Trojan Goes After Bitcoins

Orome1 writes "Bitcoin has definitely caught the attention of criminals. Even though it has been calculated that the use of botnets for Bitcoin mining is still not quite as lucrative as renting them out for other purposes, targeting people who have them in their digital wallets is quite another matter. Symantec researchers have spotted in the wild a Trojan dedicated to this specific purpose. Named Infostealer.Coinbit, it searches for the Bitcoin wallet.dat file on the infected computer and sends it to the criminal(s)."

mugging

[x6060]

Imagine that. Storing values that represent "Money" in a plaintext file was a bad idea. Who would've thunk... =\

Re:mugging

[cgeys]

Well, it's open source. You can improve it yourself.

Re:mugging

[NeutronCowboy]

No kidding. I always thought that the actual money file was encrypted, and could have an arbitrary name. You know, like a truecrypt volume file. Then I find out it's by default a text file hanging out on your computer. Fine and dandy if you have 100% control over your computer at all times, but we all know that's never the case. And judging by the passwords people use, it will be easy to brute force most passwords.

Somehow, I think bitcoin is going to flame out in a rash of digital thievery when criminals realize that it is easier to steal someone's bitcoin file than it is to mine it or even look for credit card info.

Re:mugging

[x6060]

I would worry about ANY attempt at a form of open currency that was released with such a gaping hole as "If someone grabs this single file off my computer then they have all my money..." It doesn't matter if it's open or not.

Re:mugging

[Joce640k]

I, for one, was totally stunned by that. WTF were they thinking? If the rest of Botcoin is as security-minded as this then it's sunk before it even goes anywhere.

Re:mugging

[rcs1000]

Bitcoins may well be worthless, but they are in no respect a Ponzi scheme. Ponzi schemes have to grow geometrically to continue in existence, which is why they quickly get destroyed after a few iterations. Bitcoins in circulation, on the other hand, grow at an increasingly slow pace. Similarly, Ponzi schemes have a 'promoter'.

The whole purpose of the bitcoin ecosystem is that it is something electronically transferrable (anonymously), yet fundamentally limited in its number.

Now: they could easily be a complete fraud - with the number of bitcoins in circulation being far more than claimed. However, if the claims for the limitation of their number in circulation are true, then they could easily become a store of value, in that any fiat currency (or indeed gold itself), has value because choose to believe it.

Or to put it another way: if people wish to assign bitcoins value, they can. Likewise, they can choose not to.

Re:mugging

[petermgreen]

If someone has access to your user session then encrypting your wallet it is only going to make the attackers life slightly harder since you will need to supply the software with a password to decrypt it at some point.

There isn't really any good soloution to this other than moving the wallet completely off the machine that is running an insecure general purpose OS onto a limited function device.

Re:mugging

[jeffmeden]

Something a would-be thief would likely not even recognize as being able to store a high-virtual-value item such as a bitcoin wallet. Consider it the equivalent of stashing your money in a cookie jar.

Re:mugging

[Pope]

It's still a pyramid scheme, as has been commented dozens of times on all the previous articles about BitCoins. Early adopters get the easiest blocks to solve, making them the most coins for the least effort? As more people join, the effort goes up geometrically, meaning more effort has to be put in to realize lesser gains? A very few people at the start control a huge number of the BitCoins? It's a fucking pyramid scheme of the highest order. And it makes me laugh my ass off over the fools who can't see it for what it is and drop thousands or tens of thousands of real dollars on it.

Re:mugging

[tbannist]

I don't think Bitcoin is a ponzi scheme. It's not really an investment scheme at all. It's closer to a pyramid scheme or possibly a just a simple con. After all, the more people "mining" Bitcoins, the less productive mining Bitcoins becomes. The early investors got Bitcoins faster and cheaper and as demand rises they can sell their Bitcoins that cost less to make for the same amount as the later, harder to make Bitcoins.

Re:mugging

[mmcuh]

This problem has nothing to do with the Bitcoin network, only the client. Anyone can write a new client that stores the wallet in a safer way and it will not require "rebooting" the Bitcoin system itself.

Re:mugging

[pla]

I'll admit to the fact that bitcoins are not a ponzi scheme as soon as I get an open admission that neither is social security by one of the notorious conservatrolls here.

Ponzi schemes have one, and only one, defining characteristic, of which many people seem to take great delight in proving their ignorance:

Generation-M investors receive their "profits" directly from the investment of Generation-M+n. Simple as that, nothing more and nothing less. All the other attributes of a Ponzi scheme (geometric growth, for example) merely derive from that core property either as a direct mathematical consequence, or as a hack to keep the scheme from collapsing sooner.

BitCoins do have any inherent value beyond their buying power (currently close to zero). That most of their trading activity comes directly from 100% pure unrestrained speculation has nothing to do with Ponzi schemes, any more than you could say the same of NYMEX or FOREX. If you choose to cash out of BitCoins today, you don't get paid by tricking new participants out of their investment dollars - You get paid because you fairly and openly sold something to a buyer who knew fully well what they received.

