Topic: Alternative Block Chains : be safe! - page 84. (Read 1342580 times)
This is a very good writeup!
exactly !
and sometimes such as CENT, it was posted with no updated source code and a keylogger was added to it..
see this
https://www.virustotal.com/en/file/824864222d7d7997ce4b7f6dc2d289b9764185d2f8a0c9d8a0e3b89743aba86c/analysis/1391352958/
that is the last CENT wallet that dev Shakezulu posted at his own web site with no updated source code and he later removed all traces of it of course
and the guy has released TONS of other coins and is good buddies with Cryptsy staff etc
back room "scammer" buddies lol
i would just try and stay away until more skilled guys can vouch for it being clean or maybe try running the wallet in a Virtual machine ?
your taking a serious risk downloading and running a Wallet.exe that was just posted..
the risk is rather obvious but if you have numerous accounts and other wallets we have seen malware posted that steals coins from many wallets, so be careful.
although no one cares it would seem, i myself ask one thing first when a new coin comes along..
WHO MADE IT ?
If it's a user with a name that match's the coin.. i pass on it.
There is no real reason for cowards to hide who they are.
And i will not support these *handful of coin spammers that want to change their user names and
update the coin name and icon and re-upload a Brand new currencies every few minutes..
Doge, Cat, Moose, Rat, Pig, Elephant, Squirrel, Snake COOOOIIIINNNNN FTW
much yes ?
uhhh, much dumb.... yes
and sometimes such as CENT, it was posted with no updated source code and a keylogger was added to it..
see this
https://www.virustotal.com/en/file/824864222d7d7997ce4b7f6dc2d289b9764185d2f8a0c9d8a0e3b89743aba86c/analysis/1391352958/
that is the last CENT wallet that dev Shakezulu posted at his own web site with no updated source code and he later removed all traces of it of course
and the guy has released TONS of other coins and is good buddies with Cryptsy staff etc
back room "scammer" buddies lol
i would just try and stay away until more skilled guys can vouch for it being clean or maybe try running the wallet in a Virtual machine ?
your taking a serious risk downloading and running a Wallet.exe that was just posted..
the risk is rather obvious but if you have numerous accounts and other wallets we have seen malware posted that steals coins from many wallets, so be careful.
although no one cares it would seem, i myself ask one thing first when a new coin comes along..
WHO MADE IT ?
If it's a user with a name that match's the coin.. i pass on it.
There is no real reason for cowards to hide who they are.
And i will not support these *handful of coin spammers that want to change their user names and
update the coin name and icon and re-upload a Brand new currencies every few minutes..
Doge, Cat, Moose, Rat, Pig, Elephant, Squirrel, Snake COOOOIIIINNNNN FTW
much yes ?
uhhh, much dumb.... yes
as long as there is the source code, they are safe
Doesn't matter when most people don't even check the source code.
Is the zipped doge blockchain download link below OK, or has anyone heard anything dodgy about it? I am just a noob asking the experts.
http://doge.rstreefland.com/
http://doge.rstreefland.com/
Damn, I've been installing a lot of new wallets those past days, and now I feel silly... I've lost myself in the fever of new coins and giveaways, and my computer could be infected by a scam coin...
Will have to clean all that soon
Thanks for the tips !
Will have to clean all that soon
Thanks for the tips ! 3) Downloaded and skimmed the source code to see if it looked vulnerable to buffer overflow or other remotely exploitable attacks.
Does anyone has a few tips to do this? As most of the people here probably don't understand the source code well I guess.
in the last month alone i have seen two new altcoins posted with a trojan / keylogger
a well known coin by a well known coin spammer and coin cloner for hire also added one to his last wallet version..
so yeah they are out in force !
the guy mentioned earlier how easy it would be and he's right..
a lot of thee guy don't even make the coins.. and often they get premined as they are delivered
the more you dig the more you find.. there is no limit to the scummy greedy behavior in this scene
i today found yet another fake malware bundle uploaded to torrent sites..
some guy has been at it hard.. i have flagged about 6 uploads he has done (all Bitcoin related or Altcoin related) last few months
and miners are commonly flagged as malware by AV software and rightfully so because the code may be clean but its bundled with malware
and has been for years.. the two most popular things for malware coders these days is to infect you to jack your machine for mining or just steal wallets
or even to get Facebook likes.
so yeah i could go on and on forever citing examples but who cares ?
