Pages:
Author

Topic: Trojan Wallet stealer be careful - page 26. (Read 50290 times)

newbie
Activity: 6
Merit: 0
June 20, 2011, 02:26:22 PM
#59
funny. in the same post warning about installing programs linked from the forums, he posts a link to a program.
newbie
Activity: 27
Merit: 0
June 19, 2011, 04:44:48 PM
#58
If I understand this correclty the wallet.dat file needs to be kept in an encrypted volume, for example truecrypt.  Can Anyone advise me and others as to how we should setup and operate the bitcoin with a TruCrypt encrypted volume?
newbie
Activity: 8
Merit: 0
June 19, 2011, 04:29:04 PM
#57
Bitcoins are popular enough to have special viruses! That's good news at least.
newbie
Activity: 18
Merit: 0
June 19, 2011, 09:32:21 AM
#56
i'm definetly gonna lookout for this shit
newbie
Activity: 18
Merit: 0
June 19, 2011, 09:29:45 AM
#55
well this is some fucked up shit man Sad
sr. member
Activity: 546
Merit: 253
June 19, 2011, 08:18:35 AM
#54
Alright so I should create another bitcoin account seperate to my mining account, and encrypt that.
newbie
Activity: 5
Merit: 0
June 19, 2011, 07:02:53 AM
#53
No need of trojans! There is way easier using broadcasting to locate victims!
sr. member
Activity: 294
Merit: 250
June 19, 2011, 07:01:10 AM
#52
No, even with encryption, if you are using windows, a trojan can steel your wallet after having read the password with a keylogger.
In comparison, right now you can just steal the wallet file from a mounted Truecrypt partition in 2 seconds and be done with it. Comparing that to needing a keylogger for a prolonged time to be able to decrypt the wallet in the first place... an always-encrypted wallet would be a VERY good idea.

There's always the input-through-mouse PIN system.
jpp
newbie
Activity: 19
Merit: 19
June 19, 2011, 04:26:56 AM
#51
No, even with encryption, if you are using windows, a trojan can steel your wallet after having read the password with a keylogger.
newbie
Activity: 10
Merit: 0
June 19, 2011, 01:50:59 AM
#50
This is terrible Sad
newbie
Activity: 23
Merit: 0
June 18, 2011, 08:09:07 PM
#49
I would like for someone to respond to what is written here:
https://en.bitcoin.it/wiki/Talk:Securing_your_wallet#Flaws_with_argument_regarding_encryption

Because the way I see it bitcoin needs a way to encrypt a wallet file and read a wallet file that always remains encrypted.  This is a fundamental flaw with the system.  Don't you think its quite humorous that a system designed to transmit and verify funds which is built upon very advanced cryptography leaves the primary agent completely unencrypted.  Think about this for a second.  Bitcoin = cryptocurrency.  Bitcoin Wallet = completely unencrypted.  This makes no sense.  I mean does this make sense to you?  So all these people who praise Satoshi Nakamoto for his genius regarding using cryptography to allow for anonymous transactions of currency can't or won't take it upon themselves to create software that will encrypt and read an encrypted wallet.  Why?

Maybe the inventors of bitcoin are the ones we need to be holding accountable for this problem.  If bitcoin simply was able to read a wallet that was always encrypted none of us would be having this discussion.  End of story.
sr. member
Activity: 294
Merit: 250
June 18, 2011, 07:07:47 PM
#48
for windows users, I think the safer is to use services like mybitcoin.
To be safer, mybitcoin should implement otp like google (the otp app on iphone and android are cool, you can create several accounts)
On the other hand, if you use a web wallet you have to trust that they will adequately protect your funds whereas with a wallet on your own pc you can make it as secure as you want.
jpp
newbie
Activity: 19
Merit: 19
June 18, 2011, 05:58:15 PM
#47
for windows users, I think the safer is to use services like mybitcoin.
To be safer, mybitcoin should implement otp like google (the otp app on iphone and android are cool, you can create several accounts)
member
Activity: 336
Merit: 10
June 18, 2011, 04:11:15 PM
#46
Installing and using Linux instead of Windows is a great first step to avoid getting hit by these trojans.

You can always use both with a double partition.

But i think we need to start looking at more solutions for windows if we want the BTC market to expand itself. Nice to see some security companies are forming because of this.

BTC success may depend on them.
member
Activity: 70
Merit: 10
June 18, 2011, 01:15:26 PM
#45
You should also encrypt your wallet when not in use.
http://www.freeotfe.org/
In fact encryption is useless if you enter your password with your keyboard. If your computer gets compromised by a trojan it can read your password with a keylogger.

Not 100% secure does not equate to useless.  In this case, the trojan checks for the wallet.dat file and sends it back to its server.  If those infected with this specific trojan had encrypted their wallet.dat file, then it would be useless to the thief.

However, your point does stand that encrypting the wallet.dat file alone is not adequately secure.  There are plenty of keyloggers in the wild.  But it should be considered one of many steps taken toward security, rather than being the only one.  Multi-layered security approaches are much stronger than taking just 1 decent step.

Quote from: kuloch
Part of the point of BitCoin is that everything is completely traceable.  Check out blockexplorer.com.  The "seller" does provide a uniquely identifiable piece of information with every transaction.  That is your digital signature, which only the account's owner can create.  However, the issue with wallet-stealing is that the private key used (in tandem with the public key or address) to create that digital signature is compromised, making the original account owner no longer the only account owner.
I wonder if it is possible to store my bitcoin private key on smart card.

The private key is in your wallet.dat, so either just back up the entire wallet.dat or use a tool (they exist, I think I've read?) that extracts your public/private key pair(s).  Worth noting is that if this practice becomes commonplace, trojans and such will start looking for this form of information, as well.
sr. member
Activity: 434
Merit: 250
100%
June 18, 2011, 11:17:16 AM
#44
Thanks
newbie
Activity: 32
Merit: 0
June 18, 2011, 09:23:50 AM
#43
Installing and using Linux instead of Windows is a great first step to avoid getting hit by these trojans.
full member
Activity: 189
Merit: 100
June 18, 2011, 06:35:36 AM
#42
thanks a lot for getting out something like this. Helps protect the people with less knowledge from evil, haha...
hero member
Activity: 700
Merit: 500
June 18, 2011, 05:11:25 AM
#41
Possibly, but it needs a propagation method and a new C&C server or destination address since that's been blocked. Its an arms race I agree.

Keep your wallet encrypted and only decrypt for transactions, use TrueCrypt.
These stealers typically get run once (bound to a legit application) and then exit and never run again. They only need to steal your wallet once. So no C&C is involved.

Yeah, he's thinking of a RAT.
sr. member
Activity: 294
Merit: 250
June 18, 2011, 04:54:54 AM
#40
Possibly, but it needs a propagation method and a new C&C server or destination address since that's been blocked. Its an arms race I agree.

Keep your wallet encrypted and only decrypt for transactions, use TrueCrypt.
These stealers typically get run once (bound to a legit application) and then exit and never run again. They only need to steal your wallet once. So no C&C is involved.
Pages:
Jump to: