Author

Topic: Protecting your Bitcoins? - Infostealer.Coinbit (Read 3540 times)

legendary
Activity: 3080
Merit: 1080
Does anyone know what possible filename this infection may come under? Or anything that can help me locate the infection if it is still in the system? Or at least to figure out if I indeed had this trojan.



Allinvain - I'm looking up that information as we speak. I'll post more shortly.

Did you find anything useful? Since you haven't posted I presume no, or you must've forgotten?
member
Activity: 84
Merit: 10
I wonder if there is a way to work around malware infections. Can the bitcoin client run in some sort of protected memory space? I got an idea though. How about one of those secure cryptokeys features. Essentially you'd use your mouse to click on a virtual keyboard which is scrambled by client so each time you click on say on the keys of the virtual keyboard the input would correspond to a different output. This way even if the hacker screenshots your system they can't really get your secret password? Elaborate - yes Necessary - yes...

The client could also be written to utilize two-factor authentication schemes, but then you'd need a centralized authority to manage the other side of the two-factor authentication.  That kind of goes against the philosophy of Bitcoin.

unless we expect every future bitcoin user to not run the client on any M$ operating system?

That's the best idea I've heard.  Seriously, why would anyone have:

1)  A single wallet.dat that contained 25,000 BTC.  That's like carrying $500,000 in cash, in your wallet.  Insane.
2)  Trust any wallet.dat files to Windows.

Just my $0.02 worth.  If what happened really happened to you, I'm sorry.  But, when I saw BTC go over $0.10 I'd have started moving things around and securing an offline wallet.
legendary
Activity: 3080
Merit: 1080
That has to be the lamest trojan I've ever seen! If it netted this guy half a million dollars, well damn.

The first very small step towards security I took was change the default place where the wallet.dat was stored...

Apparently I wouldn't have to worry anyway, as I don't use any of those operating systems!

Rezin777 it is pretty crazy when you think about it!  The location path should be the first thing you should change I totally agree.

The wallet.dat should not be called wallet.dat and it should be stored in a random directory in the user's profile/home directory - preferrably a randomly generated name. The location of this directory with the randomly generated .dat file should be visible and known only to the bitcoin client. What I'm saying is the wallet.dat should be separated from the .bitcoin or "Bitcoin" directory.

Not to mention the location should be stored encrypted in the bitcoin configuration file.

The devs are working on this.  But, it's not hard overall:

Fire up client.
Ask user for password.
Create wallet.dat.
Encrypt data in wallet.dat with user password.
Whenever wallet.dat is accessed, prompt user for password to decrypt data.

You don't actually need the private keys to do anything but send coins.  So, the wallet.dat data only needs to be accessed if you're sending coins and/or adding addresses.  So, it wouldn't be that annoying to be prompted.

Now if someone steals your wallet.dat, it's useless unless they know the password.
As long as you have backups, you cannot lose your coins.

Of course, if you have malware on your system, they can keylog the password and then all bets are off.

I wonder if there is a way to work around malware infections. Can the bitcoin client run in some sort of protected memory space? I got an idea though. How about one of those secure cryptokeys features. Essentially you'd use your mouse to click on a virtual keyboard which is scrambled by client so each time you click on say on the keys of the virtual keyboard the input would correspond to a different output. This way even if the hacker screenshots your system they can't really get your secret password? Elaborate - yes Necessary - yes...unless we expect every future bitcoin user to not run the client on any M$ operating system?

member
Activity: 84
Merit: 10
That has to be the lamest trojan I've ever seen! If it netted this guy half a million dollars, well damn.

The first very small step towards security I took was change the default place where the wallet.dat was stored...

Apparently I wouldn't have to worry anyway, as I don't use any of those operating systems!

Rezin777 it is pretty crazy when you think about it!  The location path should be the first thing you should change I totally agree.

The wallet.dat should not be called wallet.dat and it should be stored in a random directory in the user's profile/home directory - preferrably a randomly generated name. The location of this directory with the randomly generated .dat file should be visible and known only to the bitcoin client. What I'm saying is the wallet.dat should be separated from the .bitcoin or "Bitcoin" directory.

Not to mention the location should be stored encrypted in the bitcoin configuration file.

The devs are working on this.  But, it's not hard overall:

Fire up client.
Ask user for password.
Create wallet.dat.
Encrypt data in wallet.dat with user password.
Whenever wallet.dat is accessed, prompt user for password to decrypt data.

You don't actually need the private keys to do anything but send coins.  So, the wallet.dat data only needs to be accessed if you're sending coins and/or adding addresses.  So, it wouldn't be that annoying to be prompted.

Now if someone steals your wallet.dat, it's useless unless they know the password.
As long as you have backups, you cannot lose your coins.

Of course, if you have malware on your system, they can keylog the password and then all bets are off.
legendary
Activity: 3080
Merit: 1080
That has to be the lamest trojan I've ever seen! If it netted this guy half a million dollars, well damn.

The first very small step towards security I took was change the default place where the wallet.dat was stored...

Apparently I wouldn't have to worry anyway, as I don't use any of those operating systems!

Rezin777 it is pretty crazy when you think about it!  The location path should be the first thing you should change I totally agree.

The wallet.dat should not be called wallet.dat and it should be stored in a random directory in the user's profile/home directory - preferrably a randomly generated name. The location of this directory with the randomly generated .dat file should be visible and known only to the bitcoin client. What I'm saying is the wallet.dat should be separated from the .bitcoin or "Bitcoin" directory.

Not to mention the location should be stored encrypted in the bitcoin configuration file.
hero member
Activity: 588
Merit: 500
Quote
Risk Level 1: Very Low

Ummmmm... FAIL
legendary
Activity: 2408
Merit: 1121
Of course any malicious payload could change, but as a precaution you may want to put the following in your 'hosts' file:

(Depends on your windows install, but do a search for hosts*)

127.0.0.1  smtp.wp.pl

Or just move your savings wallet to an appropriately encrypted container with backups under your Linux distro of choice.
legendary
Activity: 1330
Merit: 1000
Bitcoin
That has to be the lamest trojan I've ever seen! If it netted this guy half a million dollars, well damn.

The first very small step towards security I took was change the default place where the wallet.dat was stored...

Apparently I wouldn't have to worry anyway, as I don't use any of those operating systems!

Rezin777 it is pretty crazy when you think about it!  The location path should be the first thing you should change I totally agree.
full member
Activity: 154
Merit: 100
That has to be the lamest trojan I've ever seen! If it netted this guy half a million dollars, well damn.

The first very small step towards security I took was change the default place where the wallet.dat was stored...

Apparently I wouldn't have to worry anyway, as I don't use any of those operating systems!
legendary
Activity: 1330
Merit: 1000
Bitcoin
Does anyone know what possible filename this infection may come under? Or anything that can help me locate the infection if it is still in the system? Or at least to figure out if I indeed had this trojan.



Allinvain - I'm looking up that information as we speak. I'll post more shortly.
legendary
Activity: 1330
Merit: 1000
Bitcoin
Renting a server costs only few $ a year
Even if the storage is ridiculous, it's far enough to store a encrypted wallet.dat...
I think it's worth it

I contacted the service - basically, they offer 2 things:

1.) wallet.dat back up via upload - 100 percent coverage for your BTC if anything should go wrong on their end.
2.) wallet.dat no upload - 100 percent coverage for your BTC wallet.

So either way you are covered for the coins you have. Finding out more Grin
legendary
Activity: 3080
Merit: 1080
Does anyone know what possible filename this infection may come under? Or anything that can help me locate the infection if it is still in the system? Or at least to figure out if I indeed had this trojan.

legendary
Activity: 1176
Merit: 1233
May Bitcoin be touched by his Noodly Appendage
Renting a server costs only few $ a year
Even if the storage is ridiculous, it's far enough to store a encrypted wallet.dat...
I think it's worth it
full member
Activity: 224
Merit: 100
I would be fine uploading an encrypted wallet file to a "secure" server. If the server's compromised, oh well.
legendary
Activity: 1330
Merit: 1000
Bitcoin
Looks like Symantec just released the culprit who steals bitcoins from wallets  Angry

Source: Symantec http://www.symantec.com/security_response/writeup.jsp?docid=2011-061615-3651-99&tabid=2

So I started looking around for anything to help protect BitCoins (besides encrypting).
Jump to: