Bitcoin Forum
December 14, 2024, 08:49:00 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 »
  Print  
Author Topic: Trojan Wallet stealer be careful  (Read 50299 times)
twobits
Sr. Member
****
Offline Offline

Activity: 574
Merit: 250



View Profile
June 17, 2011, 01:20:14 PM
 #21

If you have more than 1000 Bitcoins in your wallet:

1. get yourself a low cost netbook.
2. Install not bloated linux (like archlinux) or FreeBSD or OpenBSD (in order of growing paranoia).


Damn, I used NetBSD,  time to reformat!

I was wondering though,  how well would a cheap android tablet work?  They seem even cheaper then netbooks these
days, but no idea yet how secure they are, nor even if you can run bitcoin on them.




█████                █████      ███████             
█████                ███    █████████████       
█████                ██  █████████████████   
█████                █  ██████              ██████ 
█████                    ████                      ████ 
█████████████  █████                        ████
█████████████  █████                        ████
█████████████  █████                        ████
█████                    █████                             
█████                █  ██████              ███████
█████                ██  ███████████    █████ 
█████                ███    █████████    ████   
█████                █████      ███████    ██
███
███
███
███
███
███
███
███
███
HyperQuant.net
Platform for Professional Asset Management
███
███
███
███
███
███
███
███
███
WhitePaper
One-Pager
███
███
███
███
███
███
███
███
███
Telegram 
Facebook
Twitter
Medium
███
███
███
███
███
███
███
███
███
███
███
███
███
███
███
███
███
███
█████                █████      ███████             
█████                ███    █████████████       
█████                ██  █████████████████   
█████                █  ██████              ██████ 
█████                    ████                      ████ 
█████████████  █████                        ████
█████████████  █████                        ████
█████████████  █████                        ████
█████                    █████                             
█████                █  ██████              ███████
█████                ██  ███████████    █████ 
█████                ███    █████████    ████   
█████                █████      ███████    ██
disposablecode
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
June 17, 2011, 02:25:28 PM
 #22

Greetings,

I believe the simplest approach to mitigate risks associated with contracting trojans would to only engage in BitCoin transactions from the security of a VMWARE image that's sole purpose is for just that.


What do you all think?
mr-sk
Member
**
Offline Offline

Activity: 117
Merit: 10


View Profile
June 17, 2011, 03:12:06 PM
 #23

The thing about this trojan is that it looks in the default dir for the wallet.dat file. It doesn't do an exhaustive search of the filesystem. So a simple fix is to not install the bitcoin client in the default location.

Telegram
peedee
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
June 17, 2011, 03:27:37 PM
 #24

The thing about this trojan is that it looks in the default dir for the wallet.dat file. It doesn't do an exhaustive search of the filesystem. So a simple fix is to not install the bitcoin client in the default location.

By the time your were typing that it will have probably evolved to something more smart and will keep doing so.
mr-sk
Member
**
Offline Offline

Activity: 117
Merit: 10


View Profile
June 17, 2011, 05:08:35 PM
 #25

Possibly, but it needs a propagation method and a new C&C server or destination address since that's been blocked. Its an arms race I agree.

Keep your wallet encrypted and only decrypt for transactions, use TrueCrypt.

Telegram
Desu
Newbie
*
Offline Offline

Activity: 28
Merit: 0



View Profile
June 17, 2011, 05:15:28 PM
 #26

If there is fear of hack through a computer source, put a savings wallet it on a usb only decrypt it when needed.
Coolty
Newbie
*
Offline Offline

Activity: 17
Merit: 0


View Profile
June 17, 2011, 05:18:05 PM
 #27

It only makes sense that a trojan specializing in this would pop up.
Quantus
Legendary
*
Offline Offline

Activity: 883
Merit: 1005



View Profile
June 17, 2011, 06:10:57 PM
 #28

can you put an encrypted file inside another encrypted file? Huh

(I am a 1MB block supporter who thinks all users should be using Full-Node clients)
Avoid the XT shills, they only want to destroy bitcoin, their hubris and greed will destroy us.
Know your adversary https://www.youtube.com/watch?v=BKorP55Aqvg
Desu
Newbie
*
Offline Offline

Activity: 28
Merit: 0



View Profile
June 17, 2011, 06:13:25 PM
 #29

can you put an encrypted file inside another encrypted file? Huh
I once asked if you can zip a bunch of zip files. Lol
im3w1l
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250


View Profile
June 17, 2011, 06:35:14 PM
 #30

I have a simpler method than the netbook one, almost as safe. Make yourself a lot of wallets, with a fixed amount per wallet. Whenever you need to buy something, unencrypt the first wallet, send btc. Then proceed with the others. In this way, you can only lose one wallets worth.
Another advantage, which of course could also be gotten by with multiple addresses in a single wallet, is that your holdings wont stand out in block explorer (could potentially make you a target)
nikitasister
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
June 17, 2011, 08:19:56 PM
 #31

Thanks for the advices. I'm using the last portable version of FreeOTFE http://strcpy.ueuo.com/FreeOTFEExplorer_3_53.zip
Run BTC
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
June 17, 2011, 08:58:52 PM
 #32

Be sure to check out  http://www.bitprotection.info  - wallet backup 100 percent coverage protection ... you can encrypt all day but once you loose it there is noway of getting the value of your BTC back until now ...

Bookmarked. Thanks for the heads-up.
bsd
Newbie
*
Offline Offline

Activity: 34
Merit: 0


View Profile
June 18, 2011, 12:17:25 AM
 #33

I'm loving all the talk here about BSD. FreeBSD ftw.

OpenCL mining on GPUs isn't supported in FreeBSD though Sad
Seiks
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
June 18, 2011, 02:41:43 AM
 #34

Yeah... It bothers me not being able to mine opencl on GPU in freebsd :/
Saint Cad
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
June 18, 2011, 03:21:32 AM
 #35

Within an hour after downloading the client, Spyware Doctor found a trojan on my computer.  Coincidence?
Tech-Boy
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
June 18, 2011, 04:05:46 AM
 #36

Wow 25kbtc Wow Sad
kuloch
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
June 18, 2011, 05:04:38 AM
 #37

mmmmm, would've been helpful to describe the trojan scam.
You can read it here. https://forum.bitcoin.org/index.php?topic=16457.0

As a Newbie, I can't post on that thread.

So, here's my thought on the subject.

If Bitcoins are a set of digital Alpha/numerric characters for each Bitcoin, then each REAL transaction should add the sellers 'input' characters to the code that verify that the seller ACTUALLY sold them to a Specific buyer, who know has them in his Account/s. They need to be traceable, that way.
So, stealing them would not add any verifiable characters to each Bitcoin, which should render them worthless to the thief, but still holding their value for the owner they were 'stolen' from.
IF he was SMART enough to keep them backed-up, then he'd still have his version of the digital docs, that have his code attached to them,

NO?

No.

Part of the point of BitCoin is that everything is completely traceable.  Check out blockexplorer.com.  The "seller" does provide a uniquely identifiable piece of information with every transaction.  That is your digital signature, which only the account's owner can create.  However, the issue with wallet-stealing is that the private key used (in tandem with the public key or address) to create that digital signature is compromised, making the original account owner no longer the only account owner.

E.g., if you tell me your private key, I now own your account just as much as you do, for all intents and purposes.

YinCoin YangCoin ☯☯First Ever POS/POW Alternator! Multipool! ☯ ☯ http://yinyangpool.com/ 
https://bitcointalk.org/index.php?topic=623937
Bwincoin - 100% Free POS. BCc7XkRRbzy7cJkg4QTrA7JzseTAHgmc2A
chicki
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
June 18, 2011, 06:32:36 AM
 #38

Sigh.  Always a pickpocket in the crowd.
apflux
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
June 18, 2011, 08:10:36 AM
 #39

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/
In fact encryption is useless if you enter your password with your keyboard. If your computer gets compromised by a trojan it can read your password with a keylogger.

Quote from: kuloch
Part of the point of BitCoin is that everything is completely traceable.  Check out blockexplorer.com.  The "seller" does provide a uniquely identifiable piece of information with every transaction.  That is your digital signature, which only the account's owner can create.  However, the issue with wallet-stealing is that the private key used (in tandem with the public key or address) to create that digital signature is compromised, making the original account owner no longer the only account owner.
I wonder if it is possible to store my bitcoin private key on smart card.
joepie91
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


View Profile
June 18, 2011, 09:54:54 AM
 #40

Possibly, but it needs a propagation method and a new C&C server or destination address since that's been blocked. Its an arms race I agree.

Keep your wallet encrypted and only decrypt for transactions, use TrueCrypt.
These stealers typically get run once (bound to a legit application) and then exit and never run again. They only need to steal your wallet once. So no C&C is involved.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!