Topic: Trojan Wallet stealer be careful - page 22. (Read 50290 times)

In IT is hard to get anything secure if the end user is the weakest link.

Even tech-savvy guys can do mistakes when it comes to security. Or take risk they shouldn't.

I agree with you there.

And there you are hitting the crucial point. The vast majority of computer users is not tech-savvy. If we want Bitcoin to really succeed, it will have to be accessible and secure to a lot of people who are not tech-savvy. Knowing how software exploitation works should simply not be a requirement for using Bitcoin.

I can see why you may be paranoid, but the way you're talking, it's like you're saying that just because your connected to the internet and using a web-browser you're going to get a virus, but it's just not true. It's giving people a false paranoia of how easy it is to get a virus, when really for most people who are PC savvy and not stupid, it isn't that easy to get yourself infected with something malicious. I've never gotten a virus in the several years of using this PC, I use a light-weight but powerful anti-virus of course, but that's not the point. I simply don't do the things that most people get infected by which are:

• Download random software
• Pirate software
• Turn off automatic updates on everything
• Give permissions to Java applets (or run Java at all)
• Hang around on black-market websites or other websites with a malicious userbase

Although if I was keeping a large amount of BitCoins, I would probably secure it in a savings account which I have the all important wallet for stored in an encrypted key, just to be secure. Although there's no reason to start making everyone panic and think that they're just going to get exploited out of nowhere, there are steps you can take to prevent the chances of you ever getting a virus, some of which are common sense, some maybe not.

I've gotten viruses many years ago in a few different ways when I was still new to computing, but after learning how software exploitation works and what viruses are and so on...I've never gotten anything as far as I can tell. Of course you could say that I've been infected and I simply do not know, but if I have been, then they've done nothing with the vast amount of accounts I have and information I store on here.

Those odds are actually pretty large.
http://www.zdnet.com/blog/security/major-online-ad-site-hacked-serving-up-exploit-cocktail/4885
http://www.zdnet.com/blog/security/businessweek-site-hacked-serving-drive-by-exploits/1902
And those are just two massive-scale examples, that I found in 5 minutes of Googling.

You mentioned Adobe PDF Reader in your own post. And do you honestly think that removing the PDF reader plugin is easy enough for the majority of people to do it? How many people do you think are even aware of the capability to remove it?

It's not a 'conspiracy theory'. There have been multiple articles that detailed Windows updates that were sending back more information than they reasonably should (http://www.theregister.co.uk/2003/02/28/windows_update_keeps_tabs/ , http://irregulartimes.com/index.php/archives/2010/10/22/important-windows-update-microsoft-privacy-bing-bar/). I have in fact seen two updates in the update list myself in the past few years, that explicitly mentioned the information they would be sending back... which was way more information than was reasonable for a system update (these were not even security patches, but 'enhancements'). Not to mention the WGA tool and the dubious privacy consequences it has (http://www.theregister.co.uk/2007/03/09/ms_wga_phones_home/ , http://www.computerworld.com/s/article/9001540/Microsoft_faces_class_action_suit_over_WGA_tool?nlid=38&source=NLT_SEC). And yes, the WGA tool was automatically installed through Windows Update.

And what disgraceful language would that be?

Of course I know about 0day exploits, the odds of you getting hit by one of those is very low. What kind of websites do you hang around in order to get hit by a 0day exploit? I don't really want to know, insecure websites maybe or else some black market websites that are suspicious in the first place. What are the odds you visit a large compromised website with a 0day exploit before either the website is fixed or your program has been updated?

Also I'm aware of the fact it's not the plugin that is exploited, but it is the main source of where people get exploited by it, because they click on a link to a malicious PDF file without even thinking about it, or even noticing that the link is to a PDF file. Also you can remove the plugin just fine after installing it. Also you're assuming that I use Adobe PDF Reader, when in fact you are incorrect, I use Foxit PDF Reader and have been for several years.

Please spare me your conspiracy theories about Microsoft, they aren't giving you spyware like you said.

Oh and in future when talking to me, please don't use such disgraceful language, I'm treating you with respect, I expect the same in return, even if you disagree with me. We're all adults here, so start acting like one by having a mature conversation rather than blatently attacking me verbally. If you do not start doing that, I will not respond to you again.

Would you keep $16,000 lying on your dinner table, instead of buying a dedicated safe or keeping it in a bank?
Ever heard of 0days?
No. Very often viruses are acquired through exploiting 0day vulnerabilities, using for example driveby exploit kits on websites. You don't need to click anything, you don't need to give permission for anything, you just have to open a webpage. That can be a random newspaper whose site has been broken into. Or did you really think all 'virus creators' were still kids in their parents basement?
See above, blatant bullshit.
Windows Update also likes to install software that transmits data about your computer and certain use of it to Microsoft. Without consent. Funny how spyware also comes in through the Windows Update feature, huh?
The Adobe PDF reader plugin is not exploited, Adobe PDF Reader itself is exploited. Not to mention that you can usually not just remove the Adobe Reader plugin from your browser after you installed Reader. On that note, get a better PDF reader like Foxit PDF Reader (also free).

You are very much underestimating how vulnerable many systems are, and how easy it is to catch something bad without ever executing anything you downloaded yourself. Stop blaming the users and look at the systems first.

Is all of that really needed? Seriously? I mean what do you think they are going to do to if you don't install any malicious software or run software that hasn't been updated, or an OS that hasn't been updated for that matter.

Although the paranoia is understandable, if I had that many BitCoins in my account with the current exchange rate, I'd probably be extremely cautious too.

Also I saw another post that I forgot to quote about not having an anti-virus program and still never getting a virus, and people were saying I doubt it? How do you think viruses are aquired? Most of the time it's through blatent user error, such as running some random Java applet on a website, or not having your PDF reader updated, or turning off Windows Updates! Maybe you get attacked by the one in a million buffer overflow exploits before they are patched quickly enough, but aren't you running Windows 7 which has protection against it?

The best potential anti-virus is the person using the computer! Come on people, you just don't get exploited by clicking a link any more, we're well past the IE6 times!

I will make an important point though for people who aren't as paranoid but do want to keep themselves free of malicious software, simply keep everything updated and really limit what you download software-wise. Make sure Windows Updates are on, turning them off is a deathwish. Also on another note, try not to use many addons on browsers, addons are a bigger source of holes than the browsers themselves, one of the most commonly attacked one is Adobe PDF reader plugin, where you can literally get exploited just by browsing to a PDF on your browser, I'd avoid those kind of addons completely.

 Is there an integrated add-on for bit-wallet that encrypts your wallet?  Seems like this could be a handy thing to distribute with the bitwalet client itself.

This is the vital line in your post. If you can access it, so can a piece of malware.

The solution? Make sure that you are not even able to access it yourself, at any time you may be picking up malware.

If you are ultra paranoid, there are many non-bitcoin related guides out there on how to set up an encrypted filesystem.  At a minimum, you should be running linux to make yourself less of a target.  I'm not bashing on Windows, but personally I feel that it is easier to secure a linux box.

You should encrypt your home directory and use an encrypted swap as well.  I avoid encrypting my entire filesystem due to performance concerns.  swap may be a bit overkill, but you never know for sure how the client is going to work unless you look into the source. 

Ideally you would use an encrypted thumbdrive (4GB or larger for the database files) mounted to ~/.bitcoin or wherever your bitcoin client sets up its data, then shut down the client and remove the thumbdrive when not in use.  You can use a smaller drive and symlink just the wallet.dat file if you want.   I chose to keep the DB there so that I can use clients on different computers and just haul the thumbdrive around with minimal block-synching required.


Although I am a Gentoo user, I found this to be an excellent link detailing how to set up an encrypted thumbdrive on ubuntu: http://www.packtpub.com/article/securely-encrypt-removable-media-with-ubuntu
 
Perform the steps here to secure your wallet in Windows/Mac/Linux.  The linux instructions also cover encrypting your home directory and swap:
https://en.bitcoin.it/wiki/Securing_your_wallet

I cannot stress enough how important it is to create a separate user for bitcoin and avoid browsing/emailing with this user.

Be safe, be smart... and most of all, be a pain in the ass to the hackers. 

thanks for the warning mate

when you execute a program that contains a Password stealing Trojan horse on your ..... Internet and be careful of any suspicious scripts from mistrustful web sites.

Thanks for the info. I've gone ahead and changed all passwords on all mining sites to be different as well.

Amen!

No, because if you have a trojan it could steal your password as well.


More important: How many MHash/sec can it do? 

Is there a bitcoin client for the good old C64?
 

Edit:

Considering the amount of 5 1/4" floppy disks for downloading and saving the whole story.
[Please insert Disk  Nr. 592345 and press RETURN to continue...]

Unfortunately Windows is a popular target for phishing/trojans because it is widely used, is known for having many security holes, and encourages users to run as "Administrator" at all times. Using Mac or Linux will make you less of a target. You can still secure a Windows machine, see here for more details: https://en.bitcoin.it/wiki/Securing_your_wallet#Windows

Is it safer to use something like "My Bitcoin"