Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: Bitcoin Virus?
by
veyp0r
on 06/04/2014, 21:12:02 UTC
Quote from: skooter on April 06, 2014, 07:14:20 PM
Quote from: veyp0r on April 06, 2014, 06:46:55 PM
Quote from: skooter on April 06, 2014, 05:45:03 PM
Is this info legit?

If so, sounds like fun.

I quit running antivirus years ago because of issues like exactly this. It causes more problems then it solves.

I run my web browsers either sandboxed or in a virtual machine. Run any suspicious software (like keygens) sandboxed or in a VM, and only download software that I'm relatively sure is safe.

I haven't tested it, because I don't run antivirus software (On Linux at the moment, usually running some flavor of Unix), and I don't feel like spinning up a VM.

Lots of AntiVirus's basically scan for known byte-patterns of malware, at least when doing a basic static scan. Smarter ones might check where the "signature" resides to try to determine if its actually malicious, others will flag it regardless of the signature position.

So, at least theoretically, it should work against a few AV's.

Hmm. how are messages attached to a transaction in the blockchain? And how are they stored?

And where would I get a list of known virus signatures?
From the PasteBin post:
Quote
You can inject an arbitrary raw 20 byte binary string into the database files (forever) because of that by setting the target address of a transaction to a wanted value (more or less). A bitcoin address (the intended receiver of any amount of coins) consists of 25 bytes. The first one equals 1 by default and is uninteresting. The following 20 bytes identifies the intended receiver and can be set to exactly anything. The following 25 bytes is just a hash of the former 21 bytes. A bitcoin transaktion contains such an address and is stored on each and every bitcoin-client forever. If you delete the database from one bitcoin-client (or has a fresh install), your client will synchronize with the rest of the network.


You're essentially creating a transaction with a fake recipient address which matches some virus signature. I'm not too sure where to get virus signatures that in use by AV products. I doubt they're publicly available (other than the EICAR test string (which Im not sure will fit here anyway) ). You'd probably have to do some reverse engineering to actually get them.

EDIT:I should mention that I have no idea whether such a transaction will actually get propagated and stored in the blockchain (invalid address), or if would simply be dropped/ignored, someone with more experience with the raw protocol would have to chime in. If you brute-forced an address that was a valid virus-signature and sent some bitcoin to that, then it should work regardless.