Bitcoin Forum
December 17, 2017, 06:00:12 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 »  All
  Print  
Author Topic: Beware of Increasingly Sophisticated Malware Infection Attempts  (Read 138984 times)
Hippie Tech
aka Amenstop
Legendary
*
Offline Offline

Activity: 1456


All cryptos are FIAT digital currency. Do not use.


View Profile WWW
April 10, 2015, 11:28:02 PM
 #21

Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money.

Or any noob with access to it.

How to detect RAT (remote admin tool) --> https://youtu.be/btn9nWE3X7o

1513533612
Hero Member
*
Offline Offline

Posts: 1513533612

View Profile Personal Message (Offline)

Ignore
1513533612
Reply with quote  #2

1513533612
Report to moderator
1513533612
Hero Member
*
Offline Offline

Posts: 1513533612

View Profile Personal Message (Offline)

Ignore
1513533612
Reply with quote  #2

1513533612
Report to moderator
1513533612
Hero Member
*
Offline Offline

Posts: 1513533612

View Profile Personal Message (Offline)

Ignore
1513533612
Reply with quote  #2

1513533612
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513533612
Hero Member
*
Offline Offline

Posts: 1513533612

View Profile Personal Message (Offline)

Ignore
1513533612
Reply with quote  #2

1513533612
Report to moderator
Hazard
Legendary
*
Offline Offline

Activity: 994


Internet Celebrity


View Profile WWW
April 15, 2015, 03:02:04 PM
 #22

Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money.
I'm surprised we haven't seen a more concerted effort, honestly.

Hippie Tech
aka Amenstop
Legendary
*
Offline Offline

Activity: 1456


All cryptos are FIAT digital currency. Do not use.


View Profile WWW
April 15, 2015, 11:32:44 PM
 #23

Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money.
I'm surprised we haven't seen a more concerted effort, honestly.

What makes you say that ?

Is there a way to detect files that have malware binded to them ?

mullick
Legendary
*
Offline Offline

Activity: 952


View Profile
April 23, 2015, 05:30:31 AM
 #24

Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money.

Or any noob with access to it.

How to detect RAT (remote admin tool) --> https://youtu.be/btn9nWE3X7o


I get about 1-3 emails a month with a RAT as an attachment. The most recent of which seems to be smart enough to detect they are in a vm. Mostly java based meaning they effect Unix/Linux machines as well as Windows

Keep java off any machine you store crypto on. That should be a no brainer

Hippie Tech
aka Amenstop
Legendary
*
Offline Offline

Activity: 1456


All cryptos are FIAT digital currency. Do not use.


View Profile WWW
April 23, 2015, 01:27:15 PM
 #25

Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money.

Or any noob with access to it.

How to detect RAT (remote admin tool) --> https://youtu.be/btn9nWE3X7o


I get about 1-3 emails a month with a RAT as an attachment. The most recent of which seems to be smart enough to detect they are in a vm. Mostly java based meaning they effect Unix/Linux machines as well as Windows

Keep java off any machine you store crypto on. That should be a no brainer



Yes.. say NO to Java and.. very sneaky redirects. Wink

Hover over the windows download link and you'll see the GitHub addy. Click it and you'll be redirected to this :

8.06MB


2.90MB EDIT -> You must copy n paste the shortcut onto a new tab if you want to visit the GitHub page.


Huh Huh


deadp00l
Member
**
Offline Offline

Activity: 72


View Profile
April 25, 2015, 03:02:55 PM
 #26

How to keep your home computer malware free.
 
How could it happen?
Clicking a link or attachment in email.
Visiting a website that has malware installed. Depending on your browser settings and what plug-ins you have installed (Flash, Java, Acrobat Reader) malicious software could be installed on your computer without out you knowledge.
 
What could happen?
You could loose all the data on your computer.
All the data on your computer could be held for ransom.
Your computer could be used to commit crimes.
Your personal information could be stolen.
Someone could access all of your accounts.
Someone could log everything you type.
Someone could access all the files on your computer.
 
Prevention
Update your operating system and third party applications.
http://secunia.com/vulnerability_scanning/personal/
 
Disable auto run for Plug-Ins
In Google Chrome navigate to chrome://settings/content.
Under Plug-ins select Click to play.
You can add exceptions by going to chrome://settings/content, Plug-ins, and clicking "Manage exceptions..."
 
Use a DNS server that blocks known malicious sites
Symantec https://dns.norton.com/
Comodo https://www.comodo.com/secure-dns/
 
Use Windows Defender on Windows 8 or Microsoft Security Essentials on Windows 7
They are free and affective.
 
Buy and install MalwareBytes Premium and Malware Bytes Anti-Exploit Premium ($25 Each)
 
Be suspicious about links and attachments in emails. Don't click them.
 
Backup your data
Use BitTorrent Sync to sync your data with another computer.
Use and application like Acronis TruImage to make a scheduled backup to an external drive. Get two external drives and rotate them regularly. Keep one copy at a different location.
Use a cloud based backup service like Carbonite, Crashplan or Backblaze.
 
Consider replacing your current router with with a UTM (Unified Threat Management) firewall that has security software built in. Note that most of these are relatively expensive and require ongoing subscriptions.
Example http://www.asus.com/support/FAQ/1008719/

Be careful with remote access to your PC
Don't use VNC to remotely access your PC. Passwords are easily brute forced via automated scanning scripts. For best security consider two-factor authentication.
chases
Full Member
***
Offline Offline

Activity: 186


ain't nothing like the Blues


View Profile
May 11, 2015, 10:51:41 PM
 #27

Thanks everyone Grin alot of great informative and useful information here! excellent job

100110100011010011
melody82
Sr. Member
****
Offline Offline

Activity: 350


View Profile
May 29, 2015, 06:31:51 PM
 #28

So just to be clear, I can hacked without downloading anything but just by visiting a naughty site?  And I should uninstall acrobat, java and flash altogether?  Wow thanks for this information.

Another question, I have Norton 360, but is malwarebytes that much better? 

And thanks for this thread.  Many of us don't know all that much about these threats so thanks for educating us.
BIT-Sharon
Sr. Member
****
Offline Offline

Activity: 266


View Profile
June 01, 2015, 03:06:43 AM
 #29

may be one is just forwarding the posts of malware without distinguish, we have to differ according to this article.
joter85
Sr. Member
****
Offline Offline

Activity: 343


Crypto-Games.net: #1 Gambling Site


View Profile WWW
June 02, 2015, 12:03:29 PM
 #30

Best thing would be to setup a PC to use only for Bitcoin transactions?   Grin


 

▇▇▇▇
▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇
▇▇▇▇▇▇
 
superresistant
Legendary
*
Offline Offline

Activity: 1680



View Profile
June 03, 2015, 07:32:00 PM
 #31

So just to be clear, I can hacked without downloading anything but just by visiting a naughty site?  And I should uninstall acrobat, java and flash altogether?  Wow thanks for this information.

Yes you can get hacked visiting a website because your browser (Internet Explorer/Chrome/Firefox...) execute the scripts by default.
The solution against it is to use NoScript plugin in Firefox : it will block every scripts and make browsing much safer. You'll need to check and authorize scripts one by one. If anything is suspicious, you can get away without damage.

Another question, I have Norton 360, but is malwarebytes that much better? 
And thanks for this thread.  Many of us don't know all that much about these threats so thanks for educating us.

Antiviruses cannot detect new virus or specific crypto malwares.
It only protect from known viruses.

The solution to be safe is to use Linux (Ubuntu for example) for anything related to crypto.
Viruses developed for Windows cannot target Linux.
Linux users can still get targeted through the Internet browser, that's why you should use NoScript too.

Here's my bag so you don't ask : Bitcoin, tenX, iexec, byteball and pepecash
johnbrainless
Sr. Member
****
Offline Offline

Activity: 280



View Profile
June 09, 2015, 04:09:43 PM
 #32

be careful people

♝ Pandacoin   ♝ Buy With Paypal Or Credit Card ♝ FaceBook tipping ♝ Irc channel #DigitalPandacoin with tipbot
✬ Earn 2.5% Annual Interest ✬ Active Dev Team ✬ Blazing Fast Multi Mode Wallet ✬ Paper Wallet ✬ No premine or IPO ✬
☠☠☠☠☠☠☠ PANDACOINPND (´(ェ)`) Digital Pandacoin (´(ェ)`) PANDACOINPND ☠☠☠☠☠☠☠
melody82
Sr. Member
****
Offline Offline

Activity: 350


View Profile
June 11, 2015, 05:57:03 AM
 #33

So just to be clear, I can hacked without downloading anything but just by visiting a naughty site?  And I should uninstall acrobat, java and flash altogether?  Wow thanks for this information.

Yes you can get hacked visiting a website because your browser (Internet Explorer/Chrome/Firefox...) execute the scripts by default.
The solution against it is to use NoScript plugin in Firefox : it will block every scripts and make browsing much safer. You'll need to check and authorize scripts one by one. If anything is suspicious, you can get away without damage.

Another question, I have Norton 360, but is malwarebytes that much better? 
And thanks for this thread.  Many of us don't know all that much about these threats so thanks for educating us.

Antiviruses cannot detect new virus or specific crypto malwares.
It only protect from known viruses.

The solution to be safe is to use Linux (Ubuntu for example) for anything related to crypto.
Viruses developed for Windows cannot target Linux.
Linux users can still get targeted through the Internet browser, that's why you should use NoScript too.

Thanks for the explanation!  I am thinking of getting a computer dedicated to just crypto transactions after reading this.  It seems like no matter how careful you are there is always a danger.
Hippie Tech
aka Amenstop
Legendary
*
Offline Offline

Activity: 1456


All cryptos are FIAT digital currency. Do not use.


View Profile WWW
June 12, 2015, 10:57:38 PM
 #34

WARNING !! This client is making outbound connections to known malware and/or phishing sites.


http://www.urlquery.net/report.php?id=1434020970582

The "Recent reports on same IP/ASN/Domain" section shows other suspicious sites/links.
https://www.virustotal.com/en/url/946ac3207509fb493eaf2e02e107b97cc03513cb373bb007a8a61b9b6b0fe61c/analysis/1434120962/

Now lets see what the debug.log has to say...
Code:
2015-06-12 12:41:10 connection timeout
2015-06-12 12:41:11 trying connection 77.249.89.46:9748 lastseen=1802.3hrs
2015-06-12 12:41:16 connection timeout
2015-06-12 12:41:17 trying connection 104.219.250.234:9748 lastseen=7.2hrs
2015-06-12 12:41:22 connection timeout
2015-06-12 12:41:22 trying connection 82.238.124.41:9748 lastseen=33.6hrs
2015-06-12 12:41:27 connection timeout
2015-06-12 12:41:28 trying connection 77.85.35.151:9748 lastseen=170.7hrs
2015-06-12 12:41:33 connection timeout
2015-06-12 12:41:33 trying connection 137.135.57.119:9748 lastseen=27.6hrs
2015-06-12 12:41:38 connection timeout
2015-06-12 12:41:39 trying connection 96.54.4.190:9748 lastseen=21.7hrs
2015-06-12 12:41:44 connection timeout
2015-06-12 12:41:44 trying connection 87.154.210.76:9748 lastseen=378.8hrs
2015-06-12 12:41:49 connection timeout
2015-06-12 12:41:50 trying connection 103.230.107.12:9748 lastseen=2166.3hrs
2015-06-12 12:41:55 connection timeout
2015-06-12 12:41:55 trying connection 104.219.250.234:9748 lastseen=7.2hrs
2015-06-12 12:42:00 connection timeout
2015-06-12 12:42:01 trying connection 62.157.39.12:9748 lastseen=2675.3hrs
2015-06-12 12:42:06 connection timeout
2015-06-12 12:42:06 trying connection 71.100.135.84:9748 lastseen=16.9hrs
2015-06-12 12:42:11 connection timeout
2015-06-12 12:42:12 trying connection 162.255.117.105:9748 lastseen=52.5hrs
2015-06-12 12:42:17 trying connection 104.219.250.234:9748 lastseen=7.2hrs
2015-06-12 12:42:22 connection timeout
2015-06-12 12:42:23 trying connection 71.100.135.84:9748 lastseen=16.9hrs
2015-06-12 12:42:28 connection timeout
2015-06-12 12:42:28 trying connection 5.139.143.81:9748 lastseen=3461.6hrs
2015-06-12 12:42:33 connection timeout
2015-06-12 12:42:34 trying connection 104.219.250.234:9748 lastseen=7.2hrs
2015-06-12 12:42:39 connection timeout
2015-06-12 12:42:39 trying connection 104.219.250.234:9748 lastseen=7.2hrs
2015-06-12 12:42:44 connection timeout
2015-06-12 12:42:45 trying connection 87.154.214.25:9748 lastseen=2063.7hrs
2015-06-12 12:42:50 connection timeout
************************************************************
2015-06-12 12:42:50 trying connection 104.219.250.234:9748 lastseen=7.2hrs**
************************************************************
2015-06-12 12:42:55 connection timeout
2015-06-12 12:42:56 trying connection 80.57.229.215:9748 lastseen=115.2hrs
2015-06-12 12:43:01 connection timeout
2015-06-12 12:43:01 trying connection 77.232.5.253:9748 lastseen=1191.0hrs

Report for the address, 104.xxx.xxx.234, :
http://www.urlquery.net/report.php?id=1434121818636

And one of it's suspicious links/sites :
https://www.virustotal.com/en/url/3b1a7af045bdc8005e8243f65d203df04ba8d43f9e10fd39af1004aad75da0ed/analysis/1434122387/

maheshmahi
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 19, 2015, 02:54:55 PM
 #35

All of them use only keylogger
Can we ensure safety to our wallet.

MaryJ
Sr. Member
****
Offline Offline

Activity: 305


Managing Director of Maryjanecoin LLC


View Profile
July 03, 2015, 10:45:26 AM
 #36

not good to see

Maryjanecoin.org
wolfwere
Newbie
*
Offline Offline

Activity: 9


View Profile WWW
August 05, 2015, 04:51:38 PM
 #37

man, this is terribly scary!
TransaDox
Full Member
***
Offline Offline

Activity: 219


View Profile
August 06, 2015, 08:54:31 PM
 #38

Edit: There is need for a new style of bios security, like anti virus, which, when your bios gets bigger, can load in bios FIRST, before bios is loaded.. it's not as hard as you think, but I'm not THAT good..
Or they could just put a small mechanical switch in like the dip switches they used to put on the motherboard years ago. Problem solved.
jackg
Legendary
*
Offline Offline

Activity: 854

1JRmjyGo3kpdXcQeAeTBmGtgkC1AomHKED


View Profile
August 27, 2015, 10:40:24 AM
 #39

correct me if im wrong but maleware its generecly for executables in windows no? i mean the wallets are but its not kaspersky enough?
if not why do we need to protect from the case of reteiving passorws from the users and other stuff from enven pen drives with wallets (including the common coins ones) like doge ltc btc and a few more.

Malware can still be coded on linux and can be hdden inside programs. Linux needs more permissions but if you allow the rogram to run, then you allow the malware to run and harm you computer whether it is linux or mac!

jackg
Legendary
*
Offline Offline

Activity: 854

1JRmjyGo3kpdXcQeAeTBmGtgkC1AomHKED


View Profile
August 27, 2015, 10:42:38 AM
 #40

I have also noticed, I was unable to download one of the cryptocurrency cores as it was flagged up as being harmful by norton internet security! This is highly likely with all of the cryptocurrency cores as they are open source which means nothing is protecting them from being hacked and placed onto the cryptocurrency's website in order to attack the computers of many users!

Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!