Topic: SCAM alert! The coin creator software by Xevox is a wallet stealer! - page 2. (Read 3701 times)
May 09, 2014, 01:08:19 PM
For those who would like to examine the virus, here is a link of the original file. Please don't run the CoinGen.exe
May 09, 2014, 12:58:36 PM
But applications which upload wallets could be at least be warned!
From a computer point of view, the wallet it's just a file
Suppose you want to copy the wallet to another computer, is this a legitimate action, or is a virus?
How can an antivirus do such decisions? What an AV does is to just compare it to a known list of malware. Or detect something suspicious, like editing critical files/place itself in autorun
May 09, 2014, 12:51:46 PM
Why not? the program takes multiple files from the user's computer, and uploads to a remote FTP, that seems pretty malicious to me, or at least warrants a BIG RED warning to the user:
"This program will try to upload your files to a remote FTP, if this is not the desired behavior, don't fucking run it".
"This program will try to upload your files to a remote FTP, if this is not the desired behavior, don't fucking run it".
So, any software that has libraries to access FTP (browsers, ftp clients, file uploaders, dropbox clones, html editors) will be detected as virii?
This is social engineering, only an human can detect it
Next time the OP will install a good firewall like this http://www.sphinx-soft.com/Vista/order.html or run unknown software in a virtual machine
But applications which upload wallets could be at least be warned! It is not normal that applications upload wallet files! If AV cannot detect this how can anybody trust in a single wallet?
Regarding the FW is free version enough for a regular user?
May 09, 2014, 12:20:02 PM
Why not? the program takes multiple files from the user's computer, and uploads to a remote FTP, that seems pretty malicious to me, or at least warrants a BIG RED warning to the user:
"This program will try to upload your files to a remote FTP, if this is not the desired behavior, don't fucking run it".
"This program will try to upload your files to a remote FTP, if this is not the desired behavior, don't fucking run it".
So, any software that has libraries to access FTP (browsers, ftp clients, file uploaders, dropbox clones, html editors) will be detected as virii?
This is social engineering, only an human can detect it
Next time the OP will install a good firewall like this http://www.sphinx-soft.com/Vista/order.html or run unknown software in a virtual machine
May 09, 2014, 11:05:09 AM
Could you post a link to malwr please?
I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.
I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.
https://malwr.com/submission/
Thanks for the scanner link. The reports look a lot more detailed than virustotal. Do you have to sign up to use this scanner and is it free?
i think you are free to scan without signing in
May 09, 2014, 10:57:41 AM
Could you post a link to malwr please?
I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.
I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.
https://malwr.com/submission/
Thanks for the scanner link. The reports look a lot more detailed than virustotal. Do you have to sign up to use this scanner and is it free?
May 09, 2014, 10:39:27 AM
Could you post a link to malwr please?
I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.
I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.
https://malwr.com/submission/
also https://anubis.iseclab.org/
max 8mb is a bit too low, any client is above that
May 09, 2014, 10:22:23 AM
Here is Virustotal report of that file. Maybe I should contact to some of the antivirus companies, that they should take these wallet stealing programs seriously!
https://www.virustotal.com/en/file/dab61b5f3270ca9b72540a29b1f7777e147fb543a4e87cc33378dafcafb20ccf/analysis/1399561430/
https://www.virustotal.com/en/file/dab61b5f3270ca9b72540a29b1f7777e147fb543a4e87cc33378dafcafb20ccf/analysis/1399561430/
Thanks for posting the link. This virustotal report is clean apart from the Symantec reputation Suspicious.Insight flag in the Advanced heuristic and reputation engines section of the additional information tab. I usually just look at the information on the first tab shown, so would have missed this.
Why not? the program takes multiple files from the user's computer, and uploads to a remote FTP, that seems pretty malicious to me, or at least warrants a BIG RED warning to the user:
"This program will try to upload your files to a remote FTP, if this is not the desired behavior, don't fucking run it".
May 09, 2014, 10:19:53 AM
Could you post a link to malwr please?
I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.
I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.
https://malwr.com/submission/
also https://anubis.iseclab.org/
May 09, 2014, 10:19:07 AM
lol, this hacker is pretty funny and clever, it pops up a dialog when it's stealing your electrum wallet:
"Electrum has detected another program trying to access your wallet, it is important you change your password now!"
So the unsuspecting user will give them the wallet password.
"Electrum has detected another program trying to access your wallet, it is important you change your password now!"
So the unsuspecting user will give them the wallet password.
May 09, 2014, 10:07:52 AM
Could you post a link to malwr please?
I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.
