Bitcoin Forum
December 05, 2016, 10:33:18 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 »  All
  Print  
Author Topic: Trojan Wallet stealer be careful  (Read 176091 times)
Nefario
Hero Member
*****
Offline Offline

Activity: 602


GLBSE Support support@glbse.com


View Profile WWW
June 17, 2011, 06:29:09 AM
 #1

There is a (new?) trojan wallet stealer out in the wild ATM.

Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).

Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

You have been warned.

Nefario

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480933998
Hero Member
*
Offline Offline

Posts: 1480933998

View Profile Personal Message (Offline)

Ignore
1480933998
Reply with quote  #2

1480933998
Report to moderator
1480933998
Hero Member
*
Offline Offline

Posts: 1480933998

View Profile Personal Message (Offline)

Ignore
1480933998
Reply with quote  #2

1480933998
Report to moderator
darbsllim
Sr. Member
****
Offline Offline

Activity: 294


Founder, Filmmaker, Fun Guy


View Profile WWW
June 17, 2011, 10:00:19 AM
 #2

Thanks for the tip!

Brad Mills
Former miner - Former Bitcoin Business Owner - Victim of the Great Bitcoin Crashes of 2011 and 2012
NothinG
Hero Member
*****
Offline Offline

Activity: 560



View Profile
June 17, 2011, 11:17:04 AM
 #3

There is a (new?) trojan wallet stealer out in the wild ATM.

Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).

Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

You have been warned.

Nefario
Thanks for the warning and the link to this *cough* software.

Nefario
Hero Member
*****
Offline Offline

Activity: 602


GLBSE Support support@glbse.com


View Profile WWW
June 17, 2011, 11:49:05 AM
 #4

There is a (new?) trojan wallet stealer out in the wild ATM.

Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).

Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

You have been warned.

Nefario
Thanks for the warning and the link to this *cough* software.


Why whats wrong with this?

It's OpenSource, fairly well know, a well know domain, from a fairly well known user (me), whats the problem?

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
NothinG
Hero Member
*****
Offline Offline

Activity: 560



View Profile
June 17, 2011, 12:42:14 PM
 #5

Why whats wrong with this?

It's OpenSource, fairly well know, a well know domain, from a fairly well known user (me), whats the problem?
I didn't notice it was a sticky until I made the post.
Then after I noticed it was a stick, I looked at who posted it.

You have to admit it's a bit ironic. Cheesy

Nefario
Hero Member
*****
Offline Offline

Activity: 602


GLBSE Support support@glbse.com


View Profile WWW
June 17, 2011, 01:02:22 PM
 #6

Why whats wrong with this?

It's OpenSource, fairly well know, a well know domain, from a fairly well known user (me), whats the problem?
I didn't notice it was a sticky until I made the post.
Then after I noticed it was a stick, I looked at who posted it.

You have to admit it's a bit ironic. Cheesy

What that I'm say "be careful what you download it could be a virus, download this to protect"? I've no idea what you're talking about  Tongue

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
NothinG
Hero Member
*****
Offline Offline

Activity: 560



View Profile
June 17, 2011, 01:05:47 PM
 #7

There is a (new?) trojan wallet stealer out in the wild ATM.

Yeah, I know about the messages in the middle.
My eyes skip over a lot of words sometimes.

Reikoku
Full Member
***
Offline Offline

Activity: 140


firstbits: 1kwc1p


View Profile
June 17, 2011, 03:03:33 PM
 #8

Is the trojan only for Windows or need the rest of us be scared too? Embarrassed

Rei | 1Kwc1pqv54jCg8jvnm3Gu1dqFQYhS34Bow
Trades So Far: 7
TheGer
Hero Member
*****
Offline Offline

Activity: 490



View Profile
June 17, 2011, 03:11:21 PM
 #9

If you're so paranoid about external links to encryption software then use the windows file encryption option.  If you're using Windows ofcourse....   Wink
kokojie
Legendary
*
Offline Offline

Activity: 1498



View Profile WWW
June 17, 2011, 03:30:53 PM
 #10

Use 7-zip is easiest, AES-256 encryption

If my post has been helpful, send me some love -> BTC: 1kokojUapmWqCqPw3Ch2rjcVh57tJEzka | PPC: PDyXAgA8eH47gokVW6zVZPSuu15aao5nZF | Bitshares: kokojie
My reputation
Grix
Hero Member
*****
Offline Offline

Activity: 536



View Profile WWW
June 18, 2011, 11:47:27 AM
 #11

You don't need to encrypt your wallet. You can just move your bitcoin data folder usually located in %appdata% to another location, and edit the bitcoin client shortcut's target from:

Code:
"C:\bitcoin-install-directory"

to

Code:
"C:\bitcoin-install-directory" -datadir=C:\bitcoin-data-folder

Buy High Powered Lasers from BitLasers.com
BTC: 1Fahk2aa4NS4Qds4VDAL4mpNArDEdV2K5K
eturnerx
Member
**
Offline Offline

Activity: 70


View Profile WWW
June 18, 2011, 01:03:28 PM
 #12

You don't need to encrypt your wallet. You can just move your bitcoin data folder usually located in %appdata% to another location, and edit the bitcoin client shortcut's target from:

Code:
"C:\bitcoin-install-directory"

to

Code:
"C:\bitcoin-install-directory" -datadir=C:\bitcoin-data-folder
This is an interim solution at best - until the trojans start scanning the whole HD for a wallet.dat. Still much better than doing nothing!

WatchMine - get Bitcoin prices and pool stats on your Mobile
cablepair
Hero Member
*****
Offline Offline

Activity: 854


https://btc-republic.com/index.php?ref=cablepair


View Profile WWW
June 18, 2011, 09:09:42 PM
 #13

I have a solution! Download and install a much more secure operating system its called linux. Did I mention its free too?  Roll Eyes
NothinG
Hero Member
*****
Offline Offline

Activity: 560



View Profile
June 19, 2011, 12:46:25 AM
 #14

I have a solution! Download and install a much more secure operating system its called linux. Did I mention its free too?  Roll Eyes
Just because it's a different operating system doesn't mean there aren't hackers who don't know how to get the wallet.dat
Always take precaution when downloading / installing / running files.

BitPorium
Hero Member
*****
Offline Offline

Activity: 501


View Profile
June 19, 2011, 12:53:33 AM
 #15

What i do is have my wallet on a dedicated machine that is never used for anything at all!, Encrypted partitions don't hurt. But I guess no on e can every really be truly secure! Perhaps transfer your money to a wallet that is never used online! stored in a couple of External drives. Maybe in gmail, a nice strong password in 7zip is VITAL! Operating system doesn't matter, Linux isn't more secure because it's better but because its not as profitable! If 50%+ of the world was on Ubuntu there would be just as much crap on there too!
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 19, 2011, 12:17:10 PM
 #16

What i do is have my wallet on a dedicated machine that is never used for anything at all!, Encrypted partitions don't hurt. But I guess no on e can every really be truly secure! Perhaps transfer your money to a wallet that is never used online! stored in a couple of External drives. Maybe in gmail, a nice strong password in 7zip is VITAL! Operating system doesn't matter, Linux isn't more secure because it's better but because its not as profitable! If 50%+ of the world was on Ubuntu there would be just as much crap on there too!
Not entirely true. Linux is absolutely more secure by design, and even *if* more than half of the world was using Linux for their desktop machines, it would be considerably harder to write successful hardware for Linux systems than it would be for Windows systems.
I do agree however that a wallet stealer would be just as successful on Linux, seeing as your wallet is stored in your /home directory, and is thus accessible freely by anything you run. A "wallet stealer" really isn't anything more than something that emails/uploads a file in your user directory.

If anything, the wallet needs to be encrypted by default (through the client, and not by third-party software, so that you never need to have an unencrypted copy accessible as is the case with Truecrypt etc).

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
BitPorium
Hero Member
*****
Offline Offline

Activity: 501


View Profile
June 19, 2011, 01:02:16 PM
 #17

What i do is have my wallet on a dedicated machine that is never used for anything at all!, Encrypted partitions don't hurt. But I guess no on e can every really be truly secure! Perhaps transfer your money to a wallet that is never used online! stored in a couple of External drives. Maybe in gmail, a nice strong password in 7zip is VITAL! Operating system doesn't matter, Linux isn't more secure because it's better but because its not as profitable! If 50%+ of the world was on Ubuntu there would be just as much crap on there too!
Not entirely true. Linux is absolutely more secure by design, and even *if* more than half of the world was using Linux for their desktop machines, it would be considerably harder to write successful hardware for Linux systems than it would be for Windows systems.
I do agree however that a wallet stealer would be just as successful on Linux, seeing as your wallet is stored in your /home directory, and is thus accessible freely by anything you run. A "wallet stealer" really isn't anything more than something that emails/uploads a file in your user directory.

If anything, the wallet needs to be encrypted by default (through the client, and not by third-party software, so that you never need to have an unencrypted copy accessible as is the case with Truecrypt etc).
I totally agree. Default encryption is really needed. Amazing how such a secure network is so insecure at the client level. Something has to be put in place ASAP.
Jazkal
Sr. Member
****
Offline Offline

Activity: 319



View Profile
June 19, 2011, 07:32:26 PM
 #18

Bitcoin is getting more and more attention. It is getting tested from so many different angles. I hope it can survive all the attacks.

I agree that there needs to be an integrated, encrypted wallet in the base app. Or are there other apps that replace that functionality?
Ampix0
Full Member
***
Offline Offline

Activity: 168



View Profile WWW
June 23, 2011, 03:15:22 AM
 #19

I coded a stealer just to see what a detection rate would be. I never released it of course. It was coded in VB.net it is shit anyway XD and obviously very loud and noticeable. I'll learn a real language some day.

Fireball
Hero Member
*****
Offline Offline

Activity: 673


View Profile WWW
June 23, 2011, 09:08:43 PM
 #20

Different OS doesn't matter that much (I can show you numerous documented security holes in popular Linux distros). What matters is how you care about your data being vulnerable. If you leave your wallet full of money in a car on the street, it doesn't really matter that much if it's an expensive Mercedes or a cheap Fiat: it may be stolen just by breaking the car's glass.

However, there are some uses for lowering the probability of getting hacked. For example, as an additional security measure, one could use a standalone laptop with a totally different OS and CPU (say, PowerBook with a PowerPC CP)U, so that email trojans which use Windows's software vulnerabilities won't work, plus no x86 code won't work because it's a PPC CPU.

Margin trading platform OrderBook.net (ICBIT): https://orderbook.net
Follow us in Twitter: https://twitter.com/orderbooknet
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!