|
Altoidnerd (OP)
|
 |
December 05, 2013, 12:51:49 AM
Last edit: December 05, 2013, 04:49:29 AM by Altoidnerd |
|
I am not suggesting it is possible for such a thing to happen. I'll just tell my quick story.
I moderate /r/cryptomarkets and a user posted a link to an altcoin ticker. It's a google app and I tested it. I was not amused. His ticker messed with the browser settings immediately what I did not like. The guy had a short reddit history and even made a bunch of fake accounts to comment on his ticker.
Does anyone have the ability to see what the hell this thing is? I will point the file out if someone knows how to do this. I moved all my coins out of the wallets in this computer and into another. I need to know if this bastard came to cryptomarkets on purpose install malware or if he is just a noivce programmer with a glitchy app.
Edit: Should I move this to a different location in bitcointalk?
|
|
|
|
|
|
|
|
|
|
|
You can see the statistics of your reports to moderators on the "Report to moderator" pages.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
deepceleron
Legendary
 Offline
Activity: 1512
Merit: 1028
|
|
December 05, 2013, 04:30:19 AM |
|
http://www.thesnugg.com/news/2012/10/82000-chrome-users-infected-by-angry-birds-virus/What an approved app store app can do: It can also harvest personal data, such as credit card numbers and passwords, leaving Chrome users open to serious fraud and identity theft.Chrome bypasses administrator security checks by storing itself in the user profile instead of as an installed application. The best thing to do is wipe the %temp%, the user profile where google has stored stuff, remove anything google-installed including google updater (which can be very hard, it's like a virus, inserting itself as services, task scheduler tasks, etc.) and never let software from an advertising company run on your computer again. No promises that there isn't a trojan that escaped from the browser, but the malware could just be phishing and storing passwords in the browser sandbox. The last three months of chrome vulnerabilities, it's multiple pages: http://web.nvd.nist.gov/view/vuln/search-results?query=chrome&search_type=last3months&cves=onJust a recent advisory: http://msisac.cisecurity.org/advisories/2013/2013-099.cfm
|
|
|
|
|
|
Altoidnerd (OP)
|
|
December 05, 2013, 04:51:02 AM |
|
http://www.thesnugg.com/news/2012/10/82000-chrome-users-infected-by-angry-birds-virus/What an approved app store app can do: It can also harvest personal data, such as credit card numbers and passwords, leaving Chrome users open to serious fraud and identity theft.Chrome bypasses administrator security checks by storing itself in the user profile instead of as an installed application. The best thing to do is wipe the %temp%, the user profile where google has stored stuff, remove anything google-installed including google updater (which can be very hard, it's like a virus, inserting itself as services, task scheduler tasks, etc.) and never let software from an advertising company run on your computer again. No promises that there isn't a trojan that escaped from the browser, but the malware could just be phishing and storing passwords in the browser sandbox. The last three months of chrome vulnerabilities, it's multiple pages: http://web.nvd.nist.gov/view/vuln/search-results?query=chrome&search_type=last3months&cves=onJust a recent advisory: http://msisac.cisecurity.org/advisories/2013/2013-099.cfm Ok so I am justified in being suspicious. I obviously halted the program immediately and re installed chrome, but my computer is indeed changed because the fresh install of chrome "knows" about my desire to have an app channel or whatever its called. Am I at risk keeping my BTC on this computer? Shall I wipe her clean? |
|
|
|
deepceleron
Legendary
Offline
Activity: 1512
Merit: 1028
|
|
December 05, 2013, 05:43:30 AM |
|
remove anything google-installed.. and never let software from an advertising company run on your computer again.
and re installed chrome
Well, there's your problem. Here's a link to finding and killing the chrome browser user profile, I would go a step higher and remove the "google" subdirectory. http://techdows.com/2009/01/deleting-your-google-chrome-profile.htmlFirefox doesn't run apps, it doesn't let applications install plugins without your permission, it installs and stores data where programs are supposed to install, and is pretty strong when you don't have the "top offenders" like Java, Flash, or Acrobat plugins (that have never had releases without some 0-day exploit). Firefox developers will even piss off users to protect them from themselves. The requestpolicy add-in blocks all off-site requests, such as to advertising networks that can serve malicious content. I can make no statement that your computer is or is not compromised beyond a rooted browser, but I can say it will be trojan-horse free after a wipe and reload. A lesser step is to create a new username, which creates a new profile; lots of 'bad stuff' runs out of the user profile and %temp% directories that the user can write to in all systems, even in administrator locked-down machines. Then copy only the directories of known importance to your new profile, such as %appdata%\Bitcoin. However, consider that a credential stealer app has already been demonstrated in my first link above - the first order of business is to diligently change all your web site passwords from a secured platform soon. |
|
|
|
|
|
Altoidnerd (OP)
|
|
December 05, 2013, 05:59:22 AM |
|
remove anything google-installed.. and never let software from an advertising company run on your computer again.
and re installed chrome
Well, there's your problem. Here's a link to finding and killing the chrome browser user profile, I would go a step higher and remove the "google" subdirectory. http://techdows.com/2009/01/deleting-your-google-chrome-profile.htmlFirefox doesn't run apps, it doesn't let applications install plugins without your permission, it installs and stores data where programs are supposed to install, and is pretty strong when you don't have the "top offenders" like Java, Flash, or Acrobat plugins (that have never had releases without some 0-day exploit). Firefox developers will even piss off users to protect them from themselves. The requestpolicy add-in blocks all off-site requests, such as to advertising networks that can serve malicious content. I can make no statement that your computer is or is not compromised beyond a rooted browser, but I can say it will be trojan-horse free after a wipe and reload. A lesser step is to create a new username, which creates a new profile; lots of 'bad stuff' runs out of the user profile and %temp% directories that the user can write to in all systems, even in administrator locked-down machines. Then copy only the directories of known importance to your new profile, such as %appdata%\Bitcoin. However, consider that a credential stealer app has already been demonstrated in my first link above - the first order of business is to diligently change all your web site passwords from a secured platform soon. Ok. Thank you. I will definitely wipe it then. It's just not worth dicking with. Another user PMed me and is I suppose tesing the actual software to see what it is. Would it be Ok If I paid you .04? Since I really have to pay him if he tests it out. Edit: aw nevermind. I'll pay you both for being helpful I appreciate your advice. Consulting isn't free. Can I send to the BTC address there? |
|
|
|
deepceleron
Legendary
Offline
Activity: 1512
Merit: 1028
|
|
December 05, 2013, 06:08:32 AM |
|
Consider this a spear-phishing attack, if I want to find bitcoin users or users with secrets, where better to go than crypto? You don't have to pay anything, or if you do I'll consider it a donation to the web hosting fund (although I'm getting to the point where I should offer paid tech support when the solution is to Google for the exact question asked).
I would install to a new hard drive and keep the current drive image around for quite a while, who knows when you may discover you need to go back and get that forgotten IM password, site login, or savegame.
|
|
|
|
|
|
Altoidnerd (OP)
|
|
December 05, 2013, 06:20:59 AM |
|
Consider this a spear-phishing attack, if I want to find bitcoin users or users with secrets, where better to go than crypto? You don't have to pay anything, or if you do I'll consider it a donation to the web hosting fund (although I'm getting to the point where I should offer paid tech support when the solution is to Google for the exact question asked).
I would install to a new hard drive and keep the current drive image around for quite a while, who knows when you may discover you need to go back and get that forgotten IM password, site login, or savegame.
1fb0ce4e6a9091a461b74ac338ccd73e3b464d43e3cfc88914a7327f4510b6e9 It is one nice use of bitcoin or all cryptos I guess that we can transact business in this way without much friction. Don't even need to leave the house, and there's complete proof everyone stayed honest. You can and should offer your services for pay right here on a forum. Why not? I knew I'd come here and find someone who knows the answer to my question because I wanted to pay for a speedy, complete answer. There is definitely a demand for this. Think about how many times a lawyer is sitting on his ass watching TV, wishing he was making .01 BTC to type a sentence. A bitbounty site would be super cool. I'd use it. Thanks for your advice. One option is I can transfer my coins to another computer I own and just use this one for work. I'm seriously only thinking coin safety here. So it is in principle possible there is a little password cracker just trying its best to decrypt my wallets? |
|
|
|
|
Altoidnerd (OP)
|
|
December 05, 2013, 06:23:44 AM |
|
Consider this a spear-phishing attack, if I want to find bitcoin users or users with secrets, where better to go than crypto? You don't have to pay anything, or if you do I'll consider it a donation to the web hosting fund (although I'm getting to the point where I should offer paid tech support when the solution is to Google for the exact question asked).
I would install to a new hard drive and keep the current drive image around for quite a while, who knows when you may discover you need to go back and get that forgotten IM password, site login, or savegame.
And yeah. We need to get more mods we can't have this. |
|
|
|
deepceleron
Legendary
Offline
Activity: 1512
Merit: 1028
|
|
December 08, 2013, 09:24:13 AM |
|
Thanks for your advice. One option is I can transfer my coins to another computer I own and just use this one for work. I'm seriously only thinking coin safety here. So it is in principle possible there is a little password cracker just trying its best to decrypt my wallets?
Thanks, I didn't expect mystery money, and it was just a random search that brought me back here to re-discover the source. Cracking encrypted wallets first requires the wallet to be stolen. The encryption method in Bitcoin-Qt is 25000 rounds, to make brute-force cracking computationally expensive, but it is certainly within the realm of feasible for short passwords or those comprised of combinations of dictionary words. You can look at many "I forgot my password" threads and see that several people have had success, if you can call it that, in regaining access to their wallet. A failed concept, the "brainwallet", is a user-created phrase put through one round of SHA256 to make an address. There is still a website offering to create one for you. This allows attackers to generate a huge rainbow table and instantly and remotely spend money whenever it is sent to any one of billions of candidate addresses. |
|
|
|
|
vm1990
Legendary
Offline
Activity: 1540
Merit: 1002
|
|
December 08, 2013, 12:47:01 PM |
|
pm me the link and ill have a looksy. corrupt the link to so miss out the www. and the .com or what ever it is (just to be extra safe)
|
|
|
|
|