I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.
https://malwr.com/submission/
May 09, 2014, 10:04:30 AM
Could you post a link to malwr please?
I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.
I never heard of this scanner before. Virustotal seems better than Jotti's scanner to me, but if there is something better I will use that.
May 09, 2014, 09:32:32 AM
when i scanned it with virustotal, it reported 1 red flag
Well that goes to show that you cannot trust virus total. Last time I trust that bitch.
vt is junk. upload to malwr and you would have seen very clearly.
common sense would have been best defense though.
May 09, 2014, 09:08:15 AM
Suspicious.Insight is a detection for files that have not yet developed a strong reputation among Symantec’s community of users. Detections of this type are based on Symantec’s reputation-based security technology.
It doesn't mean anything, it just means the file wasn't reported as good or bad.
The problem is, with this source code, there's no way that an AV will report this as a virus. (or, if it does report it, it means the antivirus is really f*cked up)
It doesn't mean anything, it just means the file wasn't reported as good or bad.
The problem is, with this source code, there's no way that an AV will report this as a virus. (or, if it does report it, it means the antivirus is really f*cked up)
Why is that? I think that AV could notice that hey, this software is scanning wallets and sending them to some external host. AV software often reports even miners as trojans!
May 09, 2014, 09:02:59 AM
when i scanned it with virustotal, it reported 1 red flag
Well that goes to show that you cannot trust virus total. Last time I trust that bitch.
May 09, 2014, 09:02:18 AM
Agreed.
I have often found that both Symantec’s Suspicious.Insight and Trendmicro flag completely harmless programs as a virus, so I usually ignore their warnings anyway. Until programs like coingen get reported they usually go undetected by all but the most paranoid scanners.
I have often found that both Symantec’s Suspicious.Insight and Trendmicro flag completely harmless programs as a virus, so I usually ignore their warnings anyway. Until programs like coingen get reported they usually go undetected by all but the most paranoid scanners.
May 09, 2014, 08:51:05 AM
Suspicious.Insight is a detection for files that have not yet developed a strong reputation among Symantec’s community of users. Detections of this type are based on Symantec’s reputation-based security technology.
It doesn't mean anything, it just means the file wasn't reported as good or bad.
The problem is, with this source code, there's no way that an AV will report this as a virus. (or, if it does report it, it means the antivirus is really f*cked up)
It doesn't mean anything, it just means the file wasn't reported as good or bad.
The problem is, with this source code, there's no way that an AV will report this as a virus. (or, if it does report it, it means the antivirus is really f*cked up)
May 09, 2014, 08:30:35 AM
Here is Virustotal report of that file. Maybe I should contact to some of the antivirus companies, that they should take these wallet stealing programs seriously!
https://www.virustotal.com/en/file/dab61b5f3270ca9b72540a29b1f7777e147fb543a4e87cc33378dafcafb20ccf/analysis/1399561430/
https://www.virustotal.com/en/file/dab61b5f3270ca9b72540a29b1f7777e147fb543a4e87cc33378dafcafb20ccf/analysis/1399561430/
Thanks for posting the link. This virustotal report is clean apart from the Symantec reputation Suspicious.Insight flag in the Advanced heuristic and reputation engines section of the additional information tab. I usually just look at the information on the first tab shown, so would have missed this.
May 09, 2014, 08:12:31 AM
Here is Virustotal report of that file. Maybe I should contact to some of the antivirus companies, that they should take these wallet stealing programs seriously!
https://www.virustotal.com/en/file/dab61b5f3270ca9b72540a29b1f7777e147fb543a4e87cc33378dafcafb20ccf/analysis/1399561430/
https://www.virustotal.com/en/file/dab61b5f3270ca9b72540a29b1f7777e147fb543a4e87cc33378dafcafb20ccf/analysis/1399561430/
i remember that virustotal reported 1 flag, when i did the scan
anyway if you want more protection use a VM or just leave a bitcoin wallet with 0.01 btc, if they steal that you know you have something malicious, and they just take 0.01 btc
May 09, 2014, 08:06:35 AM
i just received an email from the bank of nigeria. seems i had an uncle there who just died and i am the only living relative, making me the sole heir of 9000 trillion usd. as soon as i got the money, i'll donate some litecoins to you.
So, you dont think that people should be warned? Maybe there is some special reason for you to act like this? Does it hurt your business, if people are more aware of this kind of things?
I know that I was not the only one who downloaded that software and even tried it! That is why I warned people and uploaded the source code so that people could see which wallets are in danger.
So, you dont appreciate it, but it seems that some others do!
Jump to: