Bitcoin Forum
December 09, 2016, 02:19:25 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 »
  Print  
Author Topic: Trojan Wallet stealer be careful  (Read 47113 times)
twobits
Sr. Member
****
Offline Offline

Activity: 336

Firstbits: 1a6taw


View Profile
June 17, 2011, 01:20:14 PM
 #21

If you have more than 1000 Bitcoins in your wallet:

1. get yourself a low cost netbook.
2. Install not bloated linux (like archlinux) or FreeBSD or OpenBSD (in order of growing paranoia).


Damn, I used NetBSD,  time to reformat!

I was wondering though,  how well would a cheap android tablet work?  They seem even cheaper then netbooks these
days, but no idea yet how secure they are, nor even if you can run bitcoin on them.




1481249965
Hero Member
*
Offline Offline

Posts: 1481249965

View Profile Personal Message (Offline)

Ignore
1481249965
Reply with quote  #2

1481249965
Report to moderator
1481249965
Hero Member
*
Offline Offline

Posts: 1481249965

View Profile Personal Message (Offline)

Ignore
1481249965
Reply with quote  #2

1481249965
Report to moderator
1481249965
Hero Member
*
Offline Offline

Posts: 1481249965

View Profile Personal Message (Offline)

Ignore
1481249965
Reply with quote  #2

1481249965
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481249965
Hero Member
*
Offline Offline

Posts: 1481249965

View Profile Personal Message (Offline)

Ignore
1481249965
Reply with quote  #2

1481249965
Report to moderator
1481249965
Hero Member
*
Offline Offline

Posts: 1481249965

View Profile Personal Message (Offline)

Ignore
1481249965
Reply with quote  #2

1481249965
Report to moderator
disposablecode
Newbie
*
Offline Offline

Activity: 2


View Profile
June 17, 2011, 02:25:28 PM
 #22

Greetings,

I believe the simplest approach to mitigate risks associated with contracting trojans would to only engage in BitCoin transactions from the security of a VMWARE image that's sole purpose is for just that.


What do you all think?
mr-sk
Member
**
Offline Offline

Activity: 67



View Profile WWW
June 17, 2011, 03:12:06 PM
 #23

The thing about this trojan is that it looks in the default dir for the wallet.dat file. It doesn't do an exhaustive search of the filesystem. So a simple fix is to not install the bitcoin client in the default location.

Botcoin - An Open Source PHP Bitcoin bot for retrieving market data.
Enjoy it, please donate: 1K2JWmpd75ehXxco1SWtGLaceQsRytpyEv
peedee
Newbie
*
Offline Offline

Activity: 28


View Profile
June 17, 2011, 03:27:37 PM
 #24

The thing about this trojan is that it looks in the default dir for the wallet.dat file. It doesn't do an exhaustive search of the filesystem. So a simple fix is to not install the bitcoin client in the default location.

By the time your were typing that it will have probably evolved to something more smart and will keep doing so.
mr-sk
Member
**
Offline Offline

Activity: 67



View Profile WWW
June 17, 2011, 05:08:35 PM
 #25

Possibly, but it needs a propagation method and a new C&C server or destination address since that's been blocked. Its an arms race I agree.

Keep your wallet encrypted and only decrypt for transactions, use TrueCrypt.

Botcoin - An Open Source PHP Bitcoin bot for retrieving market data.
Enjoy it, please donate: 1K2JWmpd75ehXxco1SWtGLaceQsRytpyEv
Desu
Newbie
*
Offline Offline

Activity: 28



View Profile
June 17, 2011, 05:15:28 PM
 #26

If there is fear of hack through a computer source, put a savings wallet it on a usb only decrypt it when needed.

Tip me?
1KBuL4At3kKEsBbDwAqKa16CG4nbyjosdD
That's right, I'm a girl on the Interwebz
http://flipforbits.com/?id=1570
Spend cheaply, Win More. : ]
Coolty
Newbie
*
Offline Offline

Activity: 17


View Profile
June 17, 2011, 05:18:05 PM
 #27

It only makes sense that a trojan specializing in this would pop up.
Quantus
Hero Member
*****
Offline Offline

Activity: 669



View Profile
June 17, 2011, 06:10:57 PM
 #28

can you put an encrypted file inside another encrypted file? Huh

(I am a 1MB block supporter who thinks all users should be using Full-Node clients)
Avoid the XT shills, they only want to destroy bitcoin, their hubris and greed will destroy us.
Know your adversary https://www.youtube.com/watch?v=BKorP55Aqvg
Desu
Newbie
*
Offline Offline

Activity: 28



View Profile
June 17, 2011, 06:13:25 PM
 #29

can you put an encrypted file inside another encrypted file? Huh
I once asked if you can zip a bunch of zip files. Lol

Tip me?
1KBuL4At3kKEsBbDwAqKa16CG4nbyjosdD
That's right, I'm a girl on the Interwebz
http://flipforbits.com/?id=1570
Spend cheaply, Win More. : ]
im3w1l
Sr. Member
****
Offline Offline

Activity: 280


View Profile
June 17, 2011, 06:35:14 PM
 #30

I have a simpler method than the netbook one, almost as safe. Make yourself a lot of wallets, with a fixed amount per wallet. Whenever you need to buy something, unencrypt the first wallet, send btc. Then proceed with the others. In this way, you can only lose one wallets worth.
Another advantage, which of course could also be gotten by with multiple addresses in a single wallet, is that your holdings wont stand out in block explorer (could potentially make you a target)
nikitasister
Newbie
*
Offline Offline

Activity: 6


View Profile
June 17, 2011, 08:19:56 PM
 #31

Thanks for the advices. I'm using the last portable version of FreeOTFE http://strcpy.ueuo.com/FreeOTFEExplorer_3_53.zip

17hCoDY6AxC1fn2SGHNUDgz9AToS5rznue
Run BTC
Newbie
*
Offline Offline

Activity: 5


View Profile
June 17, 2011, 08:58:52 PM
 #32

Be sure to check out  http://www.bitprotection.info  - wallet backup 100 percent coverage protection ... you can encrypt all day but once you loose it there is noway of getting the value of your BTC back until now ...

Bookmarked. Thanks for the heads-up.
bsd
Jr. Member
*
Offline Offline

Activity: 42


View Profile
June 18, 2011, 12:17:25 AM
 #33

I'm loving all the talk here about BSD. FreeBSD ftw.

OpenCL mining on GPUs isn't supported in FreeBSD though Sad
Seiks
Newbie
*
Offline Offline

Activity: 3


View Profile
June 18, 2011, 02:41:43 AM
 #34

Yeah... It bothers me not being able to mine opencl on GPU in freebsd :/
Saint Cad
Newbie
*
Offline Offline

Activity: 14


View Profile
June 18, 2011, 03:21:32 AM
 #35

Within an hour after downloading the client, Spyware Doctor found a trojan on my computer.  Coincidence?
Tech-Boy
Newbie
*
Offline Offline

Activity: 6


View Profile
June 18, 2011, 04:05:46 AM
 #36

Wow 25kbtc Wow Sad
kuloch
Member
**
Offline Offline

Activity: 70


View Profile
June 18, 2011, 05:04:38 AM
 #37

mmmmm, would've been helpful to describe the trojan scam.
You can read it here. https://forum.bitcoin.org/index.php?topic=16457.0

As a Newbie, I can't post on that thread.

So, here's my thought on the subject.

If Bitcoins are a set of digital Alpha/numerric characters for each Bitcoin, then each REAL transaction should add the sellers 'input' characters to the code that verify that the seller ACTUALLY sold them to a Specific buyer, who know has them in his Account/s. They need to be traceable, that way.
So, stealing them would not add any verifiable characters to each Bitcoin, which should render them worthless to the thief, but still holding their value for the owner they were 'stolen' from.
IF he was SMART enough to keep them backed-up, then he'd still have his version of the digital docs, that have his code attached to them,

NO?

No.

Part of the point of BitCoin is that everything is completely traceable.  Check out blockexplorer.com.  The "seller" does provide a uniquely identifiable piece of information with every transaction.  That is your digital signature, which only the account's owner can create.  However, the issue with wallet-stealing is that the private key used (in tandem with the public key or address) to create that digital signature is compromised, making the original account owner no longer the only account owner.

E.g., if you tell me your private key, I now own your account just as much as you do, for all intents and purposes.

YinCoin YangCoin ☯☯First Ever POS/POW Alternator! Multipool! ☯ ☯ http://yinyangpool.com/ 
https://bitcointalk.org/index.php?topic=623937
Bwincoin - 100% Free POS. BCc7XkRRbzy7cJkg4QTrA7JzseTAHgmc2A
chicki
Newbie
*
Offline Offline

Activity: 3


View Profile
June 18, 2011, 06:32:36 AM
 #38

Sigh.  Always a pickpocket in the crowd.
apflux
Newbie
*
Offline Offline

Activity: 6


View Profile
June 18, 2011, 08:10:36 AM
 #39

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/
In fact encryption is useless if you enter your password with your keyboard. If your computer gets compromised by a trojan it can read your password with a keylogger.

Quote from: kuloch
Part of the point of BitCoin is that everything is completely traceable.  Check out blockexplorer.com.  The "seller" does provide a uniquely identifiable piece of information with every transaction.  That is your digital signature, which only the account's owner can create.  However, the issue with wallet-stealing is that the private key used (in tandem with the public key or address) to create that digital signature is compromised, making the original account owner no longer the only account owner.
I wonder if it is possible to store my bitcoin private key on smart card.
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 18, 2011, 09:54:54 AM
 #40

Possibly, but it needs a propagation method and a new C&C server or destination address since that's been blocked. Its an arms race I agree.

Keep your wallet encrypted and only decrypt for transactions, use TrueCrypt.
These stealers typically get run once (bound to a legit application) and then exit and never run again. They only need to steal your wallet once. So no C&C is involved.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!