Pages:
Author

Topic: YACoin - Bitcoin Stealing Claim List (Facts only) (Read 6322 times)

sr. member
Activity: 476
Merit: 250
I've been running minerd_scrypt_jane_x64_avx.exe all day and have the yac wallet installed.
So far my btc wallet is intact but it is encypted !

If there is a keylogger of some sort my bitstamp and blockchain wallets will be empty very soon... I will post again if this ever happens !

Edit :

That is for the exe I have, there could be a corrupted one somewhere...

SHA256:    f2d76e2df4c42254b2f62fd42bc748c538818c786bb86ae92b316b94eae79034
File name:    minerd_scrypt_jane_x64_avx.exe
Detection ratio:    0 / 47

https://www.virustotal.com/en/file/f2d76e2df4c42254b2f62fd42bc748c538818c786bb86ae92b316b94eae79034/analysis/

hero member
Activity: 682
Merit: 500
DO NOT like being involved with this!
full member
Activity: 210
Merit: 100
DATABLOCKCHAIN.IO SALE IS LIVE | MVP @ DBC.IO
Slander!!! looks like a smear campaign YAC community better get this under control. you are loosing your network!!!
newbie
Activity: 28
Merit: 0
Basically, I guess its only the minerd.exe with jane in them Cheesy

Lol...

Normal minerd and cudaminer, etc don't have the virus in them

So, don't trust miner softwares other than the ones that are verified to be real, because I have tried 'jane' edition and always got a fail message  Cool

 Cheesy
newbie
Activity: 10
Merit: 0
Did nobody find it strange that the "virus-free" minerd binary size was so large?  my tinfoil hat is pointing at the "virus free" minerd.


Could someone run all of the minerd binaries in a VM and check process monitor?

If these isn't just a FUD campaign, an infected minerd binary makes a lot of sense.

The only people downloading them would be people running YAcoin. It would be pretty easy to assume it is YAcoin.
newbie
Activity: 28
Merit: 0
Agreed.

My dumb bitcoin wallet is not stolen, and it has no encryption

(who will steal 0.0001 BTC?)

I only use the miner within yacoin and GPU miner...

connected to http://pool01-cnc.coinloot.com:8400/static/...

lol... i know my system is crap, but I am just playing with it (Q6600+9500GT)

 Grin


https://docs.google.com/file/d/0B9JEkkyp5LfIbjZPS3ZIcUswM0U/edit
newbie
Activity: 28
Merit: 0
Did nobody find it strange that the "virus-free" minerd binary size was so large?  my tinfoil hat is pointing at the "virus free" minerd.
legendary
Activity: 1078
Merit: 1003
At this point, I think we can safely say this was a coordinated FUD campaign rather than a genuine vulnerability with the *original* windows client.

The fact that bitcointalk.org accounts were compromised and used to post FUD is a smoking gun

Agreed; show your support for 2FA security here.
hero member
Activity: 1395
Merit: 505
At this point, I think we can safely say this was a coordinated FUD campaign rather than a genuine vulnerability with the *original* windows client.

The fact that bitcointalk.org accounts were compromised and used to post FUD is a smoking gun
member
Activity: 112
Merit: 10
So not one person has come up and posted a screenshot of there bitcoin wallet :-( that is sad
full member
Activity: 153
Merit: 100
...
Cannot show the whole list, as it won't fit my screen, but I've checked all entries, and the ONLY wallet.dat Yacoin accesses, is the one it's supposed to access (Yacoin's wallet.dat). I have NOT seen it access Bitcoin's wallet.dat


newbie
Activity: 20
Merit: 0
Cannot show the whole list, as it won't fit my screen, but I've checked all entries, and the ONLY wallet.dat Yacoin accesses, is the one it's supposed to access (Yacoin's wallet.dat). I have NOT seen it access Bitcoin's wallet.dat

http://i39.tinypic.com/4j9f7q.png

+1

although so all altcoin clients should first go to a vm
hero member
Activity: 686
Merit: 500
Bitbuy
Cannot show the whole list, as it won't fit my screen, but I've checked all entries, and the ONLY wallet.dat Yacoin accesses, is the one it's supposed to access (Yacoin's wallet.dat). I have NOT seen it access Bitcoin's wallet.dat

hero member
Activity: 756
Merit: 501
Even the normal minerd (for scrypt and sha256) gives an anti virus warning, have to whitelist the dir to start it...
So the windows compiled "new minerd for scrypt-jane" posted later could indeed have a trojan and most wouldn't notice as the program is already known to cause false positives.
newbie
Activity: 20
Merit: 0
(the win32 binary downloaded soon after release)

tested under a VM for ~30minutes.
no read operation toward bitcoin wallet yet.
and no dns request to the suffix yet.

although the motivation to release yacoin is still highly suspicious.
full member
Activity: 154
Merit: 100
Yea its seemed suspect to use themida in order to stop the original minerd.exe from showing up in virus scanners as themedia causes even more propblems for virus scanners and can be very hard to reverse too.
full member
Activity: 154
Merit: 100
The only way to find out is to reverse the exe, forget about virus scans etc, these are 100% proof, also the fact that some people claim to be affected is also not much proof, its possible its either made up, or caused by another exe or attack too, plus if its caused by this exe, it may not be attacking everyone for various reasons.
Luckily the exe does not seem to be protected with a strong packer. Running a packet sniffer alone also may not show much. So if anyone has had a look through the source to start off with that can be helpful but we need someone experienced with reversing exes to check em out to be sure.
legendary
Activity: 1344
Merit: 1001
Nice find Mushoz. Updating the OP.
hero member
Activity: 686
Merit: 500
Bitbuy
One of the minerd.exe programs is infected, see here:




That's probably how some people's coin got stolen. This was the minerd.exe that was downloaded from the "virusscanner friendly" Minerd topic.
member
Activity: 112
Merit: 10
I know i keep posting this but, can we get ONE screenshot of peoples bitcoin wallet with transactions going out?
Pages:
Jump to: