Bitcoin Forum
December 12, 2024, 01:55:12 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 »  All
  Print  
Author Topic: Trojan Wallet stealer be careful  (Read 25876 times)
Nefario (OP)
Hero Member
*****
Offline Offline

Activity: 602
Merit: 513


GLBSE Support support@glbse.com


View Profile WWW
June 17, 2011, 06:20:27 AM
 #1

There is a (new?) trojan wallet stealer out in the wild ATM.

Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).

Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

You have been warned.

Nefario

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
Garrett Burgwardt
Sr. Member
****
Offline Offline

Activity: 406
Merit: 256


View Profile
June 17, 2011, 06:28:30 AM
 #2

As a side note - for those of you willing to trust an app, read the source code first. If it's not available, huge warning lights should go off.
DonnyCMU
Full Member
***
Offline Offline

Activity: 143
Merit: 100


View Profile
June 17, 2011, 06:31:23 AM
Last edit: June 17, 2011, 02:33:05 PM by DonnyCMU
 #3

Are you talking about the Infostealer.Coinbit?

It has been recognized by Symantec
http://www.symantec.com/connect/blogs/all-your-bitcoins-are-ours

Symantec said the malware will locate wallet.dat then send it back by e-mail or FTP.
dana.powers
Newbie
*
Offline Offline

Activity: 21
Merit: 0


View Profile
June 17, 2011, 06:40:43 AM
 #4

Open source GPG encryption tools for Mac OS are available here: http://macgpg.sourceforge.net/

But don't these tools still leave you vulnerable while you're running the bitcoin client (because client requires unencrypted wallet.dat)?
bitcoinminer
Sr. Member
****
Offline Offline

Activity: 322
Merit: 252



View Profile
June 17, 2011, 06:41:26 AM
 #5

There is a (new?) trojan wallet stealer out in the wild ATM.

Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).

Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

You have been warned.

Nefario

How do we know we can trust you?   Grin

Be fearful when others are greedy, and greedy when others are fearful.

-Warren Buffett
Nefario (OP)
Hero Member
*****
Offline Offline

Activity: 602
Merit: 513


GLBSE Support support@glbse.com


View Profile WWW
June 17, 2011, 07:19:40 AM
 #6

There is a (new?) trojan wallet stealer out in the wild ATM.

Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).

Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

You have been warned.

Nefario

How do we know we can trust you?   Grin
trust no one

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
MrAnderson
Member
**
Offline Offline

Activity: 81
Merit: 10


View Profile
June 17, 2011, 08:43:18 AM
 #7

There is a (new?) trojan wallet stealer out in the wild ATM.

Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).

Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

You have been warned.

Nefario

Windows 7 rejects it because it doesn't have digitally signed drivers, any work around for this?

re: http://www.imgjoe.com/x/capture22323.jpg

>>> 1BcfL1QAZsxtpd92YYsbvDyih45mwA9xSo << Willing to endure the cringe-worthy Australian stereotypes for donations.

I'll wrestle a crocodile, show you my knife, throw shrimp on the BBQ, F**k your wife. Tongue
foo
Sr. Member
****
Offline Offline

Activity: 409
Merit: 250



View Profile
June 17, 2011, 08:55:40 AM
 #8

WTF is FreeOTFE and why would one use it instead of TrueCrypt?

I know this because Tyler knows this.
Nefario (OP)
Hero Member
*****
Offline Offline

Activity: 602
Merit: 513


GLBSE Support support@glbse.com


View Profile WWW
June 17, 2011, 09:26:06 AM
 #9

WTF is FreeOTFE and why would one use it instead of TrueCrypt?

FreeOTFE is an On The Fly Encryption application.

You can use it instead of TC because it doesn't need to be installed, at least the Portable Explorer version doesn't(otherwise it requires admion permissions).

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
LeFBI
Member
**
Offline Offline

Activity: 98
Merit: 10



View Profile
June 17, 2011, 09:36:52 AM
 #10

Why is the wallet.dat not encrypted by default anyway?

Asking the average internet user to use TrueCrypt,FreeOTFE,LinuxCoin,Command Line whatever is ihmo far far far to geeky to be widely accepted.
If you want bitcoin to be an easy payment alternative like paypal, then make it more simple&secure. If simply copying the wallet file is enough to rob someone, it's hell insecure. :-/
When you first start the bitcoin client and wallet is created, there is no prompt telling the user that he/she must secure the wallet file, it doesn't even say that it exists or where the wallet file is saved. But these are things you at least have to tell the average non-geek user. When i think of my parents for example...they know how to use google,emails and even managed to sign up at ebay. but they don't give a fuck about Cookies,Scripts,TrueCrypt whatsoever. And that isn't about to change. In the Bitcoin client you could simply implement a start dialog like "Choose wallet" , Click, "Enter Password", click, done. And it would be save from simply copying the wallet file. Of course this wouldn't make it 100% secure, there will always be keyloggers,trojans and such...but it would at least make it a bit harder and not every idiot could simply copy the file and use it. In bitcoin it's all about hashing, encryption, making the network as secure as possible but the wallet is an open door.
doomy
Newbie
*
Offline Offline

Activity: 28
Merit: 0



View Profile
June 17, 2011, 09:44:44 AM
 #11

WTF is FreeOTFE and why would one use it instead of TrueCrypt?

QFE   Grin
Vladimir
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1001


-


View Profile
June 17, 2011, 09:48:55 AM
 #12

Bitcoin developers, please, please, please do create encrypted wallet functionality, so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.


-
doomy
Newbie
*
Offline Offline

Activity: 28
Merit: 0



View Profile
June 17, 2011, 09:52:42 AM
 #13

Best place to place the encrypted file is on Dropbox.  Wink
LeFBI
Member
**
Offline Offline

Activity: 98
Merit: 10



View Profile
June 17, 2011, 09:57:34 AM
 #14

so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.
said the linux nerd.
BombaUcigasa
Legendary
*
Offline Offline

Activity: 1442
Merit: 1005



View Profile
June 17, 2011, 10:00:30 AM
 #15

WTF is FreeOTFE and why would one use it instead of TrueCrypt?

You can use it instead of TC because it doesn't need to be installed, at least the Portable Explorer version doesn't(otherwise it requires admion permissions).

Just like TrueCrypt?
flug
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250



View Profile
June 17, 2011, 10:00:44 AM
 #16

Bitcoin developers, please, please, please do create encrypted wallet functionality, so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.

Are you inferring that the average person's computer will never be safe enough to use the bitcoin client?
BombaUcigasa
Legendary
*
Offline Offline

Activity: 1442
Merit: 1005



View Profile
June 17, 2011, 10:01:34 AM
 #17

Bitcoin developers, please, please, please do create encrypted wallet functionality, so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.

Are you inferring that the average person's computer will never be safe enough to use the bitcoin client?
It is cheaper to solve the issue at the client level. One single change, every user receives increased security.
flug
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250



View Profile
June 17, 2011, 10:10:50 AM
 #18

Bitcoin developers, please, please, please do create encrypted wallet functionality, so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.

Are you inferring that the average person's computer will never be safe enough to use the bitcoin client?
It is cheaper to solve the issue at the client level. One single change, every user receives increased security.

Vladimir's inference was that this 'solving' the issue at the client level would be giving a false sense of security, which is the worst of all worlds.
Vladimir
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1001


-


View Profile
June 17, 2011, 10:12:54 AM
 #19

Bitcoin developers, please, please, please do create encrypted wallet functionality, so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.

Are you inferring that the average person's computer will never be safe enough to use the bitcoin client?

You inferred it.

I implied what you said in the post #18.  Cheesy

If your computer is compromised, you are screwed, the moment you enter your password to decrypt the wallet.

Banks get around this (still not completely) with second factor auth and I do not see how bitcoin can do second factor auth without losing decentralisation. (unless Satoshi comes out of the woods with invention of proofofwork/blockhain for second factor auth)



-
LeFBI
Member
**
Offline Offline

Activity: 98
Merit: 10



View Profile
June 17, 2011, 10:31:59 AM
 #20

If your computer is compromised, you are screwed, the moment you enter your password to decrypt the wallet.
That's always the case >if< your pc is compromised. an encrypted wallet.dat would protect from simply copying the file to usb, if someone has physical access to your pc. also if your pc is compromised doesn't automatically mean it's running a keylogger in the background. every idiot can copy&paste a file but not every idiot knows how to set up keylogger. making the wallet more secure doesn't harm anyone, so why not do it? there will never be 100% security, but it would at least be a bit safer than it is now.
Pages: [1] 2 3 4 5 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!