maybe rather than posting stupid little stickied warnings the admins here could expose the little pricks doing it..
after all they should be able to see they are being posted from the same ip's (many of these guys prob have a 100 accounts here)
all they do is lock and delete the topic.. and let the douches keep doing it
a well known coin by a well known coin spammer and coin cloner for hire also added one to his last wallet version..
so yeah they are out in force !
the guy mentioned earlier how easy it would be and he's right..
a lot of thee guy don't even make the coins.. and often they get premined as they are delivered
the more you dig the more you find.. there is no limit to the scummy greedy behavior in this scene
i today found yet another fake malware bundle uploaded to torrent sites..
some guy has been at it hard.. i have flagged about 6 uploads he has done (all Bitcoin related or Altcoin related) last few months
and miners are commonly flagged as malware by AV software and rightfully so because the code may be clean but its bundled with malware
and has been for years.. the two most popular things for malware coders these days is to infect you to jack your machine for mining or just steal wallets
or even to get Facebook likes.
so yeah i could go on and on forever citing examples but who cares ?
maybe rather than posting stupid little stickied warnings the admins here could expose the little pricks doing it..
after all they should be able to see they are being posted from the same ip's (many of these guys prob have a 100 accounts here)
all they do is lock and delete the topic.. and let the douches keep doing it
I wish you'd be more specific about which clients have malware or trojans on them. Like for example off this site which ones if any?
http://coinmarketcap.com/
Thank you for creating this topic. Its very helpfull for new members like me 
in the last month alone i have seen two new altcoins posted with a trojan / keylogger
a well known coin by a well known coin spammer and coin cloner for hire also added one to his last wallet version..
so yeah they are out in force !
the guy mentioned earlier how easy it would be and he's right..
a lot of thee guy don't even make the coins.. and often they get premined as they are delivered
the more you dig the more you find.. there is no limit to the scummy greedy behavior in this scene
i today found yet another fake malware bundle uploaded to torrent sites..
some guy has been at it hard.. i have flagged about 6 uploads he has done (all Bitcoin related or Altcoin related) last few months
and miners are commonly flagged as malware by AV software and rightfully so because the code may be clean but its bundled with malware
and has been for years.. the two most popular things for malware coders these days is to infect you to jack your machine for mining or just steal wallets
or even to get Facebook likes.
so yeah i could go on and on forever citing examples but who cares ?
maybe rather than posting stupid little stickied warnings the admins here could expose the little pricks doing it..
after all they should be able to see they are being posted from the same ip's (many of these guys prob have a 100 accounts here)
all they do is lock and delete the topic.. and let the douches keep doing it
a well known coin by a well known coin spammer and coin cloner for hire also added one to his last wallet version..
so yeah they are out in force !
the guy mentioned earlier how easy it would be and he's right..
a lot of thee guy don't even make the coins.. and often they get premined as they are delivered
the more you dig the more you find.. there is no limit to the scummy greedy behavior in this scene
i today found yet another fake malware bundle uploaded to torrent sites..
some guy has been at it hard.. i have flagged about 6 uploads he has done (all Bitcoin related or Altcoin related) last few months
and miners are commonly flagged as malware by AV software and rightfully so because the code may be clean but its bundled with malware
and has been for years.. the two most popular things for malware coders these days is to infect you to jack your machine for mining or just steal wallets
or even to get Facebook likes.
so yeah i could go on and on forever citing examples but who cares ?
maybe rather than posting stupid little stickied warnings the admins here could expose the little pricks doing it..
after all they should be able to see they are being posted from the same ip's (many of these guys prob have a 100 accounts here)
all they do is lock and delete the topic.. and let the douches keep doing it
Wow I didn't realize things were that bad in the altcoin scene. Would be great to have a thread that exposes scammy behavior so people are aware of the known tricks.
Lucasian Professor of Mathematics
as long as there is the source code, they are safe
in the last month alone i have seen two new altcoins posted with a trojan / keylogger
a well known coin by a well known coin spammer and coin cloner for hire also added one to his last wallet version..
so yeah they are out in force !
the guy mentioned earlier how easy it would be and he's right..
a lot of thee guy don't even make the coins.. and often they get premined as they are delivered
the more you dig the more you find.. there is no limit to the scummy greedy behavior in this scene
i today found yet another fake malware bundle uploaded to torrent sites..
some guy has been at it hard.. i have flagged about 6 uploads he has done (all Bitcoin related or Altcoin related) last few months
and miners are commonly flagged as malware by AV software and rightfully so because the code may be clean but its bundled with malware
and has been for years.. the two most popular things for malware coders these days is to infect you to jack your machine for mining or just steal wallets
or even to get Facebook likes.
so yeah i could go on and on forever citing examples but who cares ?
maybe rather than posting stupid little stickied warnings the admins here could expose the little pricks doing it..
after all they should be able to see they are being posted from the same ip's (many of these guys prob have a 100 accounts here)
all they do is lock and delete the topic.. and let the douches keep doing it
a well known coin by a well known coin spammer and coin cloner for hire also added one to his last wallet version..
so yeah they are out in force !
the guy mentioned earlier how easy it would be and he's right..
a lot of thee guy don't even make the coins.. and often they get premined as they are delivered
the more you dig the more you find.. there is no limit to the scummy greedy behavior in this scene
i today found yet another fake malware bundle uploaded to torrent sites..
some guy has been at it hard.. i have flagged about 6 uploads he has done (all Bitcoin related or Altcoin related) last few months
and miners are commonly flagged as malware by AV software and rightfully so because the code may be clean but its bundled with malware
and has been for years.. the two most popular things for malware coders these days is to infect you to jack your machine for mining or just steal wallets
or even to get Facebook likes.
so yeah i could go on and on forever citing examples but who cares ?
maybe rather than posting stupid little stickied warnings the admins here could expose the little pricks doing it..
after all they should be able to see they are being posted from the same ip's (many of these guys prob have a 100 accounts here)
all they do is lock and delete the topic.. and let the douches keep doing it
I agree with this completely. I have a computer that I was given that I use for nothing but altcoin mining.
It is not wrong to be conservative. The possibility is that people miss a lot of fun and chances of profit by adopting this attitude. Specifically, it is right not to install risky software on real personal computer.
Some people only have one computer and that must suck. Fortunately I have multiple so I can use some of my alt-miners to do this safely.
Virtual machines ftw
Good advice.
Using an alternate cryptocurrency client would be a great way to get many people to install a hidden virus that targets Bitcoin users.
If you have a significant amount of Bitcoins, I wouldn't run other clients on the same computer until the alternates have developed trust over a longer period of time... I'm probably on the paranoid side of things though.
These new cryptocurrencies are interesting, and it will be fascinating to see how it will all play out.
Using an alternate cryptocurrency client would be a great way to get many people to install a hidden virus that targets Bitcoin users.
If you have a significant amount of Bitcoins, I wouldn't run other clients on the same computer until the alternates have developed trust over a longer period of time... I'm probably on the paranoid side of things though.
These new cryptocurrencies are interesting, and it will be fascinating to see how it will all play out.
Ultimately someone should probably release a product, some hardware such as a thumb drive with an OS which runs in as a virtual machine and sell it to people. Then they just plug it in and install the latest alt-coin for testing. The thumb drive should also include biometric authentication and generate a one time password.
It would be the perfect hardware wallet in my opinion. No remembering passwords. You wouldn't even necessarily have to worry about losing the hardware wallet because the actual wallet could be backed up to the cloud or internet and downloaded again as it would be authenticated by your biometric signature which will not change even if you were to lose the device. It would be a combination of a Yubikey, 16-32GB hardware encrypted solid state drive, and finger vein recognition biometric authentication. Push one button and it backs up all your coins to your email, or to the cloud. Put your finger into the slot, enter the 4 digit pin, and you can make a transaction.
The reason for the pin is because someone might try to steal your money while you're asleep. Something you know, something you have, something you are.
I haven't seen anybody post about what would be my biggest worry if I were trying out alternative block chains. I realize this may be perceived as "Gavin is FUD'ding anything that isn't bitcoin!" (FUD == Fear, Uncertainty and Doubt) But I think some of you might be forgetting some basic computer security fundamentals in the excitement to be early adopters.
When I first heard about bitcoin, my questions were:
1) Can it possibly work (do the ideas for how it works make sense)?
2) Is it a scam?
3) If it is not a scam, could it open my computer up to viruses/trojans if I run it?
I answered those questions by:
1) Reading and understanding Satoshi's whitepaper. Then thinking about it for a day or two and reading it again.
2) Finding out everything I could about the project. I read every forum thread here (there were probably under a hundred threads back then) and read Satoshi's initial postings on the crypto mailing list.
3) Downloaded and skimmed the source code to see if it looked vulnerable to buffer overflow or other remotely exploitable attacks.
If I were going to experiment with an alternative block-chain, I'd go through the same process again. But I'm an old conservative fuddy-duddy.
If you want to take a risk on a brand-new alternative block-chain, I'd strongly suggest that you:
1) Run the software in a virtual machine or on a machine that doesn't contain anything valuable.
2) Don't invest more money or time than you can afford to lose.
3) Use a different passphrase at every exchange site.
When I first heard about bitcoin, my questions were:
1) Can it possibly work (do the ideas for how it works make sense)?
2) Is it a scam?
3) If it is not a scam, could it open my computer up to viruses/trojans if I run it?
I answered those questions by:
1) Reading and understanding Satoshi's whitepaper. Then thinking about it for a day or two and reading it again.
2) Finding out everything I could about the project. I read every forum thread here (there were probably under a hundred threads back then) and read Satoshi's initial postings on the crypto mailing list.
3) Downloaded and skimmed the source code to see if it looked vulnerable to buffer overflow or other remotely exploitable attacks.
If I were going to experiment with an alternative block-chain, I'd go through the same process again. But I'm an old conservative fuddy-duddy.
If you want to take a risk on a brand-new alternative block-chain, I'd strongly suggest that you:
1) Run the software in a virtual machine or on a machine that doesn't contain anything valuable.
2) Don't invest more money or time than you can afford to lose.
3) Use a different passphrase at every exchange site.
Multi-factor authentication for all please. Yubikey+Password, Cellphone+Password, Smartcard+Password, Biometric+Password.
Never trust a site which wants you to use a password alone. Never trust your keyboard or your operating system. Biometric hardware wallets will become increasingly important for security of crypto-finance in the future and I wish there were more robust hardware and API's for it.
I know Bitcoin is intending to support two-factor authentication but please consider supporting the latest biometric technology as well due to the ease of use factor.
Just out of interest was there any any coin/mining tool infected here in past?
I knew few ppl that lost coins from Gox, BTC-e and they were "careful", even gmail verification have not helped, but i bet many mined alt crap
I knew few ppl that lost coins from Gox, BTC-e and they were "careful", even gmail verification have not helped, but i bet many mined alt crap
I've never heard of any real trojans or viruses in wallet releases yet. It seems walletstealers in coin.exes are a myth, propagated by false negatives from antivirus software.
Just out of interest was there any any coin/mining tool infected here in past?
I knew few ppl that lost coins from Gox, BTC-e and they were "careful", even gmail verification have not helped, but i bet many mined alt crap
I knew few ppl that lost coins from Gox, BTC-e and they were "careful", even gmail verification have not helped, but i bet many mined alt crap
I think these are perfectly legitimate concerns actually but the way I found out whether Bitcoin wasn't a scam and the way I find out anything else isn't a scam is this:
. Is it open source? If it's open source then that means people will be able to look at the code and find anything suspicious or even help to improve it if the developer is unwilling, it's very difficult to plant something bad if people can investigate it with a microscope
. Is it open source? If it's open source then that means people will be able to look at the code and find anything suspicious or even help to improve it if the developer is unwilling, it's very difficult to plant something bad if people can investigate it with a microscope
Be careful here. As a coder, I can hide some pretty fancy run time code that calls a script from a server that can update with malicious intentions.
Or if I am really lazy, I can have an open source on git, but a private one that I compile from with the bad code.
You are not protected on most of these, the laziness of the stupid people copying/pasting the new alt-coins is the only thing that is protecting you.
If a group with the education/willfulness somewhat smarter then the average 15 year old coder decided to reek havoc on all of the folks that race to mine the alt-coin on launch; the damage wouldn't be measurable.
Thought experiment:
Pre-announce alt-coin
On release link to source on git. Publish a binary with hidden code.
Include code in binary to copy all wallet files from all altcoins traded on cryptsy.
On the server that the wallets are uploaded to, run a test to see if it is encrypted.
For unencrypted wallets send the coins to cryptsy/coins-e wallet and sell for btc/ltc.
Have code self-patch to remove the function call.
...
Wait a few months, rinse and repeat.
The above project can be done by anyone with coding experience in a matter of days. You are not protected, please start being somewhat cautious.
HTH.
Jump to: