Do I need An antivirus in linux?

Afraid to answer a bit background knowledge is necessary first.

Viruses hardly exists any more. Programs that infect other executables, overwrite parts of them and/or add new code to them is not how malware spreads nowadays in most cases. In windows that distinction is not really necessary, windows users use the term “virus” to describe every form of malware (and user error, sorry, couldn’t resist 😉 ). But in Linux that distinction is important as virus scanners in Linux do exactly what the name says…they scan for viruses. They don’t protect you against attacks from websites in any form. And on top of that they hardly even scan for Linux viruses…there are only very few proof-of-concept Linux viruses at all. And due to people never installing anything themselves but always packages provided by the distro through the package manager there is almost no attack surface for traditional viruses…no spreading of .exe saying they are the most fancy screensaver or similar. So the Linux virus scanners actually mostly scan for windows viruses, for example in a mail server scanning email attachments before delivering the mails.

Continue reading “Do I need An antivirus in linux?”

ATTN: Do not download #CryptoCoin Trader from #Sourceforge. Those who have ran the program on your PC, please format ASAP!

I spotted few mins ago that there is link to download a open source trading program call Cryptocoin trader.

One anonymous user claimed that the source code is safe but i decided to run the precompiled exe on my VM to be sure.
The program extracts qtbitcoin trader client and some suspicious executables (bridgemigplugin.exe, vbc.exe).
brigemiplugin.exe description on task manager is open broadcaster software.

After some googling, it is obvious that the program is doing a live/recording video stream through a open source program from open broadcaster software http://obsproject.com/

Here are the screenshots

Even though the post has been deleted, there are 46 people indicated on sourceforge who have downloaded the program, please reformat your pc to prevent any potential wallet hacks.

Update: I’ve ran wireshark to sniff the network traffic produce by the malware, the malware connection is initiated from 185.17.1.222, Russian. ISP, Longbow Electric Llc. screenshot here

Update 2 I’ve did a search of the IP address. I believe it doesn’t belongs to any tor node, proxy or VPN. Hence it is very likely that 185.17.1.222 is either a dynamic or static IP from Longbow Electric Llc.

Update 3 I’m a undergraduate in NUS majoring in computer science security. I hope that this post will act as a warning for all potential future hackers who attempts to perform similar attacks (The community is watching you). Thanks everyone for the tips as well, it sure helps a little with my high tuition debt. 🙂 This is so much I can do for now, as I’m having papers from tomorrow onwards. Stay safe fellow bitcoiners!

WARNING: A fake electrum website with malware is advertising on duckduckgo and yahoo.

If you perform a search for electrum on duckduckgo or yahoo, an ad claiming to be electrum.org will be at the top.

In reality the ad links to:
electrum-bitcoin org

The domain was created December 21.

This site is nearly identical to electrum.org except the download links give different files. All three of the files that can be download are much smaller than the real electrum and are most likely malware.
The three files are:
electrum.exe – 91136 bytes
electrum.out – 60316 bytes
electrum.zip – 32478 bytes

Continue reading “WARNING: A fake electrum website with malware is advertising on duckduckgo and yahoo.”