Trojan Wallet stealer be careful

[Nefario]

There is a (new?) trojan wallet stealer out in the wild ATM.

Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).

Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

You have been warned.

Nefario

[darbsllim]

Thanks for the tip!

[NothinG]

There is a (new?) trojan wallet stealer out in the wild ATM.

Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).

Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

You have been warned.

Nefario

Thanks for the warning and the link to this *cough* software.

[Nefario]

There is a (new?) trojan wallet stealer out in the wild ATM.

Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).

Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

You have been warned.

Nefario

Thanks for the warning and the link to this *cough* software.

Why whats wrong with this?

It's OpenSource, fairly well know, a well know domain, from a fairly well known user (me), whats the problem?

[NothinG]

Why whats wrong with this?

It's OpenSource, fairly well know, a well know domain, from a fairly well known user (me), whats the problem?

I didn't notice it was a sticky until I made the post.
Then after I noticed it was a stick, I looked at who posted it.

You have to admit it's a bit ironic.

[Nefario]

Why whats wrong with this?

It's OpenSource, fairly well know, a well know domain, from a fairly well known user (me), whats the problem?

I didn't notice it was a sticky until I made the post.
Then after I noticed it was a stick, I looked at who posted it.

You have to admit it's a bit ironic.

What that I'm say "be careful what you download it could be a virus, download this to protect"? I've no idea what you're talking about 

[NothinG]

There is a (new?) trojan wallet stealer out in the wild ATM.

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

Yeah, I know about the messages in the middle.
My eyes skip over a lot of words sometimes.

[Reikoku]

Is the trojan only for Windows or need the rest of us be scared too?

[TheGer]

If you're so paranoid about external links to encryption software then use the windows file encryption option.  If you're using Windows ofcourse....   

[kokojie]

Use 7-zip is easiest, AES-256 encryption

[Grix]

You don't need to encrypt your wallet. You can just move your bitcoin data folder usually located in %appdata% to another location, and edit the bitcoin client shortcut's target from:

Code:

"C:\bitcoin-install-directory"

to

Code:

"C:\bitcoin-install-directory" -datadir=C:\bitcoin-data-folder

[eturnerx]

You don't need to encrypt your wallet. You can just move your bitcoin data folder usually located in %appdata% to another location, and edit the bitcoin client shortcut's target from:

Code:

"C:\bitcoin-install-directory"

to

Code:

"C:\bitcoin-install-directory" -datadir=C:\bitcoin-data-folder

This is an interim solution at best - until the trojans start scanning the whole HD for a wallet.dat. Still much better than doing nothing!

[cablepair]

I have a solution! Download and install a much more secure operating system its called linux. Did I mention its free too? 

[NothinG]

I have a solution! Download and install a much more secure operating system its called linux. Did I mention its free too? 

Just because it's a different operating system doesn't mean there aren't hackers who don't know how to get the wallet.dat
Always take precaution when downloading / installing / running files.

[BitPorium]

What i do is have my wallet on a dedicated machine that is never used for anything at all!, Encrypted partitions don't hurt. But I guess no on e can every really be truly secure! Perhaps transfer your money to a wallet that is never used online! stored in a couple of External drives. Maybe in gmail, a nice strong password in 7zip is VITAL! Operating system doesn't matter, Linux isn't more secure because it's better but because its not as profitable! If 50%+ of the world was on Ubuntu there would be just as much crap on there too!

[joepie91]

What i do is have my wallet on a dedicated machine that is never used for anything at all!, Encrypted partitions don't hurt. But I guess no on e can every really be truly secure! Perhaps transfer your money to a wallet that is never used online! stored in a couple of External drives. Maybe in gmail, a nice strong password in 7zip is VITAL! Operating system doesn't matter, Linux isn't more secure because it's better but because its not as profitable! If 50%+ of the world was on Ubuntu there would be just as much crap on there too!

Not entirely true. Linux is absolutely more secure by design, and even *if* more than half of the world was using Linux for their desktop machines, it would be considerably harder to write successful hardware for Linux systems than it would be for Windows systems.
I do agree however that a wallet stealer would be just as successful on Linux, seeing as your wallet is stored in your /home directory, and is thus accessible freely by anything you run. A "wallet stealer" really isn't anything more than something that emails/uploads a file in your user directory.

If anything, the wallet needs to be encrypted by default (through the client, and not by third-party software, so that you never need to have an unencrypted copy accessible as is the case with Truecrypt etc).

[BitPorium]

What i do is have my wallet on a dedicated machine that is never used for anything at all!, Encrypted partitions don't hurt. But I guess no on e can every really be truly secure! Perhaps transfer your money to a wallet that is never used online! stored in a couple of External drives. Maybe in gmail, a nice strong password in 7zip is VITAL! Operating system doesn't matter, Linux isn't more secure because it's better but because its not as profitable! If 50%+ of the world was on Ubuntu there would be just as much crap on there too!

Not entirely true. Linux is absolutely more secure by design, and even *if* more than half of the world was using Linux for their desktop machines, it would be considerably harder to write successful hardware for Linux systems than it would be for Windows systems.
I do agree however that a wallet stealer would be just as successful on Linux, seeing as your wallet is stored in your /home directory, and is thus accessible freely by anything you run. A "wallet stealer" really isn't anything more than something that emails/uploads a file in your user directory.

If anything, the wallet needs to be encrypted by default (through the client, and not by third-party software, so that you never need to have an unencrypted copy accessible as is the case with Truecrypt etc).

I totally agree. Default encryption is really needed. Amazing how such a secure network is so insecure at the client level. Something has to be put in place ASAP.

[Jazkal]

Bitcoin is getting more and more attention. It is getting tested from so many different angles. I hope it can survive all the attacks.

I agree that there needs to be an integrated, encrypted wallet in the base app. Or are there other apps that replace that functionality?

[Ampix0]

I coded a stealer just to see what a detection rate would be. I never released it of course. It was coded in VB.net it is shit anyway XD and obviously very loud and noticeable. I'll learn a real language some day.

[Fireball]

Different OS doesn't matter that much (I can show you numerous documented security holes in popular Linux distros). What matters is how you care about your data being vulnerable. If you leave your wallet full of money in a car on the street, it doesn't really matter that much if it's an expensive Mercedes or a cheap Fiat: it may be stolen just by breaking the car's glass.

However, there are some uses for lowering the probability of getting hacked. For example, as an additional security measure, one could use a standalone laptop with a totally different OS and CPU (say, PowerBook with a PowerPC CP)U, so that email trojans which use Windows's software vulnerabilities won't work, plus no x86 code won't work because it's a PPC CPU.