Bitcoin Forum
December 11, 2024, 10:41:05 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 »
  Print  
Author Topic: Trojan Wallet stealer be careful  (Read 50296 times)
SomeoneWeird
Hero Member
*****
Offline Offline

Activity: 700
Merit: 500


View Profile
June 18, 2011, 10:11:25 AM
 #41

Possibly, but it needs a propagation method and a new C&C server or destination address since that's been blocked. Its an arms race I agree.

Keep your wallet encrypted and only decrypt for transactions, use TrueCrypt.
These stealers typically get run once (bound to a legit application) and then exit and never run again. They only need to steal your wallet once. So no C&C is involved.

Yeah, he's thinking of a RAT.
Coin.Karma
Full Member
***
Offline Offline

Activity: 189
Merit: 100



View Profile
June 18, 2011, 11:35:36 AM
 #42

thanks a lot for getting out something like this. Helps protect the people with less knowledge from evil, haha...
toogreen
Newbie
*
Offline Offline

Activity: 32
Merit: 0



View Profile
June 18, 2011, 02:23:50 PM
 #43

Installing and using Linux instead of Windows is a great first step to avoid getting hit by these trojans.
goodlord666
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250


100%


View Profile
June 18, 2011, 04:17:16 PM
 #44

Thanks

kuloch
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
June 18, 2011, 06:15:26 PM
Last edit: June 18, 2011, 06:47:12 PM by kuloch
 #45

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/
In fact encryption is useless if you enter your password with your keyboard. If your computer gets compromised by a trojan it can read your password with a keylogger.

Not 100% secure does not equate to useless.  In this case, the trojan checks for the wallet.dat file and sends it back to its server.  If those infected with this specific trojan had encrypted their wallet.dat file, then it would be useless to the thief.

However, your point does stand that encrypting the wallet.dat file alone is not adequately secure.  There are plenty of keyloggers in the wild.  But it should be considered one of many steps taken toward security, rather than being the only one.  Multi-layered security approaches are much stronger than taking just 1 decent step.

Quote from: kuloch
Part of the point of BitCoin is that everything is completely traceable.  Check out blockexplorer.com.  The "seller" does provide a uniquely identifiable piece of information with every transaction.  That is your digital signature, which only the account's owner can create.  However, the issue with wallet-stealing is that the private key used (in tandem with the public key or address) to create that digital signature is compromised, making the original account owner no longer the only account owner.
I wonder if it is possible to store my bitcoin private key on smart card.

The private key is in your wallet.dat, so either just back up the entire wallet.dat or use a tool (they exist, I think I've read?) that extracts your public/private key pair(s).  Worth noting is that if this practice becomes commonplace, trojans and such will start looking for this form of information, as well.

YinCoin YangCoin ☯☯First Ever POS/POW Alternator! Multipool! ☯ ☯ http://yinyangpool.com/ 
https://bitcointalk.org/index.php?topic=623937
Bwincoin - 100% Free POS. BCc7XkRRbzy7cJkg4QTrA7JzseTAHgmc2A
osborn_20
Member
**
Offline Offline

Activity: 336
Merit: 10


View Profile WWW
June 18, 2011, 09:11:15 PM
 #46

Installing and using Linux instead of Windows is a great first step to avoid getting hit by these trojans.

You can always use both with a double partition.

But i think we need to start looking at more solutions for windows if we want the BTC market to expand itself. Nice to see some security companies are forming because of this.

BTC success may depend on them.

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
WINSTARS -   We are changing the face of gamblingWHITEPAPERANN THREADTELEGRAMFACEBOOK ● Twitter
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
jpp
Newbie
*
Offline Offline

Activity: 20
Merit: 19



View Profile
June 18, 2011, 10:58:15 PM
 #47

for windows users, I think the safer is to use services like mybitcoin.
To be safer, mybitcoin should implement otp like google (the otp app on iphone and android are cool, you can create several accounts)
joepie91
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


