Pages:
Author

Topic: Trojan Wallet stealer be careful - page 9. (Read 50290 times)

newbie
Activity: 7
Merit: 0
July 02, 2012, 08:06:28 PM
great read!
newbie
Activity: 8
Merit: 0
July 02, 2012, 03:38:42 PM
Anything ending with an .exe where somebody tells you to download could potentially be
a stealer. If it was an exe, it sould have a signature to check against the issuer.
Of course, assumes you trust issuer..  Roll Eyes
hero member
Activity: 658
Merit: 500
June 30, 2012, 05:35:56 PM
sure. stay away from doggy websites and links. that;s the best av ever.
hero member
Activity: 588
Merit: 500
June 30, 2012, 02:55:16 PM
Can anyone recommend what antivirus I should use to protect against this.
newbie
Activity: 23
Merit: 0
June 27, 2012, 05:57:25 PM
Thanks for this, I had someone send me a file saying it would get me alot of bitcoins but I just blocked him. lol
legendary
Activity: 1499
Merit: 1164
June 24, 2012, 09:56:25 AM
I really like the idea of an offline wallet. (The netbook idea)
Did this already, but it was good to see it written.

I use a small thumb drive.  Since I have access to NEW computers all the time, I simply put the backup wallet on the new computer about once a month, just to update and get balance.
So far, so good.
hero member
Activity: 588
Merit: 500
June 24, 2012, 12:11:16 AM
Doesn't the official bitcoin client have optional encryption built into it already?
newbie
Activity: 5
Merit: 0
June 19, 2012, 02:08:34 PM
Thanks for the heads up OP.
newbie
Activity: 58
Merit: 0
June 19, 2012, 12:45:34 PM
I'm always search name of program, before running it. I advise you guys to do the same. And always keep your AV up-to -date.
newbie
Activity: 29
Merit: 0
June 18, 2012, 06:57:53 PM
Does anyone have an actual, real, live sample of a trojan or virus that steals wallets and bitcoins? It would be great to submit them to antivirus producers.


I havn't read the entire thread, so please forgive me if there are any duplicate comments, but I wanted to address this question out of my experience.  Again, this is simply my take on the subject from only a few hours of research coupled with previous knowledge.

I am a programmer / network administrator by trade, and have close associations with a CEH certified pen tester.  Together in our spare time we theorycraft exploits and research this type of thing in a purely educational light.  After seeing some concept code for the bitcoin stealing wallet and I convinced of 2 things:
1. the antivirus company's are not oblivious - as the code from the prominent trojan a few months back, is actually published by the AV companies and
2. the code is deviously simplistic - once it makes it to your computer, there is very little you can do to prevent it from stealing your wallet.  That being said of course the thieves will need to get through your encryption (you are encrypted, right?), but getting the actual file off of your computer is unfortunately a "no brainer" in the eyes of a moderately skilled coder (this is of course once the malicious software has been downloaded).

I am not an expert at concealing bitcoin wallets, so I will defer to the other threads on the subject posted around this forum.  Some of the best generic advice I can give everyone is to be extremely cautious when downloading files, and honestly even following links on the web.  Any site that is dedicated to bitcoin (and even some that are not) are likely places for someone to attempt to social engineer an attack onto your computer.  Use NoScript (available for firefox at least), and use extreme prejudice when taking a websites word about what their linking you to, or having you download.  Remember you can normally mouse over links to investigate the "actual" target, this is a good habit to get into.

I am sure that as bitcoin gains speed, there will continue to be malicious people and computers out there trying to steal your hard earned/mined coinage.  Just make yourself aware of the possibility, as awareness is the first step toward prevention (wow, I sound like a cliche'd planned parenthood advocate)...

Hope this isn't too obvious of information and is helpful to at least one of you out there!
hero member
Activity: 658
Merit: 500
June 18, 2012, 05:34:35 PM
you can run but you can hide  Roll Eyes somewhere sometime somehow he will get you  Wink
member
Activity: 209
Merit: 10
June 18, 2012, 02:54:06 PM
That's why we use a MAC Smiley
Nothing more dangerous than a false sense of safety.

Hate to wake you up, but you are by no means less vulnerable than Windows or Linux users, sir Smiley

True, and this false sense of safety is why Flashback was so successful.

http://www.forbes.com/sites/adriankingsleyhughes/2012/04/06/mac-flashback-trojan-are-you-infected-how-do-you-remove-it/
newbie
Activity: 2
Merit: 0
June 14, 2012, 08:56:04 AM
its pretty scary if you think about it.

you can have thousands of dollars and someone can steal it all
and nobody can help you

i just hope my 15 character alphanumeric password to all my bitcoin related accounts is enough  =D
legendary
Activity: 1176
Merit: 1011
June 14, 2012, 07:43:34 AM
Does anyone have an actual, real, live sample of a trojan or virus that steals wallets and bitcoins? It would be great to submit them to antivirus producers.
newbie
Activity: 16
Merit: 0
June 14, 2012, 12:09:38 AM
this is why antivirus is key
legendary
Activity: 1176
Merit: 1011
June 13, 2012, 01:05:28 AM
That's why we use a MAC Smiley
Nothing more dangerous than a false sense of safety.

Hate to wake you up, but you are by no means less vulnerable than Windows or Linux users, sir Smiley
newbie
Activity: 36
Merit: 0
June 13, 2012, 12:38:33 AM
Good info!!
member
Activity: 97
Merit: 10
June 12, 2012, 08:49:29 AM
can avast prevent this?
newbie
Activity: 9
Merit: 0
June 08, 2012, 08:07:05 AM
There is a (new?) trojan wallet stealer out in the wild ATM.

Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).

Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.

You should also encrypt your wallet when not in use.
http://www.freeotfe.org/

Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe

You have been warned.

Nefario

That's why we use a MAC Smiley
newbie
Activity: 63
Merit: 0
June 07, 2012, 12:40:24 PM
Wait, this thing is still around? Anyway, the best way to "secure" your wallet without really securing it, is putting it on a computer that never gets used for anything. Build a computer, put an OS on it, then just put a wallet with whatever dependencies needed with it and there you go. If Windows, keep it updated through windows updates, linux with its package manager, but don't do anything else with it. Now it is (for the most part) only vulnerable to attacks from other computers on the network. But if it's also on its own network, then you're golden. Not immune, but it's a massive step forward, and encryption isn't even needed. Only turn the computer on when you need to take coins out of the wallet.

A barebones machine like this, that has never even opened a browser, would indeed be about as safe as you could get. More safe than any machine with any antivirus that has connected to the internet at some point.
Pages:
Jump to: