anything that can help me locate the infection if it is still in the system? Or at least to figure out if I indeed had this trojan.



Allinvain - I'm looking up that information as we speak. I'll post more shortly.
rezin777
Full Member
***
Offline Offline

Activity: 154


View Profile
June 16, 2011, 10:23:51 PM
 #7

That has to be the lamest trojan I've ever seen! If it netted this guy half a million dollars, well damn.

The first very small step towards security I took was change the default place where the wallet.dat was stored...

Apparently I wouldn't have to worry anyway, as I don't use any of those operating systems!
bbit
Legendary
*
Offline Offline

Activity: 1288

Bitcoin


View Profile
June 16, 2011, 10:29:08 PM
 #8

That has to be the lamest trojan I've ever seen! If it netted this guy half a million dollars, well damn.

The first very small step towards security I took was change the default place where the wallet.dat was stored...

Apparently I wouldn't have to worry anyway, as I don't use any of those operating systems!

Rezin777 it is pretty crazy when you think about it!  The location path should be the first thing you should change I totally agree.
TraderTimm
Legendary
*
Offline Offline

Activity: 1652



View Profile
June 16, 2011, 11:49:33 PM
 #9

Of course any malicious payload could change, but as a precaution you may want to put the following in your 'hosts' file:

(Depends on your windows install, but do a search for hosts*)

127.0.0.1  smtp.wp.pl

Or just move your savings wallet to an appropriately encrypted container with backups under your Linux distro of choice.

fortitudinem multis - catenum regit omnia
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
June 17, 2011, 12:44:19 AM
 #10

Quote
Risk Level 1: Very Low

Ummmmm... FAIL

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 17, 2011, 01:18:51 AM
 #11

That has to be the lamest trojan I've ever seen! If it netted this guy half a million dollars, well damn.

The first very small step towards security I took was change the default place where the wallet.dat was stored...

Apparently I wouldn't have to worry anyway, as I don't use any of those operating systems!

Rezin777 it is pretty crazy when you think about it!  The location path should be the first thing you should change I totally agree.

The wallet.dat should not be called wallet.dat and it should be stored in a random directory in the user's profile/home directory - preferrably a randomly generated name. The location of this directory with the randomly generated .dat file should be visible and known only to the bitcoin client. What I'm saying is the wallet.dat should be separated from the .bitcoin or "Bitcoin" directory.

Not to mention the location should be stored encrypted in the bitcoin configuration file.

Rob P.
Member
**
Offline Offline

Activity: 84



View Profile WWW
June 17, 2011, 01:29:56 AM
 #12

That has to be the lamest trojan I've ever seen! If it netted this guy half a million dollars, well damn.

The first very small step towards security I took was change the default place where the wallet.dat was stored...

Apparently I wouldn't have to worry anyway, as I don't use any of those operating systems!

Rezin777 it is pretty crazy when you think about it!  The location path should be the first thing you should change I totally agree.

The wallet.dat should not be called wallet.dat and it should be stored in a random directory in the user's profile/home directory - preferrably a randomly generated name. The location of this directory with the randomly generated .dat file should be visible and known only to the bitcoin client. What I'm saying is the wallet.dat should be separated from the .bitcoin or "Bitcoin" directory.

Not to mention the location should be stored encrypted in the bitcoin configuration file.

The devs are working on this.  But, it's not hard overall:

Fire up client.
Ask user for password.
Create wallet.dat.
Encrypt data in wallet.dat with user password.
Whenever wallet.dat is accessed, prompt user for password to decrypt data.

You don't actually need the private keys to do anything but send coins.  So, the wallet.dat data only needs to be accessed if you're sending coins and/or adding addresses.  So, it wouldn't be that annoying to be prompted.

Now if someone steals your wallet.dat, it's useless unless they know the password.
As long as you have backups, you cannot lose your coins.

Of course, if you have malware on your system, they can keylog the password and then all bets are off.

