Pages:
Author

Topic: Zeus trojan source leaked - bitcoin wallet stealing trojans coming soon - page 2. (Read 4770 times)

sr. member
Activity: 476
Merit: 250
Also, a client which encrypts by default the wallet.dat file. Each time the client is launched, a password is asked to decrypt the file.

That way, an uncrypted version of the wallet.dat is *never* present on the filesystem.
this would be a logical step in that direction
sr. member
Activity: 428
Merit: 254
Also, a client which encrypts by default the wallet.dat file. Each time the client is launched, a password is asked to decrypt the file.

That way, an uncrypted version of the wallet.dat is *never* present on the filesystem.
legendary
Activity: 1708
Merit: 1010
What would be the most secure way to use bitcoin, or a way which is reasonably secure without becoming too inconvenient. 

A bitcoin bank.
legendary
Activity: 826
Merit: 1001
rippleFanatic
Saw this news on Slashdot: http://it.slashdot.org/story/11/05/11/1326257/Zeus-Crimeware-Kit-Source-Code-Leaked.

This comes soon after reports of a new Mac OS X trojan in the wild.  Won't be surprised when they appear on other OS's: android, iOS, linux, etc.

Since bitcoin tends to attract the paranoiacs among us, I think this zeus source code leak is cause for heightened concern.  Gavin even mentioned in his Twist Tv interview the other day http://media.witcoin.com/p/1547/Gavin-Andresen-and-Amir-Taaki-Bitcoin that he predicts bitcoin wallet stealing trojans will appear.

The bitcoin wallet isn't the only thing that needs to be protected.  Also MtGox username/password, any other service which could potentially store bitcoin deposits.

If a trojan keylogs somebody's credit card info, there is recourse when charges appear (reversible transactions).  But with bitcoin, there is no recourse (irreversible - advantages and disadvantages).


What would be the most secure way to use bitcoin, or a way which is reasonably secure without becoming too inconvenient.  Obviously an Anti-Virus program is basic, but again with the release of this Zeus source, AV programs will be even less reliable as new variants appear.

Using a clean virtual machine in e.g. VirtualBox is also probably a good idea, but it still seems that a trojan on the host OS would be able to keylog anything typed into the virtual machine.

Which only leaves the extreme - clean reboots from clean USB drives.

Any suggestions for something more convenient but still secure?  Other thoughts??

Pages:
Jump to: