Pages:
Author

Topic: Most likely - Possible malware in latest Bitcoin Core 64 bits bitcoin-qt.exe - page 2. (Read 2920 times)

staff
Activity: 3458
Merit: 6793
Just writing some code
There is no problem here. If the hashes match and you properly verify the download by following: https://bitcointalksearch.org/topic/verifying-bitcoin-core-1588906 then there will be absolutely no problems.

The AV warnings are all false positives. They usually flag Bitcoin Core as a coin stealer (because it looks for a wallet.dat since it creates the file) or a bitcoin miner (because it contains a miner in the software if you want to mine on regtest or testnet).
full member
Activity: 154
Merit: 100
Malware creator always keeps eye on prey that where they could ignite their malware on system. And bitcoin software is one such source through which they could spead their bad codes. We should be really carefull even with bitcoin softwares also.
legendary
Activity: 1904
Merit: 1074
Sites like https://www.virustotal.com makes use of Heuristics and code that might look or behave like a virus, will be flagged. Do you really

think code that are not proprietary, would hide viruses or Malware? It is under constant scrutiny from competitors to find "weakpoints" to

discredit it, so why would people insert Malware on purpose?  Huh  Make sure you are downloading it from "trusted" sites.
legendary
Activity: 3556
Merit: 9709
#1 VIP Crypto Casino
This is terrible, I don't supppse you'll ever know the full truth here though. I'm hesitant to upgrade my Core Client to 0.13.1 now.
sr. member
Activity: 379
Merit: 250
For me, its sounds like a false positive, but if you downloaded it from shady sources, be careful.
member
Activity: 79
Merit: 10
I think you have to have better look at this https://bitcoin.org/en/alert/2016-08-17-binary-safety
Quote
verifying your download using signatures from multiple developers using the gitian signatures repository

And also report this to bitcoin.org team.

Why? I only see 3 options here.

#1 bitcoin devs did slip malware in the code, what do you expect them to do if you tell them you found it? Confess?
#2 bitcoin devs did not slip malware in the code, its a false positive. Contacting them is useless, because they cant change the situation. Contact the anti virus vendor instead.
#3 bitcoin devs did not slio malware in the code, its not a false positive. Verifiying you are downloading the real thing solves this without contacting anyone.

The SHA256 signatures match the signatures specified by bitcoin.org. I will contact ASAP Bitcoin.org and some antivirus vendors...
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
I think you have to have better look at this https://bitcoin.org/en/alert/2016-08-17-binary-safety
Quote
verifying your download using signatures from multiple developers using the gitian signatures repository

And also report this to bitcoin.org team.

Why? I only see 3 options here.

#1 bitcoin devs did slip malware in the code, what do you expect them to do if you tell them you found it? Confess?
#2 bitcoin devs did not slip malware in the code, its a false positive. Contacting them is useless, because they cant change the situation. Contact the anti virus vendor instead.
#3 bitcoin devs did not slip malware in the code, its not a false positive. Verifiying you are downloading the real thing solves this without contacting anyone.
legendary
Activity: 994
Merit: 1000
I think you have to have better look at this https://bitcoin.org/en/alert/2016-08-17-binary-safety
Quote
Furthermore, we recommend verifying your download using signatures from multiple developers using the gitian signatures repository.

And also report this to bitcoin.org team.
legendary
Activity: 1241
Merit: 1005
..like bright metal on a sullen ground.
Just downloaded the latest Bitcoin Core from bitcoin.org, scanned it at https://www.virustotal.com

And bingo  Undecided Angry

SHA256 from bitcoin-qt.exe 90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338
SHA256 from the bitcoin core zip file match the right one: 3956daf2c096c4002c2c40731c96057aecd9f77a559a4bc52b409cc13d1fd3f2  bitcoin-0.13.1-win64.zip

Link to the scanner results:

https://www.virustotal.com/es/file/90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338/analysis/

AegisLab   Uds.Dangerousobject.Multi!c   20161127
Kaspersky   Trojan.MSIL.CoinStealer.km   20161127
Rising   Trojan.CoinStealer!8.168F-c5irH5Q00gL (cloud)   20161127

https://securelist.com/blog/virus-watch/58553/analysis-of-malware-from-the-mtgox-leak-archive/

Quote
The malware creates and executes the TibanneSocket.exe binary and searches for the files bitcoin.confand wallet.dat v the latter is a critical data file for a Bitcoin crypto-currency user: if it is kept unencrypted and is stolen, cybercriminals will gain access to all Bitcoins the user has in his possession for that specific account.
legendary
Activity: 924
Merit: 1000
This is serious. Chances are that this is a false positive (I hope so).
Please report back to bitcoin.org!
member
Activity: 79
Merit: 10
Just downloaded the latest Bitcoin Core from bitcoin.org, scanned it at https://www.virustotal.com

And bingo  Undecided Angry

SHA256 from bitcoin-qt.exe 90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338
SHA256 from the bitcoin core zip file match the right one: 3956daf2c096c4002c2c40731c96057aecd9f77a559a4bc52b409cc13d1fd3f2  bitcoin-0.13.1-win64.zip

Edit: The SHA256 match the signatures specified in the Bitcoin.org website

Link to the scanner results:

https://www.virustotal.com/es/file/90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338/analysis/

AegisLab   Uds.Dangerousobject.Multi!c   20161127
Kaspersky   Trojan.MSIL.CoinStealer.km   20161127
Rising   Trojan.CoinStealer!8.168F-c5irH5Q00gL (cloud)   20161127

Edit2: Seems like the Rising antivirus doesnt mark it anymore as a malware. Edit 2.1: Added again as malware

Edit3: I see that the 32 bits binary is totally clean in virustotal. This only happen with the 64 bits binary of bitcoin-qt.exe

Edit4: Confirmed. Kaspersky deletes the file on sight, and more antivirus marked the file as infected. Doesnt seems to be a false positive.
Pages:
Jump to: