Pages:
Author

Topic: Trojan Wallet stealer be careful - page 27. (Read 50290 times)

newbie
Activity: 6
Merit: 0
June 18, 2011, 03:10:36 AM
#39
You should also encrypt your wallet when not in use.
http://www.freeotfe.org/
In fact encryption is useless if you enter your password with your keyboard. If your computer gets compromised by a trojan it can read your password with a keylogger.

Quote from: kuloch
Part of the point of BitCoin is that everything is completely traceable.  Check out blockexplorer.com.  The "seller" does provide a uniquely identifiable piece of information with every transaction.  That is your digital signature, which only the account's owner can create.  However, the issue with wallet-stealing is that the private key used (in tandem with the public key or address) to create that digital signature is compromised, making the original account owner no longer the only account owner.
I wonder if it is possible to store my bitcoin private key on smart card.
newbie
Activity: 3
Merit: 0
June 18, 2011, 01:32:36 AM
#38
Sigh.  Always a pickpocket in the crowd.
member
Activity: 70
Merit: 10
June 18, 2011, 12:04:38 AM
#37
mmmmm, would've been helpful to describe the trojan scam.
You can read it here. https://forum.bitcoin.org/index.php?topic=16457.0

As a Newbie, I can't post on that thread.

So, here's my thought on the subject.

If Bitcoins are a set of digital Alpha/numerric characters for each Bitcoin, then each REAL transaction should add the sellers 'input' characters to the code that verify that the seller ACTUALLY sold them to a Specific buyer, who know has them in his Account/s. They need to be traceable, that way.
So, stealing them would not add any verifiable characters to each Bitcoin, which should render them worthless to the thief, but still holding their value for the owner they were 'stolen' from.
IF he was SMART enough to keep them backed-up, then he'd still have his version of the digital docs, that have his code attached to them,

NO?

No.

Part of the point of BitCoin is that everything is completely traceable.  Check out blockexplorer.com.  The "seller" does provide a uniquely identifiable piece of information with every transaction.  That is your digital signature, which only the account's owner can create.  However, the issue with wallet-stealing is that the private key used (in tandem with the public key or address) to create that digital signature is compromised, making the original account owner no longer the only account owner.

E.g., if you tell me your private key, I now own your account just as much as you do, for all intents and purposes.
newbie
Activity: 6
Merit: 0
June 17, 2011, 11:05:46 PM
#36
Wow 25kbtc Wow Sad
newbie
Activity: 14
Merit: 0
June 17, 2011, 10:21:32 PM
#35
Within an hour after downloading the client, Spyware Doctor found a trojan on my computer.  Coincidence?
newbie
Activity: 3
Merit: 0
June 17, 2011, 09:41:43 PM
#34
Yeah... It bothers me not being able to mine opencl on GPU in freebsd :/
bsd
newbie
Activity: 34
Merit: 0
June 17, 2011, 07:17:25 PM
#33
I'm loving all the talk here about BSD. FreeBSD ftw.

OpenCL mining on GPUs isn't supported in FreeBSD though Sad
newbie
Activity: 5
Merit: 0
June 17, 2011, 03:58:52 PM
#32
Be sure to check out  http://www.bitprotection.info  - wallet backup 100 percent coverage protection ... you can encrypt all day but once you loose it there is noway of getting the value of your BTC back until now ...

Bookmarked. Thanks for the heads-up.
newbie
Activity: 6
Merit: 0
June 17, 2011, 03:19:56 PM
#31
Thanks for the advices. I'm using the last portable version of FreeOTFE http://strcpy.ueuo.com/FreeOTFEExplorer_3_53.zip
sr. member
Activity: 280
Merit: 250
June 17, 2011, 01:35:14 PM
#30
I have a simpler method than the netbook one, almost as safe. Make yourself a lot of wallets, with a fixed amount per wallet. Whenever you need to buy something, unencrypt the first wallet, send btc. Then proceed with the others. In this way, you can only lose one wallets worth.
Another advantage, which of course could also be gotten by with multiple addresses in a single wallet, is that your holdings wont stand out in block explorer (could potentially make you a target)
newbie
Activity: 28
Merit: 0
June 17, 2011, 01:13:25 PM
#29
can you put an encrypted file inside another encrypted file? Huh
I once asked if you can zip a bunch of zip files. Lol
legendary
Activity: 883
Merit: 1005
June 17, 2011, 01:10:57 PM
#28
can you put an encrypted file inside another encrypted file? Huh
newbie
Activity: 17
Merit: 0
June 17, 2011, 12:18:05 PM
#27
It only makes sense that a trojan specializing in this would pop up.
newbie
Activity: 28
Merit: 0
June 17, 2011, 12:15:28 PM
#26
If there is fear of hack through a computer source, put a savings wallet it on a usb only decrypt it when needed.
member
Activity: 117
Merit: 10
June 17, 2011, 12:08:35 PM
#25
Possibly, but it needs a propagation method and a new C&C server or destination address since that's been blocked. Its an arms race I agree.

Keep your wallet encrypted and only decrypt for transactions, use TrueCrypt.
newbie
Activity: 28
Merit: 0
June 17, 2011, 10:27:37 AM
#24
The thing about this trojan is that it looks in the default dir for the wallet.dat file. It doesn't do an exhaustive search of the filesystem. So a simple fix is to not install the bitcoin client in the default location.

By the time your were typing that it will have probably evolved to something more smart and will keep doing so.
member
Activity: 117
Merit: 10
June 17, 2011, 10:12:06 AM
#23
The thing about this trojan is that it looks in the default dir for the wallet.dat file. It doesn't do an exhaustive search of the filesystem. So a simple fix is to not install the bitcoin client in the default location.
newbie
Activity: 2
Merit: 0
June 17, 2011, 09:25:28 AM
#22
Greetings,

I believe the simplest approach to mitigate risks associated with contracting trojans would to only engage in BitCoin transactions from the security of a VMWARE image that's sole purpose is for just that.


What do you all think?
sr. member
Activity: 574
Merit: 250
June 17, 2011, 08:20:14 AM
#21
If you have more than 1000 Bitcoins in your wallet:

1. get yourself a low cost netbook.
2. Install not bloated linux (like archlinux) or FreeBSD or OpenBSD (in order of growing paranoia).


Damn, I used NetBSD,  time to reformat!

I was wondering though,  how well would a cheap android tablet work?  They seem even cheaper then netbooks these
days, but no idea yet how secure they are, nor even if you can run bitcoin on them.



newbie
Activity: 7
Merit: 0
Pages:
Jump to: