Topic: Trojan Wallet stealer be careful (Read 25869 times)

+1

This isn't true at all, yes Linux can be unsecure, but overall a Linux (desktop) box is much more secure than Windows due to obscurity.
Most attacks directed at Linux are directed at server software that shouldn't be running on your machine open to the internet.
Overall most desktop attack vectors are pointed at Windows since it is the most widely used desktop OS compared to the 1% who currently use Linux.

   
Trojan Wallet

a trojan could still infect your windows host machine, keylog your decryption password when you boot the linux virtual machine and download the virtual hard drive image so the attacker can steal the wallet.dat from it

I think the best solution will be storing wallet and using Bitcoin client on virtual machine with Linux as guest OS and encrypted home directory. Just install VirtualBox, download Ubuntu, and when installing enable home dir encryption.

Yes and thats where people are mistaken right now.
To use (send) Bitcoins you need to be connected to the web.
And it will take only a split millisecond for a trojan to execute stuff on your pc.
So unless your Chuck Norris an can click super fast your solution is not 100% trojan proof.
Nice try though with the fancy finger print reader.

So you're copying an unencrypted wallet to an online Windows box.

Wouldn't a trojan just have to wait for the file to be copied and then steal it?

[edited]

Something like this will do it for you on Linux:


Save to a file, add a line to the end of .bashrc saying:

Start a new terminal, type 'bitcoin', and it should use the script instead of the regular client.

+1

These have been my thoughts too.   bitcoins must be valuable if so many are trying to steal them....

New scam software found on youtube, please flag as such

http://www.youtube.com/watch?v=l9UvUyT5i5s

DO NOT USE THIS PROGRAM!

The typical Linux box gets hacked through misconfiguration of third party software. The difference with Windows is that the 'typical' Linux box is a server, not a desktop, so it will run network facing services and lots of times will be administered according to the 'what bushfire needs to be extinguished next' principle since security is usually subordinate to other considerations in a corporate setting (mainly deadlines), even if the admins know what they are doing.

That doesn't mean Linux is less safe than Windows (I would argue the opposite), it just has different attack vectors. I agree that Linux offers a lot more tools compared to Windows

Linux is no magic bullet when it comes to security. I've seen so many compromised Linux boxes with hacked sshd, apache, bind, and running python scripts it's not even funny. The tools a typical Linux box offers to hacker is just ridiculous compared with your typical Windows box.

Use Linux, and take additional steps for added security.

Windows is insecure by default, to many viruses available, and not one antivirus is 100% perfect, they all have a margin of failure were new viruses go undetected.

There are also viruses for Linux but it is very rare, and Linux out of the box is more secure.

What everyone should do is run Linux, Debian (Ubuntu), Fedora, Mandrivia, etc.

And for those of you that have a lot of bitcoins encrypt and backup the wallet.
pgp, gpg, and best crypt, true crypt are all good choices.

True crypt is best for usb, or portable disks.
pgp or gpg are good for encrypting the wallet directly.
or in you want something transparent with best crypt you can configure an account to automatically mount an encrypted file system, once the file system is mounted it is no longer encrypted until you log out, so best crypt works best using a separate account that you log in, and as soon as you are done log out, once you log out the filesystem is unmounted, and it is an encrypted folder representing the filesystem.

The only problem is that if you are expecting a payment you can not have the wallet encrypted with the current version of the bitcoin client, therefore what you can you is use 2 accounts, one that keeps the wallet encrypted and you backit up, and the other that you use for receiving or making payments, after  that wallet reaches certain amount of money make a transfer to the wallet you keep encrypted, and then backup the wallet in encrypted form somewhere else.

That way you have 2 wallets, once for pocket change, like the wallet you carry in your pocket un encrypted, and the other wallet that has all the cash encrypted and backed up.

Also when using encryption use a secure algorithm, there are many that are very secure, and others are very easily broken.

Also when it comes to encryption always use an open source package.
There is an old saying that security by obscurity is snake oil, so rely on open source for your security.

Another reason for using encryption if your computer is stolen, with either windows or Linux it is possible to log on the system once the thief has physical access to your machine, however if the wallet is encrypted there is nothing the thief can do other than a brute force attack, and if you used a secure password with a good algorithm it is nearly impossible for the thief to gain access to the data in your wallet.

Don't forget offsite backups in case your house burns down or gets carried away to Oz by a tornado.

LOL @ middle finger ... seriously why does it always have to be the MIDDLE FINGER ?

some sample code for a wallet stealer in metasploit:

https://dev.metasploit.com/redmine/projects/framework/repository/revisions/12993/entry/modules/post/windows/gather/bitcoin_jacker.rb

+1.  Agreed.  This should be default.

Strictly speaking you can't assume so. Practically, it depends on what attacks are possible against the transfer medium and the blockchain itself. For example your OS might prescan inserted USB sticks and contain vulnerabilities in this code (this is a known attack vector), regardless of any autoplay settings. The blockchain could be doctored to include buffer overflow initiated code (the client could contain parsing bugs, I bet this has not been vetted yet). The blockchain could even be replaced by something like a specially crafted PDF file with attack code in it. There was a nice Adobe bug where when you installed the suite it would add a PDF parsing service to Windows which had a buffer overflow vulnerability. In a default setup Windows is set to periodically scan for new files for its indexing service. When the indexer comes across a PDF file, the Adobe service would be called to parse it, boom, infected. So just having the file on the system, without opening it, would infect it.

A similar exploit was possible on the Amiga, in ancient times (Kickstart 1.2) when the OS detected a filesystem problem it would automatically invoke the checkdisk program (pretty advanced for the time), but would try to load it from amongst others the floppy. Floppies were autodetected, so if you inserted one with a purposefully corrupted filesystem, and put your own doctored checkdisk program on there it would autoexecute. This in light that bootsector viruses already existed but were only executed when booting from them.