|
jukka (OP)
|
 |
May 09, 2014, 12:51:02 PM |
|
look there is an .exe file posted by a stranger on the internet, in a forum where every 2nd thread is a scam in the making. let's download and run it!
Oh thank you! You are so helpfull and kind.  Not everybody know that you cannot rely on Virustotal and that this forum is full of scammers! That is why I opened this thread, to warn people! |
|
|
|
|
|
crunchynut
|
|
May 09, 2014, 12:58:05 PM |
|
i just received an email from the bank of nigeria. seems i had an uncle there who just died and i am the only living relative, making me the sole heir of 9000 trillion usd. as soon as i got the money, i'll donate some litecoins to you.
|
|
|
|
|
|
|
jukka (OP)
|
|
May 09, 2014, 01:06:35 PM |
|
i just received an email from the bank of nigeria. seems i had an uncle there who just died and i am the only living relative, making me the sole heir of 9000 trillion usd. as soon as i got the money, i'll donate some litecoins to you.
So, you dont think that people should be warned? Maybe there is some special reason for you to act like this? Does it hurt your business, if people are more aware of this kind of things? I know that I was not the only one who downloaded that software and even tried it! That is why I warned people and uploaded the source code so that people could see which wallets are in danger. So, you dont appreciate it, but it seems that some others do! |
|
|
|
|
Amph
Legendary
 Offline
Activity: 3206
Merit: 1069
|
|
May 09, 2014, 01:12:31 PM |
|
i remember that virustotal reported 1 flag, when i did the scan anyway if you want more protection use a VM or just leave a bitcoin wallet with 0.01 btc, if they steal that you know you have something malicious, and they just take 0.01 btc |
|
|
|
|
|
var53
|
|
May 09, 2014, 01:30:35 PM |
|
Thanks for posting the link. This virustotal report is clean apart from the Symantec reputation Suspicious.Insight flag in the Advanced heuristic and reputation engines section of the additional information tab. I usually just look at the information on the first tab shown, so would have missed this. |
|
|
|
|
|
Forexperiments
|
|
May 09, 2014, 01:51:05 PM |
|
Suspicious.Insight is a detection for files that have not yet developed a strong reputation among Symantec’s community of users. Detections of this type are based on Symantec’s reputation-based security technology.
It doesn't mean anything, it just means the file wasn't reported as good or bad.
The problem is, with this source code, there's no way that an AV will report this as a virus. (or, if it does report it, it means the antivirus is really f*cked up)
|
|
|
|
|
var53
|
|
May 09, 2014, 02:02:18 PM |
|
Agreed.
I have often found that both Symantec’s Suspicious.Insight and Trendmicro flag completely harmless programs as a virus, so I usually ignore their warnings anyway. Until programs like coingen get reported they usually go undetected by all but the most paranoid scanners.
|
|
|
|
|
MisO69
Legendary
Offline
Activity: 1946
Merit: 1005
My mule don't like people laughing
|
|
May 09, 2014, 02:02:59 PM |
|
when i scanned it with virustotal, it reported 1 red flag
Well that goes to show that you cannot trust virus total. Last time I trust that bitch. |
|
|
|
|
|
jukka (OP)
|
|
May 09, 2014, 02:08:15 PM |
|
Suspicious.Insight is a detection for files that have not yet developed a strong reputation among Symantec’s community of users. Detections of this type are based on Symantec’s reputation-based security technology.
It doesn't mean anything, it just means the file wasn't reported as good or bad.
The problem is, with this source code, there's no way that an AV will report this as a virus. (or, if it does report it, it means the antivirus is really f*cked up)
Why is that? I think that AV could notice that hey, this software is scanning wallets and sending them to some external host. AV software often reports even miners as trojans! |
|
|
|
|
|
Anotheranonlol
|
|
May 09, 2014, 02:32:32 PM |
|
when i scanned it with virustotal, it reported 1 red flag
Well that goes to show that you cannot trust virus total. Last time I trust that bitch. vt is junk. upload to malwr and you would have seen very clearly. common sense would have been best defense though. |
|
|
|
|
var53
|
|
May 09, 2014, 03:04:30 PM |
|
Could you post a link to malwr please?
I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.
|
|
|
|
|
Amph
Legendary
Offline
Activity: 3206
Merit: 1069
|
|
May 09, 2014, 03:07:52 PM |
|
Could you post a link to malwr please?
I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.
https://malwr.com/submission/ |
|
|
|
|
kokojie
Legendary
Offline
Activity: 1806
Merit: 1003
|
|
May 09, 2014, 03:19:07 PM |
|
lol, this hacker is pretty funny and clever, it pops up a dialog when it's stealing your electrum wallet:
"Electrum has detected another program trying to access your wallet, it is important you change your password now!"
So the unsuspecting user will give them the wallet password.
|
btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
|
|
|
|
|
kokojie
Legendary
Offline
Activity: 1806
Merit: 1003
|
|
May 09, 2014, 03:22:23 PM |
|
Thanks for posting the link. This virustotal report is clean apart from the Symantec reputation Suspicious.Insight flag in the Advanced heuristic and reputation engines section of the additional information tab. I usually just look at the information on the first tab shown, so would have missed this. Why not? the program takes multiple files from the user's computer, and uploads to a remote FTP, that seems pretty malicious to me, or at least warrants a BIG RED warning to the user: "This program will try to upload your files to a remote FTP, if this is not the desired behavior, don't fucking run it". |
btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
|
|
|
Amph
Legendary
Offline
Activity: 3206
Merit: 1069
|
|
May 09, 2014, 03:39:27 PM |
|
max 8mb is a bit too low, any client is above that |
|
|
|
|
|
var53
|
|
May 09, 2014, 03:57:41 PM |
|
Could you post a link to malwr please?
I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.
https://malwr.com/submission/Thanks for the scanner link. The reports look a lot more detailed than virustotal. Do you have to sign up to use this scanner and is it free? |
|
|
|
|
Amph
Legendary
Offline
Activity: 3206
Merit: 1069
|
|
May 09, 2014, 04:05:09 PM |
|
Could you post a link to malwr please?
I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.
https://malwr.com/submission/Thanks for the scanner link. The reports look a lot more detailed than virustotal. Do you have to sign up to use this scanner and is it free? i think you are free to scan without signing in |
|
|
|
|
|
Forexperiments
|
|
May 09, 2014, 05:20:02 PM |
|
Why not? the program takes multiple files from the user's computer, and uploads to a remote FTP, that seems pretty malicious to me, or at least warrants a BIG RED warning to the user:
"This program will try to upload your files to a remote FTP, if this is not the desired behavior, don't fucking run it".
So, any software that has libraries to access FTP (browsers, ftp clients, file uploaders, dropbox clones, html editors) will be detected as virii? This is social engineering, only an human can detect it Next time the OP will install a good firewall like this http://www.sphinx-soft.com/Vista/order.html or run unknown software in a virtual machine |
|
|
|
|
