Topic: YaCoin Investigation - page 2. (Read 5363 times)

Site bitcoin-ticker.netne.net has been redirected to 127.0.0.1 in my hosts list.

I would suggest doing that, then backing every wallet in your system and transferring to a new wallet if you believe you have been compromised. Common sense.

And yes having an unencrypted bitcoin wallet (or any wallet) with substantial funds is stupid. Double facepalm worthy.

@VelvetLeaf

Just downloaded all three and checked their size and SHA-1:
yacoin-qt-2013-05-08.zip (uploaded during YACoin launch) (8,956,974 bytes)
SHA-1:   19b609e227944287a2c96cfbda79c3bb7459ef5c

yacoin-qt-2013-05-09.zip (updated binary) (8,957,000 bytes)
SHA-1:   b5886f224afed6a5705e080494d03f1789d3dc51

cpuminer-scrypt-jane-win32.zip (cpuminer-scrypt-jane-win32.zip)
SHA-1:   9acacfbb7c5c0861b3b2147d96c9dde35d12b0ae

I would have though it a standard thing for anyone making claims etc. to at least pin point where they got their EXE, its size and checksum. Otherwise everything is a bit hearsay.

Totally uninterested in whether it happened or not. The problem here is 10.000 morons downloading pre-compiled code and running it without the developers having a shred of credibility. Even if it's fine THIS time it's bound to happen very soon considering all you have to do is announce a new 'coin' and post a link and BAM, you got 10k people installing your virus and thanking you for it.

That or to promote other coin(s) with royalcoin being first on my suspecting list (nothing against the coin, alt as alt, but people).

Was pretty stupid attempt to be honest, executed very amateurish.

if i was a betting man, i'd put my money on the oversized "antivirus free" minerd.

You missed a binary in your investigation, the minerd 64bit one https://bitcointalksearch.org/topic/yacoin-windows-7-x64-ssse3-and-avx-support-x86-miner-201027

K.

could casue everyone panic and sell their at lower price

Yes its simply FUD I use official QT and its all fine.

I don't think there is even need for this. To be honest first few post made me bit worried as I hold nice amount of YAC but come on, what sane man would believe in this after 5 people reported it and hundreds or thousands of them have it on their pc's...

It's lame, lame attempt from some low lifes.. maybe even coming from one or max. two persons as posting style and english was pretty similar... line of fuck offs, line of scam, line of steals, line of caps locks coupled with artificial and fake "buying 300k of other alt" thread.

I tried these and they look clean:

yacoin-qt-2013-05-09.zip
https://mega.co.nz/#!5wgDnKyZ!QLfWTXNRMRTwmb60rfpuFgzH48BCl4fpwb8paeAaqRs

minerd_scrypt_jane.ZIP
https://mega.co.nz/#!pUMBkbbY!cMJYcFqPCMr1idZBr30VsFw0tLY7y63J0N4RVNYMUBc


Installed yesterday on a windows pc to test, had an unencrypted old bitcoin wallet on it with a small amount of bitcoins, no suspicious activity.

If there is indeed a scam my money is on this.

Where can we place bets?

Claim
There are reports from various people, that YAcoin has built in wallet stealer.

What you can do
It's a common feature for malware to activate its main task on random date, and add a mark to the computer so it doesn't do the same thing twice (like uploading the stolen wallet.dat twice after your wallet is already uploaded, it's a waste of resource).
Since you can't be too safe, if you have run YAcoin's client or modified minerd.exe and don't encrypt your wallet, make sure you install Bitcoin in another clean computer and send your bitcoin there.
Make sure you password protected your wallet on that new computer.

Does YACoin really have malware module in it ?
Who knows, it's possible that it's a joke, someone wants to drop YAC's price on orderbook.
Or, it's the real deal. The attackers want people to believe that all of the various malware report that we receive now is a joke, and further report will be ignored once the real attack is really launched.
Hence, the investigation.

Investigation
I'll list what I found here :

List of YACoin related binary

yacoin-qt-2013-05-08.zip (yacoin's main client, uploaded during YACoin launch)
https://mega.co.nz/#!UowEmZYS!AAK7DVwYoTqy96oTRzUaLCS0UMsAfosJiRQmBn1jzcA
Detection ratio : 0 / 46 https://www.virustotal.com/en/file/7381b3ea8e872d860cf8279b98cb74a01cd21ecebaa1af7e537a040b6c5ad1e7/analysis/1368286925/

yacoin-qt-2013-05-09.zip (yacoin's main client, updated binary)
https://mega.co.nz/#!5wgDnKyZ!QLfWTXNRMRTwmb60rfpuFgzH48BCl4fpwb8paeAaqRs
Detection ratio : 0 / 46 https://www.virustotal.com/en/file/8c1b9dcc90e163a357b3861c10d8cec67c351a928e0b5e1e0dcf74d65d4a4b76/analysis/

cpuminer-scrypt-jane-win32.zip (modified minerd to mine yacoin on multiple computer)
hxxp://mega.co.nz/#!IJRziTBD!ZCAKGC7fqYkyXsEDi9GB1RYiqIUqj2S9bEm6UI2y1no
Detection ratio : 6 / 46 https://www.virustotal.com/en/file/2b7e630cfb2d173eb14e4dd88a7879527f5c52cbc77ace0c0742942aad46faec/analysis/1368286565/

"antivirus friendly" version of minerd (don't download this, very suspicious)
hxxp://mega.co.nz/#!shoxkb5b!DjiCAQBQ627TaW0oet1C7mvqM7Q2-2u-g4kDRHbniU4
From : https://bitcointalksearch.org/topic/yac-antivirus-friendly-minerd-for-windows-201050
Detection ratio : 16 / 46 https://www.virustotal.com/en/file/0ffa2116bf1027019ad94e9bf8e2340be427d6efbc9563e185096cf8550b4c3a/analysis/1368287421/

minerd_scrypt_jane.ZIP (another modified minerd to mine yacoin on multiple computer)
https://mega.co.nz/#!pUMBkbbY!cMJYcFqPCMr1idZBr30VsFw0tLY7y63J0N4RVNYMUBc
Detection ratio : 0 / 46 https://www.virustotal.com/en/file/01a79a608d33d1db4eb9382db029e89e581f6e0017ddb566e7826b45370596fd/analysis/

All investigation should be done in clean Virtual Machine, otherwise, it's useless since it's possible that your computer is already marked and the malware won't run wallet stealing routine twice.

"Victim" List - Alternate cryptocurrency section

FreeTibet / Jr. Member / Posts: 11 / DO NOT DOWNLOAD YACOIN - SENDS WALLET.DAT TO http://bitcoin-ticker.netne.net/u.p

Lewies Man / Jr Member / Posts: 45 / 2.374 bitcoins stolen after downloading yacoin


Brewins / Jr. Member / Posts: 69 / Yacoin developer stole more than 256 BTC!

D35TR0Y3R / Full Member / Posts: 108 / WARNING: YACOIN HAS A VIRUS BITCOIN STEALER

nocompare / Jr. Member / Posts: 14 / yacoin developers are a bunch of crooks, steals 900 BTC

"Victim List" - Newbie section

moneytronics / Posts: 1 / YACOIN STEALS YOUR WALLET DO NOT USE

jebwizoscar /  Posts: 5 / yacoin trojan

danieljoseph /  Posts: 1 / yacoin stole my 14.25 btc

SquishySquish /  Posts: 6 / bitcoin sent from my wallet?

netne.net Whois


If you find this is helpful, any donation would be welcome :
YAcj1cSecVtCZkPpcPnb2raXdJfb3vzine