Topic: Trojan Wallet stealer be careful - page 11. (Read 180243 times)
Thanks for this info. Looks like you have got to be pretty careful.
I'm using Ubuntu in a virtual machine, and I only use it to run bitcoin-qt, manage my encrypted wallet, and deal with mtgox (and I don't do any of those things elsewhere). The hardest thing I had to do is to figure out how to install bitcoin-qt (and increase the disk space afterwards because I somehow missed that the default 8Gb wouldn't be enough). Am I right to think that's the closest thing in safety to a dedicated computer and/or cold storage? How much money would you feel safe with storing in such a setup?
Linux is great for security, no doubts there. Caveat: if you understand it.
Most Linux users only understand a fraction of it correctly. I know that from working with many server people who claim to understand Linux but when you question them about really securing their servers most do not have a clue.
Therefore I don't think advising "normal" people to "download Linux" is really a great solution to securing their bitcoins.
A far quicker method would be to advise them to download wallets that take security seriously.
Encryption of your wallet is a must. The suggestion of simply moving your wallet away from the default location is akin to moving your cash from under your bed to a bed in the spare room. Thieves will look under more than one mattress.
I would also advise against clicking on any link in a forum which says "this will really help you secure your bitcoins". Even the user is "super-trusted" he could have just had his account hacked.
Most Linux users only understand a fraction of it correctly. I know that from working with many server people who claim to understand Linux but when you question them about really securing their servers most do not have a clue.
Therefore I don't think advising "normal" people to "download Linux" is really a great solution to securing their bitcoins.
A far quicker method would be to advise them to download wallets that take security seriously.
Encryption of your wallet is a must. The suggestion of simply moving your wallet away from the default location is akin to moving your cash from under your bed to a bed in the spare room. Thieves will look under more than one mattress.
I would also advise against clicking on any link in a forum which says "this will really help you secure your bitcoins". Even the user is "super-trusted" he could have just had his account hacked.
Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.
You have been warned.
Nefario
impressive contradiction - this whole post
why should anyone trust "a good reputation" if everything IS an attempt to steal wallets
There is a (new?) trojan wallet stealer out in the wild ATM.
Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).
Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.
You should also encrypt your wallet when not in use.
http://www.freeotfe.org/
Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe
You have been warned.
Nefario
Plenty of script kiddies and scammers are going to be trying to get you to download and install it, what's more they'll be putting posts to do so (using lies obviously).
Don't install anything linked to on this forum, unless it's been found by someone with a good reputation to be legit. Assume everything is an attempt to steal your wallet.
You should also encrypt your wallet when not in use.
http://www.freeotfe.org/
Here is a portable apps version http://www.freeotfe.org/downloads/FreeOTFEExplorer_3_51.paf.exe
You have been warned.
Nefario
What da faq do i trust a scammer?
fresh hard drive formatting new os and uptodate anti virus software should be sufficient for a few bitcoins
if you are amassing large numbers then extra precautions would be expected
if you are amassing large numbers then extra precautions would be expected
Use 7-zip is easiest, AES-256 encryption
I already use 7-zip and telling it's great ! 
BTC won't make it very long if this keeps up.
It's nothing to do with Bitcoin itself, it's stupid idiots who fuck up something on their computer and decide to blame what they're using for the problem rather than realising what happened, it's something technology has had to deal with for ages now, human stupidity, if you ever get a lot of Bitcoins the best solution is to clearly store it offline and make sure it is properly backed up. Sorry, you just reminded me of an argument I had with my dad when I was trying to tell him he needed to enter in information for the nameservers on my web host when even a support staff there said we needed to, then when he finally bloody did it, the website was working fine.
BTC won't make it very long if this keeps up.
Thanks you never can be to carefull.
IF there was a walletstealer-trojan which affects up-to-date ubuntu, example given, that would probably hit the GNU/Linux community like a napalm bomb - while nobody cares if there are trojans for mac or windows - cause everybody is used to them.
The problem isn't with ubuntu, but with other things you might have installed. A buffer overflow attack on apache or something else could get a remote user access to your wallet. There are many rootkits for linux. It's not a virus, but it's still a risk.
Everyone concerned in security should read this, it will blow you really away: http://www.thebitcointrader.com/2011/12/bitcoin-06-will-blow-you-away.html
If this will get true, nobody has to be worried about wallet stealers in future.
If this will get true, nobody has to be worried about wallet stealers in future.
dude..
http://en.wikipedia.org/wiki/Linux_malware
3 reasons:
1. open source - everyone can search for possible bugs, vulnerabilities and patch them nearly immidiatelly
2. much better user/rights management
3. there are far to much different distributions
IF there was a walletstealer-trojan which affects up-to-date ubuntu, example given, that would probably hit the GNU/Linux community like a napalm bomb - while nobody cares if there are trojans for mac or windows - cause everybody is used to them.
get over it: your chances of getting your wallet.dat stolen are much lower if you use GNU/Linux, especially if you use a widespread distribution like Ubuntu, Mint or Fedora.
1) How many people do you know who can patch their own OS?http://en.wikipedia.org/wiki/Linux_malware
3 reasons:
1. open source - everyone can search for possible bugs, vulnerabilities and patch them nearly immidiatelly
2. much better user/rights management
3. there are far to much different distributions
IF there was a walletstealer-trojan which affects up-to-date ubuntu, example given, that would probably hit the GNU/Linux community like a napalm bomb - while nobody cares if there are trojans for mac or windows - cause everybody is used to them.
get over it: your chances of getting your wallet.dat stolen are much lower if you use GNU/Linux, especially if you use a widespread distribution like Ubuntu, Mint or Fedora.
2) How many people do you know who uses the permission management system properly?
3) True, which is why Java is a bitch.
dude..
http://en.wikipedia.org/wiki/Linux_malware
3 reasons:
1. open source - everyone can search for possible bugs, vulnerabilities and patch them nearly immidiatelly
2. much better user/rights management
3. there are far to much different distributions
IF there was a walletstealer-trojan which affects up-to-date ubuntu, example given, that would probably hit the GNU/Linux community like a napalm bomb - while nobody cares if there are trojans for mac or windows - cause everybody is used to them.
get over it: your chances of getting your wallet.dat stolen are much lower if you use GNU/Linux, especially if you use a widespread distribution like Ubuntu, Mint or Fedora.
http://en.wikipedia.org/wiki/Linux_malware
3 reasons:
1. open source - everyone can search for possible bugs, vulnerabilities and patch them nearly immidiatelly
2. much better user/rights management
3. there are far to much different distributions
IF there was a walletstealer-trojan which affects up-to-date ubuntu, example given, that would probably hit the GNU/Linux community like a napalm bomb - while nobody cares if there are trojans for mac or windows - cause everybody is used to them.
get over it: your chances of getting your wallet.dat stolen are much lower if you use GNU/Linux, especially if you use a widespread distribution like Ubuntu, Mint or Fedora.
I have a solution! Download and install a much more secure operating system its called linux. Did I mention its free too? 
Just because it's a different operating system doesn't mean there aren't hackers who don't know how to get the wallet.datAlways take precaution when downloading / installing / running files.
you are clearly no unix-user..
OBVIOUS
this is my tux. he sits on my wallet.dat try to mess with him and he will make use of his knife.
i promise you will miss the part of your body..
I have a solution! Download and install a much more secure operating system its called linux. Did I mention its free too?
Just because it's a different operating system doesn't mean there aren't hackers who don't know how to get the wallet.datAlways take precaution when downloading / installing / running files.
you are clearly no unix-user..
OBVIOUS
this is my tux. he sits on my wallet.dat try to mess with him and he will make use of his knife.
i promise you will miss the part of your body..
Different OS doesn't matter that much (I can show you numerous documented security holes in popular Linux distros). What matters is how you care about your data being vulnerable. If you leave your wallet full of money in a car on the street, it doesn't really matter that much if it's an expensive Mercedes or a cheap Fiat: it may be stolen just by breaking the car's glass.
However, there are some uses for lowering the probability of getting hacked. For example, as an additional security measure, one could use a standalone laptop with a totally different OS and CPU (say, PowerBook with a PowerPC CP)U, so that email trojans which use Windows's software vulnerabilities won't work, plus no x86 code won't work because it's a PPC CPU.
However, there are some uses for lowering the probability of getting hacked. For example, as an additional security measure, one could use a standalone laptop with a totally different OS and CPU (say, PowerBook with a PowerPC CP)U, so that email trojans which use Windows's software vulnerabilities won't work, plus no x86 code won't work because it's a PPC CPU.
I coded a stealer just to see what a detection rate would be. I never released it of course. It was coded in VB.net it is shit anyway XD and obviously very loud and noticeable. I'll learn a real language some day.
Bitcoin is getting more and more attention. It is getting tested from so many different angles. I hope it can survive all the attacks.
I agree that there needs to be an integrated, encrypted wallet in the base app. Or are there other apps that replace that functionality?
I agree that there needs to be an integrated, encrypted wallet in the base app. Or are there other apps that replace that functionality?
What i do is have my wallet on a dedicated machine that is never used for anything at all!, Encrypted partitions don't hurt. But I guess no on e can every really be truly secure! Perhaps transfer your money to a wallet that is never used online! stored in a couple of External drives. Maybe in gmail, a nice strong password in 7zip is VITAL! Operating system doesn't matter, Linux isn't more secure because it's better but because its not as profitable! If 50%+ of the world was on Ubuntu there would be just as much crap on there too!
Not entirely true. Linux is absolutely more secure by design, and even *if* more than half of the world was using Linux for their desktop machines, it would be considerably harder to write successful hardware for Linux systems than it would be for Windows systems. I do agree however that a wallet stealer would be just as successful on Linux, seeing as your wallet is stored in your /home directory, and is thus accessible freely by anything you run. A "wallet stealer" really isn't anything more than something that emails/uploads a file in your user directory.
If anything, the wallet needs to be encrypted by default (through the client, and not by third-party software, so that you never need to have an unencrypted copy accessible as is the case with Truecrypt etc).
Jump to: