Results 1 to 1 of 1
-
25th Jun 2014, 11:19 AM #1
Bitcoin Files Detected as 1987 Virus
Several antivirus solutions erroneously detect some Bitcoin files as the Stoned computer virus that was popular more than a quarter of a century ago.
These are false positives triggered by the fact that the 27-year-old virus signature was uploaded into the Bitcoin blockchain. This is possible because when a transaction is made, a small snippet of text can be added to it.
In this case, a prankster included byte sequences that are available in the Stoned computer virus.
The writing of the Stoned computer virus is attributed to a university student in New Zealand and it was among the first computer threats; it spread to Australia by 1989 and then to the rest of the world in the early 90s.
The virus would infect the master boot record (MBR) of the hard disk and, at every eighth boot of the system, it would plant the message “Your PC is now Stoned!” on the monitor.
Researcher Didier Stevens identified the transactions as being the following:
-f09904aaa4fa4a8ec7da06f5e3d318a9b6a218e1a215f93074 16fbbadf5a1c8e
-fcf5cf9893a142897598edfc753bd6162e3638e138fc2feaf4 a3477c0cfb65eb
Submitting these transactions to VirusTotal showed a total of 16 detections, the engines from ClamAV, AVG and Microsoft labeling them as infected with the ancient threat.
Didier managed to trace the transactions and found that they appeared in blocks from April 4, 2014.
The presence of the virus signature poses no real danger to the user, but when the defense mechanisms in some antivirus software kick in, the Bitcoin file is deleted. The Bitcoin client then proceeds to re-download the file to perform an update on the block and the process repeats.
According to Didier, inserting messages in the address of the output of a transaction in order to add text to the Bitcoin blockchain is not new, but it has its downside. “The Bitcoins send to these addresses are irrevocably lost, because these addresses have no (known) private key. That is why only very small amounts will be transferred (1 and 10 Satoshis in these transactions). The message is limited to 20 bytes (the size of the raw address used in the output),” he says.
The researcher believes that other transactions may also be polluted with virus signatures. However, there is no danger to the user because only the signature is present, and even if it were malicious code inserted, it would not be executed, but it would trigger a reaction from the antivirus program until the file is whitelisted or the developer takes care of the false detection.Kepler Reviewed by Kepler on . Bitcoin Files Detected as 1987 Virus http://i1-news.softpedia-static.com/images/news-700/Bitcoin-Files-Detected-as-1987-Virus.jpg Several antivirus solutions erroneously detect some Bitcoin files as the Stoned computer virus that was popular more than a quarter of a century ago. These are false positives triggered by the fact that the 27-year-old virus signature was uploaded into the Bitcoin blockchain. This is possible because when a transaction is made, a small snippet of text can be added to it. In this case, Rating: 5
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
Need help fpr keeping files alive as long as possible
By ruialessio in forum Webmaster DiscussionReplies: 0Last Post: 14th Jun 2012, 07:31 PM -
Witch file host as mirror ?
By adansard in forum File Host DiscussionReplies: 4Last Post: 3rd May 2012, 11:10 PM -
Sweden Recognizes File-Sharing as a Religion
By Raptile in forum News & Current EventsReplies: 1Last Post: 8th Jan 2012, 09:47 PM -
any filehost to keep file private as default?
By m107 in forum Technical Help Desk SupportReplies: 3Last Post: 30th Nov 2011, 04:37 PM -
Downloading YouTube Videos to MP3 or as video file
By DXS in forum General DiscussionReplies: 10Last Post: 4th Jul 2010, 12:37 PM
themaManager - edit and manage...
Version 4.04 released. Open older version (or...