bitcointalk3 (OP)
Newbie
 Offline
Activity: 11
Merit: 0
|
 |
March 31, 2012, 09:59:22 AM |
|
With such talents why don't you help the bitcoin community be a more secure place? I think the bitcoin project definitely need capable people like you.
Thought about it. But sure! Not sure how much I'll be able to help. But I will try to make a list of some potential "exploits" and potential solutions eventually, and tip the developers. |
|
|
|
|
|
|
|
The grue lurks in the darkest places of the earth. Its favorite diet is adventurers, but its insatiable appetite is tempered by its fear of light. No grue has ever been seen by the light of day, and few have survived its fearsome jaws to tell the tale.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
abbeytim
|
|
March 31, 2012, 10:11:42 AM |
|
they never got to nefarios system i was sending coins to glbse and copied th glbse deposit address and pasted to withdraw from the btc-e.com address and it changed the address i didnt pay attention and sent i had copied and pasted btc addresses before and never second checked
so they were sent back to btc-e but btc uses a different external address to send coins than my personal deposit address
|
|
|
|
|
|
|
Gabi
Legendary
Offline
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
|
|
March 31, 2012, 10:53:51 AM |
|
With such talents why don't you help the bitcoin community be a more secure place? I think the bitcoin project definitely need capable people like you.
Wake up, he helped much more in that way If it take such simple things to write a working malware and actually steal bitcoins, what can happen with a more concerted effort? |
|
|
|
bitcointalk3 (OP)
Newbie
Offline
Activity: 11
Merit: 0
|
|
March 31, 2012, 11:35:35 AM |
|
A question : are you an actual blackhat doing this type of things to make a living, or did you just pull of a nice hack for the heck of it ?
If the former, a follow-up question: as far as you know, how is
bitcoin viewed/perceived in the blackhat community (other than
an easy way to scam folks, that is).
In particular, is it perceived as something useful to the community
itself ?
Usually don't do this. Wanted to try it just because it seemed so easy (something that anyone can do), to see what would happen. A little test. With such talents why don't you help the bitcoin community be a more secure place? I think the bitcoin project definitely need capable people like you.
Wake up, he helped much more in that way If it take such simple things to write a working malware and actually steal bitcoins, what can happen with a more concerted effort? A lot. The wallet is easily accessed by a trojan, and all the keys are there ready to be used. The wallet doesn't even have to shift owner; the malware could spend the money there right away. In "my" case, only the intended amount of btc (by the victim, thus limited) to be sent are captured, and the [intended] coins are only captured when the victim actually sends anything. A trojan made with more effort could simply just use the keys in the wallet and spend all the coins right away. A password for the wallet could be cracked firsthand on the victim's computer, and/or the passphrase could simply be captured from the keyboard/bitcoin software directly whenever it's used (which it eventually will). Even if the wallet is stored somewhere else than the default place, for example in a truecrypt file, whenever the wallet is loaded into the bitcoin client, the wallet can be read directly from the bitcoin client's working memory. |
|
|
|
|
|
abbeytim
|
|
March 31, 2012, 11:54:56 AM |
|
well ive been talking to btc-e and they never reveived them back heres our conversation support: abbeytim, I checked on the base of the purse bitcoin abbeytim: ok abbeytim: k support: abbeytim, btc means not gone abbeytim: and the block chain says they were sent back to look bottom there http://blockexplorer.com/address/19C16JK7tup7rnCvgY7nwAEXCPHFjans75abbeytim: none of those are btc-e adresses?? support: abbeytim, I checked 30 and March 31, 2012 abbeytim: k thanks support: abbeytim, http://blockexplorer.com/tx/2392adbd8784dc8ab16600f10be874c02c37886fd7b09fe0989b9144868973d0support: 17PPGjFhmvt75yPAd5yFv9iYyBGQfHevnd -6.63 BTC -0.001 BTC 1399 blockexplorer 11:25 22.03.12 abbeytim: so does that mean he still has them ?? abbeytim: or he sent them to wrong address support: abbeytim, Кoмy: 14Yq1jKRqwbb9oExcyZFZ6a92QTk333WEZ -26.23 BTC 0 BTC 1575 blockexplorer 09:53 21.03.12 support: http://blockexplorer.com/tx/fcf078588cc961e6af4a5aa8faab559a3d7b5867c16bbf38dfccc4d4f90ea19asupport: abbeytim, btc on our accounts were written off abbeytim: and we never recieved them back right?? abbeytim: we meaning btc-e support: abbeytim, and as we get them back? abbeytim: l well thx for your time see if you guys can figure out what happened |
|
|
|
|
|
jake262144
|
|
March 31, 2012, 11:55:42 AM |
|
If it take such simple things to write a working malware and actually steal bitcoins, what can happen with a more concerted effort?
As long as users are foolish enough to install software laden with trojans and run it with root privileges they will suffer the dire consequences. Did you read this post in Bitcoin discussion?The security-imbecile fell for some "optimized miner" mumbo-jumbo, installed this crap and when it -apparently- failed to work he instantly forgot about the whole matter! Congrats bitcointalk3, you have proven there are fools aplenty. If you really merely wanted to test your abilities have you perhaps set some TTL value (e.g. 30 days) after which the malware goes inactive? That's the responsible thing to do, you know. |
|
|
|
|
|
abbeytim
|
|
March 31, 2012, 12:01:45 PM |
|
sorry some of us are fools either way i learned from my mistake
i guess thats whats important even though i lost 32+ bitcoins
|
|
|
|
|
|
abbeytim
|
|
March 31, 2012, 12:26:09 PM |
|
and if anyone feels bad for me send some btc here
148PmRLnHj4K89CcQajhz3dZQt7E66d53W
|
|
|
|
|
|
abbeytim
|
|
March 31, 2012, 01:36:15 PM |
|
btc-e just got my coins back too me thx  |
|
|
|
|
|
waspoza
|
|
March 31, 2012, 02:39:50 PM |
|
and if anyone feels bad for me send some btc here
148PmRLnHj4K89CcQajhz3dZQt7E66d53W
Are you sure its good address this time?  |
|
|
|
|
|
marked
|
|
March 31, 2012, 03:53:23 PM |
|
Are you sure its good address this time? He typed it in 1 bit at a time just to be sure, took him ages too, as the line noise on the morse code tapper was just terrible. marked |
|
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
March 31, 2012, 04:15:56 PM |
|
The trojan was uploaded to a temporary host (which automatically would be inactivated after 3 months without login). Anybody could do it.
