Topic: Trojan Wallet stealer be careful - page 5. (Read 25869 times)

Are you inferring that the average person's computer will never be safe enough to use the bitcoin client?

Just like TrueCrypt?

said the linux nerd.

Best place to place the encrypted file is on Dropbox. 

Bitcoin developers, please, please, please do create encrypted wallet functionality, so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.

QFE   

Why is the wallet.dat not encrypted by default anyway?

Asking the average internet user to use TrueCrypt,FreeOTFE,LinuxCoin,Command Line whatever is ihmo far far far to geeky to be widely accepted.
If you want bitcoin to be an easy payment alternative like paypal, then make it more simple&secure. If simply copying the wallet file is enough to rob someone, it's hell insecure. :-/
When you first start the bitcoin client and wallet is created, there is no prompt telling the user that he/she must secure the wallet file, it doesn't even say that it exists or where the wallet file is saved. But these are things you at least have to tell the average non-geek user. When i think of my parents for example...they know how to use google,emails and even managed to sign up at ebay. but they don't give a fuck about Cookies,Scripts,TrueCrypt whatsoever. And that isn't about to change. In the Bitcoin client you could simply implement a start dialog like "Choose wallet" , Click, "Enter Password", click, done. And it would be save from simply copying the wallet file. Of course this wouldn't make it 100% secure, there will always be keyloggers,trojans and such...but it would at least make it a bit harder and not every idiot could simply copy the file and use it. In bitcoin it's all about hashing, encryption, making the network as secure as possible but the wallet is an open door.

FreeOTFE is an On The Fly Encryption application.

You can use it instead of TC because it doesn't need to be installed, at least the Portable Explorer version doesn't(otherwise it requires admion permissions).

WTF is FreeOTFE and why would one use it instead of TrueCrypt?

Windows 7 rejects it because it doesn't have digitally signed drivers, any work around for this?

re: http://www.imgjoe.com/x/capture22323.jpg

trust no one

How do we know we can trust you?   

Open source GPG encryption tools for Mac OS are available here: http://macgpg.sourceforge.net/

But don't these tools still leave you vulnerable while you're running the bitcoin client (because client requires unencrypted wallet.dat)?

Are you talking about the Infostealer.Coinbit?

It has been recognized by Symantec
http://www.symantec.com/connect/blogs/all-your-bitcoins-are-ours

Symantec said the malware will locate wallet.dat then send it back by e-mail or FTP.

As a side note - for those of you willing to trust an app, read the source code first. If it's not available, huge warning lights should go off.

There is a (new?) trojan wallet stealer out in the wild ATM.

Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).

Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

You have been warned.

Nefario