Trojan Wallet stealer be careful

[SomeoneWeird]

Possibly, but it needs a propagation method and a new C&C server or destination address since that's been blocked. Its an arms race I agree.

Keep your wallet encrypted and only decrypt for transactions, use TrueCrypt.

These stealers typically get run once (bound to a legit application) and then exit and never run again. They only need to steal your wallet once. So no C&C is involved.

Yeah, he's thinking of a RAT.

[1713506773]

1713506773

[1713506773]

1713506773

[1713506773]

1713506773

[Coin.Karma]

thanks a lot for getting out something like this. Helps protect the people with less knowledge from evil, haha...

[toogreen]

Installing and using Linux instead of Windows is a great first step to avoid getting hit by these trojans.

[goodlord666]

Thanks

[kuloch]

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

In fact encryption is useless if you enter your password with your keyboard. If your computer gets compromised by a trojan it can read your password with a keylogger.

Not 100% secure does not equate to useless.  In this case, the trojan checks for the wallet.dat file and sends it back to its server.  If those infected with this specific trojan had encrypted their wallet.dat file, then it would be useless to the thief.

However, your point does stand that encrypting the wallet.dat file alone is not adequately secure.  There are plenty of keyloggers in the wild.  But it should be considered one of many steps taken toward security, rather than being the only one.  Multi-layered security approaches are much stronger than taking just 1 decent step.

Part of the point of BitCoin is that everything is completely traceable.  Check out blockexplorer.com.  The "seller" does provide a uniquely identifiable piece of information with every transaction.  That is your digital signature, which only the account's owner can create.  However, the issue with wallet-stealing is that the private key used (in tandem with the public key or address) to create that digital signature is compromised, making the original account owner no longer the only account owner.

I wonder if it is possible to store my bitcoin private key on smart card.

The private key is in your wallet.dat, so either just back up the entire wallet.dat or use a tool (they exist, I think I've read?) that extracts your public/private key pair(s).  Worth noting is that if this practice becomes commonplace, trojans and such will start looking for this form of information, as well.

[osborn_20]

Installing and using Linux instead of Windows is a great first step to avoid getting hit by these trojans.

You can always use both with a double partition.

But i think we need to start looking at more solutions for windows if we want the BTC market to expand itself. Nice to see some security companies are forming because of this.

BTC success may depend on them.

[jpp]

for windows users, I think the safer is to use services like mybitcoin.
To be safer, mybitcoin should implement otp like google (the otp app on iphone and android are cool, you can create several accounts)

[joepie91]

for windows users, I think the safer is to use services like mybitcoin.
To be safer, mybitcoin should implement otp like google (the otp app on iphone and android are cool, you can create several accounts)

On the other hand, if you use a web wallet you have to trust that they will adequately protect your funds whereas with a wallet on your own pc you can make it as secure as you want.

[joshuad31]

I would like for someone to respond to what is written here:
https://en.bitcoin.it/wiki/Talk:Securing_your_wallet#Flaws_with_argument_regarding_encryption

Because the way I see it bitcoin needs a way to encrypt a wallet file and read a wallet file that always remains encrypted.  This is a fundamental flaw with the system.  Don't you think its quite humorous that a system designed to transmit and verify funds which is built upon very advanced cryptography leaves the primary agent completely unencrypted.  Think about this for a second.  Bitcoin = cryptocurrency.  Bitcoin Wallet = completely unencrypted.  This makes no sense.  I mean does this make sense to you?  So all these people who praise Satoshi Nakamoto for his genius regarding using cryptography to allow for anonymous transactions of currency can't or won't take it upon themselves to create software that will encrypt and read an encrypted wallet.  Why?

Maybe the inventors of bitcoin are the ones we need to be holding accountable for this problem.  If bitcoin simply was able to read a wallet that was always encrypted none of us would be having this discussion.  End of story.

[Scompee]

This is terrible

[jpp]

No, even with encryption, if you are using windows, a trojan can steel your wallet after having read the password with a keylogger.

[joepie91]

No, even with encryption, if you are using windows, a trojan can steel your wallet after having read the password with a keylogger.

In comparison, right now you can just steal the wallet file from a mounted Truecrypt partition in 2 seconds and be done with it. Comparing that to needing a keylogger for a prolonged time to be able to decrypt the wallet in the first place... an always-encrypted wallet would be a VERY good idea.

^{There's always the input-through-mouse PIN system.}

[AaronBarr]

No need of trojans! There is way easier using broadcasting to locate victims!

[Synaesthesia]

Alright so I should create another bitcoin account seperate to my mining account, and encrypt that.

[vernes]

well this is some fucked up shit man

[vernes]

i'm definetly gonna lookout for this shit

[mvd7793]

Bitcoins are popular enough to have special viruses! That's good news at least.

[ivank2139]

If I understand this correclty the wallet.dat file needs to be kept in an encrypted volume, for example truecrypt.  Can Anyone advise me and others as to how we should setup and operate the bitcoin with a TruCrypt encrypted volume?

[adamncsu]

funny. in the same post warning about installing programs linked from the forums, he posts a link to a program.

[http]

I've read quite a few times in this thread to make backups of your bitcoin wallet. But if I'm not completely wrong, then even stealing just the backup data results in losing all your bitcoins. So from a security perspective, better don't make backup copies!

Instead of buying a notebook, I would store a wallet with a fixed amount on a new memory stick. Plug it in only when you intend to pay with it. Don't store more than you could afford to lose on each stick. Delete all backups on computer after using the wallet. And plug it only into computers you know that are clean.