[cryptography] Digital cash in the news...

coderman coderman at gmail.com
Sat Jun 18 02:46:48 EDT 2011

On Fri, Jun 17, 2011 at 4:50 AM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> Is it a sign that your e-Monopoly-money has arrived when trojans start
> targeting it?
> http://www.net-security.org/malware_news.php?id=1752
> (My guess is that since trojans already steal everything they can, including
> lots of stuff with no obvious value, that the authors just added Bitcoin
> wallets because they could).

i checked this out when it dropped. it was delivered in haste, and not
something overly impression (like a pro kit re-tailored for bitcoin

the day before this dropped wallet encryption was released in the
official bitcoin client. the attackers had to rush deployment of this
malware before too many potential targets upgraded to encrypted
wallets (thus making them less accessible to attacker using this

the interesting aspect is how this following a significant crackdown
on the bitcoin.org forums and was sent as a mass phish via private
message to all the members.

i've pasted the content below. note that clicking on the image went to
a ....JPG/ directory which in turn sent the screensaver malware
payload that is not identified in most browsers as potentially
malicious (unlike .EXE or .COM, .BAT, .PDF, etc.)

once you click, it rather clumsily traversed the disk looking for the
first wallet.dat to deliver via an open relay to a drop box at

they'd clearly spent more time on the delivery aspects than on the
smarts within the wallet stealing code. as said, a rush job due to the
client update the day before.

waiting for the next trojan to target RPC port on running bitcoind's...


You have just been sent a personal message by MoonShadow- on Bitcoin Forum.

IMPORTANT: Remember, this is just a notification. Please do not reply
to this email.

The message they sent you was:


Statements which should not be generally offensive, be excessively
repeated or have bad formatting (spam), contain forbidden advertising
or political or religious views, not be non-English when English is
required, disclose personal data of others, or support any other rule

Proof can be seen at:

One more warning and your account might be banned.

Reply to this Personal Message here:

More information about the cryptography mailing list