Trojan Wallet stealer be careful

[Nefario]

There is a (new?) trojan wallet stealer out in the wild ATM.

Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).

Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

You have been warned.

Nefario

[1714040036]

1714040036

[1714040036]

1714040036

[Garrett Burgwardt]

As a side note - for those of you willing to trust an app, read the source code first. If it's not available, huge warning lights should go off.

[DonnyCMU]

Are you talking about the Infostealer.Coinbit?

It has been recognized by Symantec
http://www.symantec.com/connect/blogs/all-your-bitcoins-are-ours

Symantec said the malware will locate wallet.dat then send it back by e-mail or FTP.

[dana.powers]

Open source GPG encryption tools for Mac OS are available here: http://macgpg.sourceforge.net/

But don't these tools still leave you vulnerable while you're running the bitcoin client (because client requires unencrypted wallet.dat)?

[bitcoinminer]

There is a (new?) trojan wallet stealer out in the wild ATM.

Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).

Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

You have been warned.

Nefario

How do we know we can trust you?   

[Nefario]

There is a (new?) trojan wallet stealer out in the wild ATM.

Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).

Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

You have been warned.

Nefario

How do we know we can trust you?   

trust no one

[MrAnderson]

There is a (new?) trojan wallet stealer out in the wild ATM.

Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).

Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

You have been warned.

Nefario

Windows 7 rejects it because it doesn't have digitally signed drivers, any work around for this?

re: http://www.imgjoe.com/x/capture22323.jpg

[foo]

WTF is FreeOTFE and why would one use it instead of TrueCrypt?

[Nefario]

WTF is FreeOTFE and why would one use it instead of TrueCrypt?

FreeOTFE is an On The Fly Encryption application.

You can use it instead of TC because it doesn't need to be installed, at least the Portable Explorer version doesn't(otherwise it requires admion permissions).

[LeFBI]

Why is the wallet.dat not encrypted by default anyway?

Asking the average internet user to use TrueCrypt,FreeOTFE,LinuxCoin,Command Line whatever is ihmo far far far to geeky to be widely accepted.
If you want bitcoin to be an easy payment alternative like paypal, then make it more simple&secure. If simply copying the wallet file is enough to rob someone, it's hell insecure. :-/
When you first start the bitcoin client and wallet is created, there is no prompt telling the user that he/she must secure the wallet file, it doesn't even say that it exists or where the wallet file is saved. But these are things you at least have to tell the average non-geek user. When i think of my parents for example...they know how to use google,emails and even managed to sign up at ebay. but they don't give a fuck about Cookies,Scripts,TrueCrypt whatsoever. And that isn't about to change. In the Bitcoin client you could simply implement a start dialog like "Choose wallet" , Click, "Enter Password", click, done. And it would be save from simply copying the wallet file. Of course this wouldn't make it 100% secure, there will always be keyloggers,trojans and such...but it would at least make it a bit harder and not every idiot could simply copy the file and use it. In bitcoin it's all about hashing, encryption, making the network as secure as possible but the wallet is an open door.

[doomy]

WTF is FreeOTFE and why would one use it instead of TrueCrypt?

QFE   

[Vladimir]

Bitcoin developers, please, please, please do create encrypted wallet functionality, so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.

[doomy]

Best place to place the encrypted file is on Dropbox. 

[LeFBI]

so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.

said the linux nerd.

[BombaUcigasa]

WTF is FreeOTFE and why would one use it instead of TrueCrypt?

You can use it instead of TC because it doesn't need to be installed, at least the Portable Explorer version doesn't(otherwise it requires admion permissions).

Just like TrueCrypt?

[flug]

Bitcoin developers, please, please, please do create encrypted wallet functionality, so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.

Are you inferring that the average person's computer will never be safe enough to use the bitcoin client?

[BombaUcigasa]

Bitcoin developers, please, please, please do create encrypted wallet functionality, so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.

Are you inferring that the average person's computer will never be safe enough to use the bitcoin client?

It is cheaper to solve the issue at the client level. One single change, every user receives increased security.

[flug]

Bitcoin developers, please, please, please do create encrypted wallet functionality, so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.

Are you inferring that the average person's computer will never be safe enough to use the bitcoin client?

It is cheaper to solve the issue at the client level. One single change, every user receives increased security.

Vladimir's inference was that this 'solving' the issue at the client level would be giving a false sense of security, which is the worst of all worlds.

[Vladimir]

Bitcoin developers, please, please, please do create encrypted wallet functionality, so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.

Are you inferring that the average person's computer will never be safe enough to use the bitcoin client?

You inferred it.

I implied what you said in the post #18.  

If your computer is compromised, you are screwed, the moment you enter your password to decrypt the wallet.

Banks get around this (still not completely) with second factor auth and I do not see how bitcoin can do second factor auth without losing decentralisation. (unless Satoshi comes out of the woods with invention of proofofwork/blockhain for second factor auth)

[LeFBI]

If your computer is compromised, you are screwed, the moment you enter your password to decrypt the wallet.

That's always the case >if< your pc is compromised. an encrypted wallet.dat would protect from simply copying the file to usb, if someone has physical access to your pc. also if your pc is compromised doesn't automatically mean it's running a keylogger in the background. every idiot can copy&paste a file but not every idiot knows how to set up keylogger. making the wallet more secure doesn't harm anyone, so why not do it? there will never be 100% security, but it would at least be a bit safer than it is now.