--

If you like what I've written here, consider tipping the messenger:
1GZu4CtHa6ai8iWoWiVFxV5VVoNte4SkoG

If you don't like what I've written, send me a Tip and I'll stop talking.
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 17, 2011, 02:28:16 AM
 #13

That has to be the lamest trojan I've ever seen! If it netted this guy half a million dollars, well damn.

The first very small step towards security I took was change the default place where the wallet.dat was stored...

Apparently I wouldn't have to worry anyway, as I don't use any of those operating systems!

Rezin777 it is pretty crazy when you think about it!  The location path should be the first thing you should change I totally agree.

The wallet.dat should not be called wallet.dat and it should be stored in a random directory in the user's profile/home directory - preferrably a randomly generated name. The location of this directory with the randomly generated .dat file should be visible and known only to the bitcoin client. What I'm saying is the wallet.dat should be separated from the .bitcoin or "Bitcoin" directory.

Not to mention the location should be stored encrypted in the bitcoin configuration file.

The devs are working on this.  But, it's not hard overall:

Fire up client.
Ask user for password.
Create wallet.dat.
Encrypt data in wallet.dat with user password.
Whenever wallet.dat is accessed, prompt user for password to decrypt data.

You don't actually need the private keys to do anything but send coins.  So, the wallet.dat data only needs to be accessed if you're sending coins and/or adding addresses.  So, it wouldn't be that annoying to be prompted.

Now if someone steals your wallet.dat, it's useless unless they know the password.
As long as you have backups, you cannot lose your coins.

Of course, if you have malware on your system, they can keylog the password and then all bets are off.

I wonder if there is a way to work around malware infections. Can the bitcoin client run in some sort of protected memory space? I got an idea though. How about one of those secure cryptokeys features. Essentially you'd use your mouse to click on a virtual keyboard which is scrambled by client so each time you click on say on the keys of the virtual keyboard the input would correspond to a different output. This way even if the hacker screenshots your system they can't really get your secret password? Elaborate - yes Necessary - yes...unless we expect every future bitcoin user to not run the client on any M$ operating system?


Rob P.
Member
**
Offline Offline

Activity: 84



View Profile WWW
June 17, 2011, 07:22:51 PM
 #14

I wonder if there is a way to work around malware infections. Can the bitcoin client run in some sort of protected memory space? I got an idea though. How about one of those secure cryptokeys features. Essentially you'd use your mouse to click on a virtual keyboard which is scrambled by client so each time you click on say on the keys of the virtual keyboard the input would correspond to a different output. This way even if the hacker screenshots your system they can't really get your secret password? Elaborate - yes Necessary - yes...

The client could also be written to utilize two-factor authentication schemes, but then you'd need a centralized authority to manage the other side of the two-factor authentication.  That kind of goes against the philosophy of Bitcoin.

unless we expect every future bitcoin user to not run the client on any M$ operating system?

That's the best idea I've heard.  Seriously, why would anyone have:

1)  A single wallet.dat that contained 25,000 BTC.  That's like carrying $500,000 in cash, in your wallet.  Insane.
2)  Trust any wallet.dat files to Windows.

Just my $0.02 worth.  If what happened really happened to you, I'm sorry.  But, when I saw BTC go over $0.10 I'd have started moving things around and securing an offline wallet.

--

If you like what I've written here, consider tipping the messenger:
1GZu4CtHa6ai8iWoWiVFxV5VVoNte4SkoG

If you don't like what I've written, send me a Tip and I'll stop talking.
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 19, 2011, 05:36:03 AM
 #15

Does anyone know what possible filename this infection may come under? Or anything that can help me locate the infection if it is still in the system? Or at least to figure out if I indeed had this trojan.



Allinvain - I'm looking up that information as we speak. I'll post more shortly.

Did you find anything useful? Since you haven't posted I presume no, or you must've forgotten?

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!