Been robbed
-
this is some f'ed up shit man... got me shook!
just curious tho, @Lexicon why do you mention nxt?
-
Ok guys, we found the source of the breach. The surfbar istalled a rootkit, something they said they had removed a while ago.
PLEASE DO NOT USE THE SURFBAR ANY LONGER
Those who have the surfbar please check the following location for this file:
\AppData\Roaming\dclogsIt has been logging all your browser actions.
-
We will deactivate the surfbar in the next hours. I want to mention that the infection occurred in the beginning of December. Please check your AppData folder like Focus said. Activate "Show hidden files" to find it.
-
... and if we have no such file in the roaming folder? I've been using a "side browser" for the surfbar.
-
I'd say don't use the surfbar, I've honestly never liked the thing from the day it was released.
-
@k.coins No files means the keylogger we are talking about has not infected you. As I said, only people who used the surfbar in the beginning of december 16 are maybe in danger. It depends on many variables, which browser, which anti-virus and so on...
VM and Linux users are fine.
-
@k.coins Burst is based on NXT ish
-
Firstly I'm sorry to see that your efforts were put to a terrible purpose that really sucks. I once had 247 Bitcoins myself in 2012 then POOF! Some asshole(s) took them and that was before there were some serious security apps available to the general public.
Putting the past aside how are we going to learn from it and more importantly how do we properly secure assets and pools? If there's a black hat among us their habits will expose them but perhaps the people that run this community can develop methods / apps to help the community at large.
Cheers
-
HE IS NOT A BLACKHAT.
dclogs stands for DarkComet Logs, a free rat you can find on the internet. The creator of DarkComet abandoned the project. The hacker is more a script kiddie. To uninstall DarkComet virus from your computer, download the remover from http://darkcomet-rat.com
-
@Lexicon i am devastated that a valued community member has been robbed I would like to donate 1000 new silver or equivalent 402 asset to whatever burst wallet address you provide.
-
@Miky said in Been robbed:
HE IS NOT A BLACKHAT.
dclogs stands for DarkComet Logs, a free rat you can find on the internet. The creator of DarkComet abandoned the project. The hacker is more a script kiddie. To uninstall DarkComet virus from your computer, download the remover from http://darkcomet-rat.comEven if you deleted the dclogs folder, you are still infected and the skiddie has full control on your computer. Just run a scan to be sure.
-
Also, if you are infected maybe we can track his ip, but I don't know how to do it.
-
What is a good free program for scanning for rootkits?
-
@Propagandalf said in Been robbed:
What is a good free program for scanning for rootkits?
http://www.gmer.net/
https://www.malwarebytes.com/antirootkit/
-
@Focus Thanks, no malware found using malwarebytes.
-
i was robbed too; you have my sympathy. I made the mistake of relying on microsoft anti spyware/virus and leaving my thumbdrive at home. I now use Avira it also offers 500mb free vpn a month which I shall use to access my wallet and zonealarm firewall .... all freebies :) i also installed a ramdrive to handle temporary system files for when i decrypt my passphrase archive thus it cannot be retreived from deleted files. My windows filesystem is now in the hands of almighty bitlocker.
-
@Lexicon I am really sorry for this man! I can i imagine how bad you have to be feeling now. It just sucks all this.
As I said on another thread regarding the Surfbar, hardware wallets are the only way to go on the long run, as we are humans and sometimes we make mistakes and even worst we are expose to attacks, now it was the surfbar but in the future could be whatever and hackers (a rat in this case) seem to drink a lot of coffee and don't sleep too much...
I propose that maybe in the mean time the most secure way (as I see it) is to create a new wallet locally and have the passphrase never on your computer, have it on a paper or encrypted on a flash drive we never plug in. Do all the asset buying and so on with other more active wallet and transfer assets and funds from time to time to the one we never use. I do not see a way someone can get hold of your passphrase. I am sure there could be better ways as maybe use linux, etc.
And one last thought, do not use your user name to give the name to the wallet, this makes your address a more desire target.
Best
-
i understand the seriousness of the keylogger found inside surfbar , but IMO the 1 thing that screams suspect to me is the wallet address that has not been used from 2014 ???????? seriously it's highly unlikely that the person that address belongs to is #1 still involved with burst in any form and #2 has installed and used the surfbar recently wile at the same time logging into a wallet they have not used to do a transaction with in over 2 years. IMO it's more likely that the owner of said wallet is the culprit and desided to pop in and collect what they could.
-
@Gibsalot I was actually coming back to this thread to check on that date! While driving I thought, wait... 2014??? Nah, I must be trippin.
-
@k.coins i had to go dubble check myself to see if it was typo