I was certain that people would download it. Dangerous "security threat" indeed.
[...]
The attacker wouldn't have to do more than creating his trojan and mass-spreading and mass-advertising it on more stable places. I did some light advertising and a not too sophisticated trojan, and 3 months later, I still "harvest".
Do current anti-virus security providers (e.g., AVG, Avast, McAfee, etc.) detect the download as being malware now? Or is this likely occurring from those who either don't have anti-virus or don't keep it current (and do dumb stuff like downloading and installing .exes from untrusted sources). |
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1225
Away on an extended break
|
|
March 31, 2012, 04:37:23 PM |
|
The trojan was uploaded to a temporary host (which automatically would be inactivated after 3 months without login). Anybody could do it.
I was certain that people would download it. Dangerous "security threat" indeed.
[...]
The attacker wouldn't have to do more than creating his trojan and mass-spreading and mass-advertising it on more stable places. I did some light advertising and a not too sophisticated trojan, and 3 months later, I still "harvest".
Do current anti-virus security providers (e.g., AVG, Avast, McAfee, etc.) detect the download as being malware now? Or is this likely occurring from those who either don't have anti-virus or don't keep it current (and do dumb stuff like downloading and installing .exes from untrusted sources). Antiviruses doesn't do good for Dday releases like this one is, unless the heuristics pick it up. OP has a point there - most Windows users are too moronic to check their downloads, and this is why botnets are so abundant nowadays. |
|
|
|
|
bitcointalk3 (OP)
Newbie
Offline
Activity: 11
Merit: 0
|
|
April 01, 2012, 01:03:10 AM
Last edit: April 01, 2012, 02:19:23 AM by bitcointalk3 |
|
well ive been talking to btc-e and they never reveived them back heres our conversation
http://blockchain.info/address/19C16JK7tup7rnCvgY7nwAEXCPHFjans75 the 2392adbd8784dc8ab16600f10be874c02c37886fd7b09fe0989b9144868973d0 transaction is when the coins got to me, 7303bb4534c085b05e09af9bfa89a90f2a2674e58552594f0ea7cf84fd4d1194 is the transaction from when I sent the coins back to btc-e or where they came from, to address 19C16JK7tup7rnCvgY7nwAEXCPHFjans75 . Those 6.63 coins (which I then lost control over) were then transferred to 1GzrUY3HpBBpbtxgZbDMcokLQTQXQdAiqc , which I suppose is part of btc-e's (or any other online service's) system. The trojan is easy to remove. CTRL+ALT+DEL and kill a process named mcfar*. It is then easy to remove it manually from autostart by running the command (trough the run command, WINDOWSBUTTON+R) msconfig. Click the autostart tab and uncheck the one called Avast7*, filename mcfar*(begins with mcfar*). The trojan can manually be removed from "c:\windows\mcfar*.exe". I don't have the source code right here, but that's what I'm really sure about. Congrats bitcointalk3, you have proven there are fools aplenty.
If you really merely wanted to test your abilities have you perhaps set some TTL value (e.g. 30 days) after which the malware goes inactive?
That's the responsible thing to do, you know.
All the pages are down, and they did also have a limited traffic threshold. I didn't think about giving it a TTL value, I thought about it afterwards. A mistake from my side (well, doing this was a mistake to begin with, it could just have warned the user that he/she'd be hacked now). There's one source left, tricking pure ped*****es. I didn't bother giving that page a TTL (and I couldn't). Though that host will not be up forever. |
|
|
|
|
alexbishops
Newbie
Offline
Activity: 23
Merit: 0
|
|
April 01, 2012, 09:43:24 PM |
|
I take it noscript for firefox would protect you from this sort of attack? http://noscript.net/ |
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
April 04, 2012, 02:00:10 AM |
|
I think as long as you downloaded and ran the exe, you are sort of doomed until you get it out. I made something like this about 15 years ago for another popular software, and it was even programmed in VB. Disclaimer: I didn't make anything (money) out of it, except give people head aches, and it was 15 years ago.
Whitelisting software like Anti-executable or something similar would work, up to the point that it asks "Are you sure you want to run optimizedminer.exe?" and you still click Yes, on a live machine (not virtual, not sand boxed, not protected or whatever.)
The fundamentals of conning people have not changed, and social engineering can still be done today, the same way it has been done 20 to 30 years ago, because a lot of people are simply ... ... they don't know any better.
In fact, I'm pretty sure someone can or has come up with malware that gets your credit card number from the clipboard.
Geez, I paste almost all my passwords from the clipboard from notepad.......... better check my own system now.
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1225
Away on an extended break
|
|
April 04, 2012, 02:17:35 AM |
|
|
|
|
|
|
ryu-fk
Newbie
Offline
Activity: 51
Merit: 0
|
|
April 04, 2012, 05:04:11 PM |
|
With such talents why don't you help the bitcoin community be a more secure place?
i believe he has just done that, by making a few people more cautious of malware. Or more probable they will stop using bitcoin |
|
|
|
|
|