Social security, OTOH, has always had the explicitly stated intent of paying Generation-M directly from the payments of Generation-M+n. Your ability to "get yours" in the future depends entirely on fleecing new "investors" out of their then-present-day contributions to the system.

Put another way - If you buy tulip bulbs and the market crashes, you still have (possibly worthless) tulip bulbs. If you give me $100 today with nothing but a promise that I'll give you $200 next week, and I vanish from the planet, you have nothing.

Re:mugging

[MyFirstNameIsPaul]

But the same argument can be made for stocks. Those who purchased Yahoo! shares at its IPO made millions, and those who purchased in 1999 were suckers. Does that make the Yahoo! IPO a pyramid scheme? I don't think so.

Re:mugging

[nedlohs]

It's clearly not a ponzi scheme and it's also clearly not a pyramid scheme.

The those in early benefit is standard in essentially everything. Those in early also lose the most when whatever the thing is doesn't "take off".

The people first at an area with a lot of gold in the ground get easy pickings sitting on the surface. Those in later have to spend money digging mile deep holes in the ground to get at the remaining gold.

And of the course the entire point of bitcoins isn't the "mining" it's using them as a currency. I do not mint my own coins or print my own Federal Reserve notes and yet I use them as a currency just fine. Similarly I don't need to ever "mine" a bitcoin in order to use it as a currency and if it did become a functioning currency in more than just a fringe area the vast majority of people using it wouldn't either (they would simply buy bitcoins or be paid directly in bitcoins).

Re:mugging

[tbannist]

If you imagine the bit coins being created mostly at the top of pyramid and being sold down to the new people at the bottom, you should be able to see how it could be viewed as a pyramid scheme. If the top of the pyramid only sells coins to people lower on the pyramid than themselves, eventually you'd end up with a big base of suckers left with worthless tokens while the early adopters walk away with bags of cash.

I'm not saying it's actually a pyramid scheme, because I think some of the early adopters believe in Bitcoins. However, I think if someone is going to claim it's all a scam, they make sure the scam they're accusing it of being makes sense. Bitcoin is not at all like a Ponzi scheme.

Re:mugging

[tompaulco]

According to Wikipedia "A pyramid scheme is a non-sustainable business model that involves promising participants payment, services or ideals, primarily for enrolling other people into the scheme or training them to take part, rather than supplying any real investment or sale of products or services to the public."
Clearly Bitcoin is not a pyramid scheme. Nobody is promising anybody payments, and certainly not payments for signing anybody else into the scheme. Also, there is nowhere to sign up. There is no cost for entry or exit. Bitcoin is quite simply just a currency, one that some people accept and most people don't, but the people who are promoting Bitcoin would like for more people to accept it.

Another visitor!

Next up: Guy pays for burger with Bitcoin.

Can we stop the Bitcoin stories already?

Re:Another visitor!

[infodragon]

As much as the Bitcoin stories are getting a little much we are seeing the birth of something completely new; A medium of exchange that is independent of any government. The criminal/socially unacceptable elements are legitimizing the currency by applying value. Anything that enough humans apply value to will become valuable. The primary value of gold is that many people ascribe value to it and wish to possess it. If you buy gold on the markets you pay a storage fee because there are not enough commercial applications of gold to make storage profitable. Silver, platinum, copper... They all pay a bit if you buy contracts. The only purpose of gold then is to provide a medium of exchange.

Bitcoin is something similar in that a very large group of people are beginning to value the electronic currency, thus it has value. The context of the source of that valuation has no consequence. Humans are now using it as a medium of exchange which is now creating demand. That demand is causing a rise in price and others now wish to posses it as it has potential for increasing value. This is the basic form of speculation.

Now we have a socially illegitimate group applying the initial value and then speculators step in. Speculators are socially acceptable and so a balance is beginning to form. If this continues a stabilized economy will form and it will be unstoppable.

To wish that these stories be stopped is a bit shot sighted. We may be witnessing something that has *NEVER* happened before! It's quite exciting to watch something like this form, not to mention the insight into human behavior and the many benefits that can result for that insight. Not to mention a currency that is independent of any one government.

I do not see Bitcoins ever replacing government currency but I do see it becoming a supplemental tool for securing wealth and providing a medium of exchange detached from economically repressive governments. Any government that taxes represses it's people, the people accept that repression as a necessity to govern the society. Anyway, being able to purchase something without the government being in your business is a true expression of freedom and extends a way for true privacy to be exercised. This scares quite a few people in government and will be incredibly interesting to watch it play out.

As a side note, the VHS and Internet were "legitimized" by unsavory elements of society. And here we are discussing something in a way that 20 years ago was a dream and 80 years ago was unimagined, all because it was first a marginal "thing" exploited by unsavory elements in which a majority of the population expressed the desire to not be bothered. We live in exciting times and Bitcoin is the tip of something extremely interesting.

Re:Another visitor!

[Zenaku]

I would mod you up if I could, as you've said just what I wanted to say.

BitCoin is technically interesting, dammit. I don't own any, and I don't think I want to. . . it does seem like a risky, unstable economy to me. But the very idea of it is brilliant, and the implementation details and implications of its existence are profoundly interesting to me. It fits the "New for Nerds, Stuff that Matters" theme far better than most of the other stories posted here.

Re:Another visitor!

[infodragon]

I've considered putting $10 USD into just because it creates a vested interest. That interest sensitizes on a psychological level that no amount of intellectual interest can duplicate.

Re:Another visitor!

[Zenaku]

Barter is not a medium of exchange. It is just exchange. Without the medium. That's what makes it barter.

Re:Another visitor!

[MyFirstNameIsPaul]

Coincidence of wants

Re:Another visitor!

[infodragon]

Collectables are only desired by others with the same desire. Bitcoins are desired by anybody that desires something that can be purchased with Bitcoins. Your analogy is anemic.

A Picasso does not serve the same role, it is unique and there is only one. It's transfer is highly public and to keep it private there are extreme measures that must be taken. Also a Picasso would fall under the definition of barter, one item for another, rather than a medium of exchange. Again an anemic analogy.

As for nothing new other than peering algorithms, you have chosen to blind yourself to what Bitcoin is. Rather than taking a rational approach you have attempted to use poor analogies in an attempt to rationalize denial. http://www.nytimes.com/2011/06/15/arts/people-argue-just-to-win-scholars-assert.html

And yet...

[Sygnus]

Nothing of value was lost.

Re:Is there any way to give them a poisoned wallet

[bistromath007]

*looks at the trend in value of bitcoins*

Yes.

A file within a file...

[xMrFishx]

Encryption! (Sorry, couldn't resist - and I know it's not)

But honestly, if you're using this system for any sort of money handling, then leaving it, the equivilent of lying around, is not a good idea. Secure your money properly, use common sense. Also I believe it's even on BitCoin's good practise list of recommendations. Encrypt your wallet and keep a backup elsewhere incase a nasty trojan erases it. Good data retention practise applies to everything.

This is a problem with available solutions

[Dr.+Spork]

This security hole and related stealing is definitely a problem, but it's not a problem for Bitcoin. I give it a week before somebody releases a beta version of a simple bitcoin management application that encrypts, backs up and hides the relevant .dat file, as well as providing other functionality for managing your account and maybe even mining. Ideally, this would be a program that you compile yourself, so that you know there's nothing shady in it. I don't see anything in Bitcoin itself which makes it inherently vulnerable to this sort of stealing. A good application for this could make bitcoins at least as safe as your password for online banking.

Re:ALL BITCOIN NEWS IS SPAM

[hedwards]

There's nothing behind the anti-bitcoin crowd, apart from the fact that we're smart enough to see what a colossal scam it is. Supposedly, it isn't anonymous, which makes it even less useful as that would make it unsuitable to replace bags of cash for criminal deeds.

You get bitcoins by doing the calculations which are required to use bitcoins, so, it's not based upon anything other than the belief that it's valuable. On top of that, the rate at which ones gets bitcoins slows as time goes by to a fixed amount, meaning that early adopters get bitcoins for basically nothing, while the people later on get screwed. It's not quite a Ponzi scheme, but it's damned close.

Additionally, unlike other fiat currencies, you're not guaranteed to be able to buy anything with them later on, or even doing anything with them. USDs are essentially just paper, but you're guaranteed to at least be able to pay your taxes with them, pay debt, or exchange them into whatever your local currency is via most banks.

Re:so ?

[unity100]

thats a credit card. a credit card is not money. in real life, if your money is stolen, it is stolen.

Re:so ?

[NiteMair]

You mean those institutions that take your money and then reinvest it to make money for themselves - occasionally causing an economic collapse that decreasing the value of your money drastically? They also happen to keep a pretty handy record of every transaction so that governments can see what you've been up to with your money...

Yeah, I can't see why anyone might be searching for an alternative form of currency.

Re:so ?

[Patch86]

In real life, the vast, vast majority of my money is stored in bank or building society accounts. If my money is stolen from those (i.e., a bank robbery) the bank is legally obliged to repay me. If the bank goes bust and can't repay me, the government has promised to pay me back (up to £85k per institution).

The amount of money that I keep in physical, stealable cash form is usually only a working amount (£10 or £20), and only very rarely and very briefly more than that.

Your BitCoin "wallet files" represent everything you need to access all a person's money (as the story of the $500,000 theft a few days ago demonstrates). There is simply no comparison with conventional money- it would be the equivalent of keeping $500,000 in a box in your bedroom with a small label on it saying "all of my money is in here".

Re:-1 reader for slashdot. Keep it up guys

[Relayman]

Suggestion: Skip over the headings that don't appeal to you and read the ones that do. Comment on things you feel strongly about. I, for one, enjoy my daily Bitcoin story.