View Profile
June 19, 2011, 12:07:47 AM
 #48

for windows users, I think the safer is to use services like mybitcoin.
To be safer, mybitcoin should implement otp like google (the otp app on iphone and android are cool, you can create several accounts)
On the other hand, if you use a web wallet you have to trust that they will adequately protect your funds whereas with a wallet on your own pc you can make it as secure as you want.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
joshuad31
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
June 19, 2011, 01:09:07 AM
 #49

I would like for someone to respond to what is written here:
https://en.bitcoin.it/wiki/Talk:Securing_your_wallet#Flaws_with_argument_regarding_encryption

Because the way I see it bitcoin needs a way to encrypt a wallet file and read a wallet file that always remains encrypted.  This is a fundamental flaw with the system.  Don't you think its quite humorous that a system designed to transmit and verify funds which is built upon very advanced cryptography leaves the primary agent completely unencrypted.  Think about this for a second.  Bitcoin = cryptocurrency.  Bitcoin Wallet = completely unencrypted.  This makes no sense.  I mean does this make sense to you?  So all these people who praise Satoshi Nakamoto for his genius regarding using cryptography to allow for anonymous transactions of currency can't or won't take it upon themselves to create software that will encrypt and read an encrypted wallet.  Why?

Maybe the inventors of bitcoin are the ones we need to be holding accountable for this problem.  If bitcoin simply was able to read a wallet that was always encrypted none of us would be having this discussion.  End of story.
Scompee
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
June 19, 2011, 06:50:59 AM
 #50

This is terrible Sad
jpp
Newbie
*
Offline Offline

Activity: 20
Merit: 19



View Profile
June 19, 2011, 09:26:56 AM
 #51

No, even with encryption, if you are using windows, a trojan can steel your wallet after having read the password with a keylogger.
joepie91
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


View Profile
June 19, 2011, 12:01:10 PM
 #52

No, even with encryption, if you are using windows, a trojan can steel your wallet after having read the password with a keylogger.
In comparison, right now you can just steal the wallet file from a mounted Truecrypt partition in 2 seconds and be done with it. Comparing that to needing a keylogger for a prolonged time to be able to decrypt the wallet in the first place... an always-encrypted wallet would be a VERY good idea.

There's always the input-through-mouse PIN system.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
AaronBarr
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
June 19, 2011, 12:02:53 PM
 #53

No need of trojans! There is way easier using broadcasting to locate victims!
Synaesthesia
Sr. Member
****
Offline Offline

Activity: 546
Merit: 253


View Profile
June 19, 2011, 01:18:35 PM
 #54

Alright so I should create another bitcoin account seperate to my mining account, and encrypt that.
vernes
Newbie
*
Offline Offline

Activity: 18
Merit: 0


View Profile
June 19, 2011, 02:29:45 PM
 #55

well this is some fucked up shit man Sad
vernes
Newbie
*
Offline Offline

Activity: 18
Merit: 0


View Profile
June 19, 2011, 02:32:21 PM
 #56

i'm definetly gonna lookout for this shit
mvd7793
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
June 19, 2011, 09:29:04 PM
 #57

Bitcoins are popular enough to have special viruses! That's good news at least.
ivank2139
Newbie
*
Offline Offline

Activity: 27
Merit: 0


View Profile
June 19, 2011, 09:44:48 PM
 #58

If I understand this correclty the wallet.dat file needs to be kept in an encrypted volume, for example truecrypt.  Can Anyone advise me and others as to how we should setup and operate the bitcoin with a TruCrypt encrypted volume?
adamncsu
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
June 20, 2011, 07:26:22 PM
 #59

funny. in the same post warning about installing programs linked from the forums, he posts a link to a program.
http
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
June 20, 2011, 09:39:00 PM
 #60

I've read quite a few times in this thread to make backups of your bitcoin wallet. But if I'm not completely wrong, then even stealing just the backup data results in losing all your bitcoins. So from a security perspective, better don't make backup copies!

Instead of buying a notebook, I would store a wallet with a fixed amount on a new memory stick. Plug it in only when you intend to pay with it. Don't store more than you could afford to lose on each stick. Delete all backups on computer after using the wallet. And plug it only into computers you know that are clean.
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!