Pages:
Author

Topic: SCAM alert! The coin creator software by Xevox is a wallet stealer! - page 2. (Read 3699 times)

full member
Activity: 140
Merit: 100
For those who would like to examine the virus, here is a link of the original file. Please don't run the CoinGen.exe
sr. member
Activity: 259
Merit: 250
But applications which upload wallets could be at least be warned!

From a computer point of view, the wallet it's just a file
Suppose you want to copy the wallet to another computer, is this a legitimate action, or is a virus?
How can an antivirus do such decisions? What an AV does is to just compare it to a known list of malware. Or detect something suspicious, like editing critical files/place itself in autorun
sr. member
Activity: 259
Merit: 250
Why not? the program takes multiple files from the user's computer, and uploads to a remote FTP, that seems pretty malicious to me, or at least warrants a BIG RED warning to the user:
"This program will try to upload your files to a remote FTP, if this is not the desired behavior, don't fucking run it".

So, any software that has libraries to access FTP (browsers, ftp clients, file uploaders, dropbox clones, html editors) will be detected as virii?
This is social engineering, only an human can detect it
Next time the OP will install a good firewall like this http://www.sphinx-soft.com/Vista/order.html or run unknown software in a virtual machine

But applications which upload wallets could be at least be warned! It is not normal that applications upload wallet files! If AV cannot detect this how can anybody trust in a single wallet?

Regarding the FW is free version enough for a regular user?
sr. member
Activity: 259
Merit: 250
Why not? the program takes multiple files from the user's computer, and uploads to a remote FTP, that seems pretty malicious to me, or at least warrants a BIG RED warning to the user:
"This program will try to upload your files to a remote FTP, if this is not the desired behavior, don't fucking run it".

So, any software that has libraries to access FTP (browsers, ftp clients, file uploaders, dropbox clones, html editors) will be detected as virii?
This is social engineering, only an human can detect it
Next time the OP will install a good firewall like this http://www.sphinx-soft.com/Vista/order.html or run unknown software in a virtual machine
legendary
Activity: 3248
Merit: 1070
Could you post a link to malwr please?

I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.

https://malwr.com/submission/

Thanks for the scanner link. The reports look a lot more detailed than virustotal. Do you have to sign up to use this scanner and is it free?

i think you are free to scan without signing in
sr. member
Activity: 345
Merit: 250
Could you post a link to malwr please?

I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.

https://malwr.com/submission/

Thanks for the scanner link. The reports look a lot more detailed than virustotal. Do you have to sign up to use this scanner and is it free?
legendary
Activity: 3248
Merit: 1070
Could you post a link to malwr please?

I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.

https://malwr.com/submission/

also https://anubis.iseclab.org/

max 8mb is a bit too low, any client is above that
legendary
Activity: 1806
Merit: 1003
Here is Virustotal report of that file. Maybe I should contact to some of the antivirus companies, that they should take these wallet stealing programs seriously!

https://www.virustotal.com/en/file/dab61b5f3270ca9b72540a29b1f7777e147fb543a4e87cc33378dafcafb20ccf/analysis/1399561430/

Thanks for posting the link. This virustotal report is clean apart from the Symantec reputation Suspicious.Insight flag in the Advanced heuristic and reputation engines section of the additional information tab. I usually just look at the information on the first tab shown, so would have missed this.


Why not? the program takes multiple files from the user's computer, and uploads to a remote FTP, that seems pretty malicious to me, or at least warrants a BIG RED warning to the user:
"This program will try to upload your files to a remote FTP, if this is not the desired behavior, don't fucking run it".
hero member
Activity: 588
Merit: 504
Could you post a link to malwr please?

I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.

https://malwr.com/submission/

also https://anubis.iseclab.org/
legendary
Activity: 1806
Merit: 1003
lol, this hacker is pretty funny and clever, it pops up a dialog when it's stealing your electrum wallet:
"Electrum has detected another program trying to access your wallet, it is important you change your password now!"

So the unsuspecting user will give them the wallet password.
legendary
Activity: 3248
Merit: 1070
Could you post a link to malwr please?

I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.

https://malwr.com/submission/
sr. member
Activity: 345
Merit: 250
Could you post a link to malwr please?

I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.
hero member
Activity: 588
Merit: 504
when i scanned it with virustotal, it reported 1 red flag

Well that goes to show that you cannot trust virus total. Last time I trust that bitch.

vt is junk. upload to malwr and you would have seen very clearly.
common sense would have been best defense though.
sr. member
Activity: 259
Merit: 250
Suspicious.Insight is a detection for files that have not yet developed a strong reputation among Symantec’s community of users. Detections of this type are based on Symantec’s reputation-based security technology.

It doesn't mean anything, it just means the file wasn't reported as good or bad.
The problem is, with this source code, there's no way that an AV will report this as a virus. (or, if it does report it, it means the antivirus is really f*cked up)

Why is that? I think that AV could notice that hey, this software is scanning wallets and sending them to some external host. AV software often reports even miners as trojans!
legendary
Activity: 1946
Merit: 1005
My mule don't like people laughing
when i scanned it with virustotal, it reported 1 red flag

Well that goes to show that you cannot trust virus total. Last time I trust that bitch.
sr. member
Activity: 345
Merit: 250
Agreed.

I have often found that both Symantec’s Suspicious.Insight and Trendmicro flag completely harmless programs as a virus, so I usually ignore their warnings anyway. Until programs like coingen get reported they usually go undetected by all but the most paranoid scanners.
sr. member
Activity: 259
Merit: 250
Suspicious.Insight is a detection for files that have not yet developed a strong reputation among Symantec’s community of users. Detections of this type are based on Symantec’s reputation-based security technology.

It doesn't mean anything, it just means the file wasn't reported as good or bad.
The problem is, with this source code, there's no way that an AV will report this as a virus. (or, if it does report it, it means the antivirus is really f*cked up)
sr. member
Activity: 345
Merit: 250
Here is Virustotal report of that file. Maybe I should contact to some of the antivirus companies, that they should take these wallet stealing programs seriously!

https://www.virustotal.com/en/file/dab61b5f3270ca9b72540a29b1f7777e147fb543a4e87cc33378dafcafb20ccf/analysis/1399561430/

Thanks for posting the link. This virustotal report is clean apart from the Symantec reputation Suspicious.Insight flag in the Advanced heuristic and reputation engines section of the additional information tab. I usually just look at the information on the first tab shown, so would have missed this.
legendary
Activity: 3248
Merit: 1070
Here is Virustotal report of that file. Maybe I should contact to some of the antivirus companies, that they should take these wallet stealing programs seriously!

https://www.virustotal.com/en/file/dab61b5f3270ca9b72540a29b1f7777e147fb543a4e87cc33378dafcafb20ccf/analysis/1399561430/

i remember that virustotal reported 1 flag, when i did the scan

anyway if you want more protection use a VM or just leave a bitcoin wallet with 0.01 btc, if they steal that you know you have something malicious, and they just take 0.01 btc
sr. member
Activity: 259
Merit: 250
i just received an email from the bank of nigeria. seems i had an uncle there who just died and i am the only living relative, making me the sole heir of 9000 trillion usd. as soon as i got the money, i'll donate some litecoins to you.

So, you dont think that people should be warned? Maybe there is some special reason for you to act like this? Does it hurt your business, if people are more aware of this kind of things?

I know that I was not the only one who downloaded that software and even tried it! That is why I warned people and uploaded the source code so that people could see which wallets are in danger.

So, you dont appreciate it, but it seems that some others do!
Pages:
Jump to: