Bitcoin Forum
March 19, 2024, 02:07:57 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 »  All
  Print  
Author Topic: Trojan Wallet stealer be careful  (Read 180101 times)
Nefario (OP)
Hero Member
*****
Offline Offline

Activity: 602
Merit: 512


GLBSE Support support@glbse.com


View Profile WWW
June 17, 2011, 06:29:09 AM
 #1

There is a (new?) trojan wallet stealer out in the wild ATM.

Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).

Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

You have been warned.

Nefario

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
1710814077
Hero Member
*
Offline Offline

Posts: 1710814077

View Profile Personal Message (Offline)

Ignore
1710814077
Reply with quote  #2

1710814077
Report to moderator
1710814077
Hero Member
*
Offline Offline

Posts: 1710814077

View Profile Personal Message (Offline)

Ignore
1710814077
Reply with quote  #2

1710814077
Report to moderator
You get merit points when someone likes your post enough to give you some. And for every 2 merit points you receive, you can send 1 merit point to someone else!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1710814077
Hero Member
*
Offline Offline

Posts: 1710814077

View Profile Personal Message (Offline)

Ignore
1710814077
Reply with quote  #2

1710814077
Report to moderator
1710814077
Hero Member
*
Offline Offline

Posts: 1710814077

View Profile Personal Message (Offline)

Ignore
1710814077
Reply with quote  #2

1710814077
Report to moderator
darbsllim
Sr. Member
****
Offline Offline

Activity: 297
Merit: 251


Founder, Filmmaker, Fun Guy


View Profile
June 17, 2011, 10:00:19 AM
 #2

Thanks for the tip!

Brad Mills,
Investor - Former miner - Former Bitcoin Business Owner - Survivor of the Great Bitcoin Crashes of 2011 and 2012, the MtGox Heist of 2014 & the 2017 crypto bubble.
Bitrated user: bradmillscan.
NothinG
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500



View Profile
June 17, 2011, 11:17:04 AM
 #3

There is a (new?) trojan wallet stealer out in the wild ATM.

Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).

Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

You have been warned.

Nefario
Thanks for the warning and the link to this *cough* software.

Nefario (OP)
Hero Member
*****
Offline Offline

Activity: 602
Merit: 512


GLBSE Support support@glbse.com


View Profile WWW
June 17, 2011, 11:49:05 AM
 #4

There is a (new?) trojan wallet stealer out in the wild ATM.

Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).

Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

You have been warned.

Nefario
Thanks for the warning and the link to this *cough* software.


Why whats wrong with this?

It's OpenSource, fairly well know, a well know domain, from a fairly well known user (me), whats the problem?

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
NothinG
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500



View Profile
June 17, 2011, 12:42:14 PM
 #5

Why whats wrong with this?

It's OpenSource, fairly well know, a well know domain, from a fairly well known user (me), whats the problem?
I didn't notice it was a sticky until I made the post.
Then after I noticed it was a stick, I looked at who posted it.

You have to admit it's a bit ironic. Cheesy

Nefario (OP)
Hero Member
*****
Offline Offline

Activity: 602
Merit: 512


GLBSE Support support@glbse.com


View Profile WWW
June 17, 2011, 01:02:22 PM
 #6

Why whats wrong with this?

It's OpenSource, fairly well know, a well know domain, from a fairly well known user (me), whats the problem?
I didn't notice it was a sticky until I made the post.
Then after I noticed it was a stick, I looked at who posted it.

You have to admit it's a bit ironic. Cheesy

What that I'm say "be careful what you download it could be a virus, download this to protect"? I've no idea what you're talking about  Tongue

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
NothinG
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500



View Profile
June 17, 2011, 01:05:47 PM
 #7

There is a (new?) trojan wallet stealer out in the wild ATM.

Yeah, I know about the messages in the middle.
My eyes skip over a lot of words sometimes.

Reikoku
Full Member
***
Offline Offline

Activity: 140
Merit: 100


firstbits: 1kwc1p


View Profile
June 17, 2011, 03:03:33 PM
 #8

Is the trojan only for Windows or need the rest of us be scared too? Embarrassed

Rei | 1Kwc1pqv54jCg8jvnm3Gu1dqFQYhS34Bow
Trades So Far: 7
TheGer
Hero Member
*****
Offline Offline

Activity: 602
Merit: 500



View Profile
June 17, 2011, 03:11:21 PM
 #9

If you're so paranoid about external links to encryption software then use the windows file encryption option.  If you're using Windows ofcourse....   Wink
kokojie
Legendary
*
Offline Offline

Activity: 1792
Merit: 1003



View Profile
June 17, 2011, 03:30:53 PM
 #10

Use 7-zip is easiest, AES-256 encryption

btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
Grix
Hero Member
*****
Offline Offline

Activity: 536
Merit: 500



View Profile WWW
June 18, 2011, 11:47:27 AM
 #11

You don't need to encrypt your wallet. You can just move your bitcoin data folder usually located in %appdata% to another location, and edit the bitcoin client shortcut's target from:

Code:
"C:\bitcoin-install-directory"

to

Code:
"C:\bitcoin-install-directory" -datadir=C:\bitcoin-data-folder

BTC: 1Fahk2aa4NS4Qds4VDAL4mpNArDEdV2K5K
LaserShowGen Laser Show Software
Helios Laser Show Hardware
eturnerx
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
June 18, 2011, 01:03:28 PM
 #12

You don't need to encrypt your wallet. You can just move your bitcoin data folder usually located in %appdata% to another location, and edit the bitcoin client shortcut's target from:

Code:
"C:\bitcoin-install-directory"

to

Code:
"C:\bitcoin-install-directory" -datadir=C:\bitcoin-data-folder
This is an interim solution at best - until the trojans start scanning the whole HD for a wallet.dat. Still much better than doing nothing!
cablepair
Hero Member
*****
Offline Offline

Activity: 896
Merit: 1000


Buy this account on March-2019. New Owner here!!


View Profile WWW
June 18, 2011, 09:09:42 PM
 #13

I have a solution! Download and install a much more secure operating system its called linux. Did I mention its free too?  Roll Eyes
NothinG
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500



View Profile
June 19, 2011, 12:46:25 AM
 #14

I have a solution! Download and install a much more secure operating system its called linux. Did I mention its free too?  Roll Eyes
Just because it's a different operating system doesn't mean there aren't hackers who don't know how to get the wallet.dat
Always take precaution when downloading / installing / running files.

BitPorium
Hero Member
*****
Offline Offline

Activity: 590
Merit: 500


View Profile
June 19, 2011, 12:53:33 AM
 #15

What i do is have my wallet on a dedicated machine that is never used for anything at all!, Encrypted partitions don't hurt. But I guess no on e can every really be truly secure! Perhaps transfer your money to a wallet that is never used online! stored in a couple of External drives. Maybe in gmail, a nice strong password in 7zip is VITAL! Operating system doesn't matter, Linux isn't more secure because it's better but because its not as profitable! If 50%+ of the world was on Ubuntu there would be just as much crap on there too!
joepie91
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


View Profile
June 19, 2011, 12:17:10 PM
 #16

What i do is have my wallet on a dedicated machine that is never used for anything at all!, Encrypted partitions don't hurt. But I guess no on e can every really be truly secure! Perhaps transfer your money to a wallet that is never used online! stored in a couple of External drives. Maybe in gmail, a nice strong password in 7zip is VITAL! Operating system doesn't matter, Linux isn't more secure because it's better but because its not as profitable! If 50%+ of the world was on Ubuntu there would be just as much crap on there too!
Not entirely true. Linux is absolutely more secure by design, and even *if* more than half of the world was using Linux for their desktop machines, it would be considerably harder to write successful hardware for Linux systems than it would be for Windows systems.
I do agree however that a wallet stealer would be just as successful on Linux, seeing as your wallet is stored in your /home directory, and is thus accessible freely by anything you run. A "wallet stealer" really isn't anything more than something that emails/uploads a file in your user directory.

If anything, the wallet needs to be encrypted by default (through the client, and not by third-party software, so that you never need to have an unencrypted copy accessible as is the case with Truecrypt etc).

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
BitPorium
Hero Member
*****
Offline Offline

Activity: 590
Merit: 500


View Profile
June 19, 2011, 01:02:16 PM
 #17

What i do is have my wallet on a dedicated machine that is never used for anything at all!, Encrypted partitions don't hurt. But I guess no on e can every really be truly secure! Perhaps transfer your money to a wallet that is never used online! stored in a couple of External drives. Maybe in gmail, a nice strong password in 7zip is VITAL! Operating system doesn't matter, Linux isn't more secure because it's better but because its not as profitable! If 50%+ of the world was on Ubuntu there would be just as much crap on there too!
Not entirely true. Linux is absolutely more secure by design, and even *if* more than half of the world was using Linux for their desktop machines, it would be considerably harder to write successful hardware for Linux systems than it would be for Windows systems.
I do agree however that a wallet stealer would be just as successful on Linux, seeing as your wallet is stored in your /home directory, and is thus accessible freely by anything you run. A "wallet stealer" really isn't anything more than something that emails/uploads a file in your user directory.

If anything, the wallet needs to be encrypted by default (through the client, and not by third-party software, so that you never need to have an unencrypted copy accessible as is the case with Truecrypt etc).
I totally agree. Default encryption is really needed. Amazing how such a secure network is so insecure at the client level. Something has to be put in place ASAP.
Jazkal
Sr. Member
****
Offline Offline

Activity: 319
Merit: 250



View Profile
June 19, 2011, 07:32:26 PM
 #18

Bitcoin is getting more and more attention. It is getting tested from so many different angles. I hope it can survive all the attacks.

I agree that there needs to be an integrated, encrypted wallet in the base app. Or are there other apps that replace that functionality?
Ampix0
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile WWW
June 23, 2011, 03:15:22 AM
 #19

I coded a stealer just to see what a detection rate would be. I never released it of course. It was coded in VB.net it is shit anyway XD and obviously very loud and noticeable. I'll learn a real language some day.

Fireball
Hero Member
*****
Offline Offline

Activity: 674
Merit: 500


View Profile WWW
June 23, 2011, 09:08:43 PM
 #20

Different OS doesn't matter that much (I can show you numerous documented security holes in popular Linux distros). What matters is how you care about your data being vulnerable. If you leave your wallet full of money in a car on the street, it doesn't really matter that much if it's an expensive Mercedes or a cheap Fiat: it may be stolen just by breaking the car's glass.

However, there are some uses for lowering the probability of getting hacked. For example, as an additional security measure, one could use a standalone laptop with a totally different OS and CPU (say, PowerBook with a PowerPC CP)U, so that email trojans which use Windows's software vulnerabilities won't work, plus no x86 code won't work because it's a PPC CPU.

Margin trading platform OrderBook.net (ICBIT): https://orderbook.net
Follow us in Twitter: https://twitter.com/orderbooknet
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!