Topic: Trojan Wallet stealer be careful - page 9. (Read 50237 times)

great read!

Anything ending with an .exe where somebody tells you to download could potentially be
a stealer. If it was an exe, it sould have a signature to check against the issuer.
Of course, assumes you trust issuer.. 

sure. stay away from doggy websites and links. that;s the best av ever.

Can anyone recommend what antivirus I should use to protect against this.

Thanks for this, I had someone send me a file saying it would get me alot of bitcoins but I just blocked him. lol

I really like the idea of an offline wallet. (The netbook idea)
Did this already, but it was good to see it written.

I use a small thumb drive.  Since I have access to NEW computers all the time, I simply put the backup wallet on the new computer about once a month, just to update and get balance.
So far, so good.

Doesn't the official bitcoin client have optional encryption built into it already?

Thanks for the heads up OP.

I'm always search name of program, before running it. I advise you guys to do the same. And always keep your AV up-to -date.

I havn't read the entire thread, so please forgive me if there are any duplicate comments, but I wanted to address this question out of my experience.  Again, this is simply my take on the subject from only a few hours of research coupled with previous knowledge.

I am a programmer / network administrator by trade, and have close associations with a CEH certified pen tester.  Together in our spare time we theorycraft exploits and research this type of thing in a purely educational light.  After seeing some concept code for the bitcoin stealing wallet and I convinced of 2 things:
1. the antivirus company's are not oblivious - as the code from the prominent trojan a few months back, is actually published by the AV companies and
2. the code is deviously simplistic - once it makes it to your computer, there is very little you can do to prevent it from stealing your wallet.  That being said of course the thieves will need to get through your encryption (you are encrypted, right?), but getting the actual file off of your computer is unfortunately a "no brainer" in the eyes of a moderately skilled coder (this is of course once the malicious software has been downloaded).

I am not an expert at concealing bitcoin wallets, so I will defer to the other threads on the subject posted around this forum.  Some of the best generic advice I can give everyone is to be extremely cautious when downloading files, and honestly even following links on the web.  Any site that is dedicated to bitcoin (and even some that are not) are likely places for someone to attempt to social engineer an attack onto your computer.  Use NoScript (available for firefox at least), and use extreme prejudice when taking a websites word about what their linking you to, or having you download.  Remember you can normally mouse over links to investigate the "actual" target, this is a good habit to get into.

I am sure that as bitcoin gains speed, there will continue to be malicious people and computers out there trying to steal your hard earned/mined coinage.  Just make yourself aware of the possibility, as awareness is the first step toward prevention (wow, I sound like a cliche'd planned parenthood advocate)...

Hope this isn't too obvious of information and is helpful to at least one of you out there!

you can run but you can hide  somewhere sometime somehow he will get you 

True, and this false sense of safety is why Flashback was so successful.

http://www.forbes.com/sites/adriankingsleyhughes/2012/04/06/mac-flashback-trojan-are-you-infected-how-do-you-remove-it/

its pretty scary if you think about it.

you can have thousands of dollars and someone can steal it all
and nobody can help you

i just hope my 15 character alphanumeric password to all my bitcoin related accounts is enough  =D

Does anyone have an actual, real, live sample of a trojan or virus that steals wallets and bitcoins? It would be great to submit them to antivirus producers.

this is why antivirus is key

Nothing more dangerous than a false sense of safety.

Hate to wake you up, but you are by no means less vulnerable than Windows or Linux users, sir

Good info!!

can avast prevent this?

That's why we use a MAC

Wait, this thing is still around? Anyway, the best way to "secure" your wallet without really securing it, is putting it on a computer that never gets used for anything. Build a computer, put an OS on it, then just put a wallet with whatever dependencies needed with it and there you go. If Windows, keep it updated through windows updates, linux with its package manager, but don't do anything else with it. Now it is (for the most part) only vulnerable to attacks from other computers on the network. But if it's also on its own network, then you're golden. Not immune, but it's a massive step forward, and encryption isn't even needed. Only turn the computer on when you need to take coins out of the wallet.

A barebones machine like this, that has never even opened a browser, would indeed be about as safe as you could get. More safe than any machine with any antivirus that has connected to the internet at some point.