Bitcoin Forum
November 03, 2024, 10:31:22 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Pony virus steals wallets  (Read 1115 times)
Remember remember the 5th of November (OP)
Legendary
*
Offline Offline

Activity: 1862
Merit: 1011

Reverse engineer from time to time


View Profile
February 25, 2014, 01:00:56 AM
 #1

Just stumbled on this article http://www. torontosun.com/2014/02/24/pony-virus-steals-bitcoins-digital-currencies-trustwave

Quote
BOSTON- Cyber criminals have infected hundreds of thousands of computers with a virus called "Pony" to steal bitcoins and other digital currencies, in the most ambitious cyber attack on virtual money uncovered so far, according to security firm Trustwave.

Trustwave said on Monday that it has found evidence that the operators of a cybercrime ring known as the Pony botnet have stolen some 85 virtual "wallets" that contained bitcoins and other types of digital currencies. The firm said it did not know how much digital currency was contained in the wallets.

"It is the first time we saw such a widespread presence of this type of malware. It was on hundreds of thousands of machines," said Ziv Mador, security research director with Chicago-based Trustwave.

Trustwave said it believes the crime ring is still operating, though it does not know who is running the group. The company said it has disrupted the servers that were controlling machines infected with Pony, but expects the group to launch more attacks on virtual currency users.

A representative for the Bitcoin Foundation, a trade group that promotes adoption of the virtual currency, advised bitcoin users to store their currency offline in a secure location to prevent cyber criminals from stealing them.

"Electronic wallet security continues to improve by leaps and bounds as hardware wallets become available and we start to see software wallets that support multi-signature transactions," said the Bitcoin Foundation's director of public affairs, Jinyoung Lee Englund.

Trustwave's discovery comes after an unrelated cyber attack that spammed bitcoin exchanges earlier this month. That attack prompted at least three online virtual currency traders to halt withdrawals, causing bitcoin's value to plunge 33 percent over three weeks.

Bitcoin is a digital currency sustained by software code written by an unknown programmer or group of programmers. It is not governed by any one company or person, and its value is determined by user demand.

People who buy digital currency can store it in virtual wallets on their own machines or with companies that offer storage and security services.

Mador said digital currency theft is still in its infancy, but that it is likely to grow. He said that digital currency buyers can protect themselves from hackers by using encrypted files.

"Most websites don't encrypt them by default, but you can turn them on," he added.

NEW OPPORTUNITY

Botnets are collections of infected computers that take orders from central "command and control" servers. The botnets steal data from compromised PCs and can also deliver other types of malware that force them to perform tasks.

This is at least the third type of fraud to surface involving digital currencies. Criminals have previously hacked into marketplaces where digital currencies are traded by exploiting security flaws in those sites, then stealing those currencies, according to Trustwave. ()

Cyber criminals have also developed botnets that force enslaved computers to create, or "mine", digital currencies, which the fraudsters then claim as their own.

Bitcoin mining is a time-consuming process in which computers perform complex math calculations. The operators of those botnets are stealing electricity and data center resources when they use compromised machines to mine digital currencies.

Trustwave in December uncovered a trove of some 2 million stolen passwords to websites including Facebook Inc, Google Inc, Twitter Inc and Yahoo Inc while probing a command and control server using a less sophisticated version of the Pony malware.

Trustwave said on Monday that the new version of Pony compromised another 600,000 website credentials.

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
Blinken
Sr. Member
****
Offline Offline

Activity: 338
Merit: 253



View Profile
February 25, 2014, 01:04:11 AM
 #2

I like how the site requires Javascript to read. It probably IS the pony virus.

Bitcoin ♦♦♦ Trust in Mathematics, Not Bankers ♦♦♦
Remember remember the 5th of November (OP)
Legendary
*
Offline Offline

Activity: 1862
Merit: 1011

Reverse engineer from time to time


View Profile
February 25, 2014, 01:07:54 AM
 #3

I like how the site requires Javascript to read. It probably IS the pony virus.
I have disabled Java a long time ago. Nevertheless, quoted the whole article AND made the link non-clickable.

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
TreasureSeeker
Sr. Member
****
Offline Offline

Activity: 455
Merit: 251



View Profile WWW
February 25, 2014, 01:27:17 AM
 #4

Not much of an informative article.  Can't see any info on how this pony is propagated or how to avoid it.  Lots of general info there though that could be used to fill any "article".

Fun & Friendly p2pool Mining at TreasureQuarry.  Litecoin http://litecoin.treasurequarry.com:9327 Dash p2pool  http://dash.treasurequarry.com:7903
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!