Silk Road forums
Discussion => Newbie discussion => Topic started by: Norma on June 01, 2013, 02:40 pm
-
Hi there,
Got my blue cheese today and am a happy bunny!
Yesterday was another story though, hoping folks here might have some insight?
When I connected to Tor the other day I got a 'new security update is out' kind of msg in the home page, followed the link and updated the browser. The only other new thing I did was deal on bitbargain.co.uk, honestly can't think where else it could have come from..
Anyway, I ended up with shitty malware that took me till half 7 this morning to get rid of (I hope I have, at least! My fb is no longer taken over by a phishing page asking for my credit card details, which is a good sign..)..
Long story short, did a system restore, and Tor is back to old version, and I'm too scared to update it again..
Can I leave it as is or is this update necessary to keep me safe?
The malware seemed to only affect IE, is there a chance my sr login details were hacked? :-\
-
First of all, the TOR update isn't related to the malware and you should update or else you're at a security risk.
The kind of malware coming from a bitcoin scam site could very well be a keylogger. Those types of malicious websites want to steal people's coins, so there is most probably a keylogger on your machine and it will try to get your bitcoin address and PIN. I don't know if it'll steal your SR account and password, it's probably a robot that handles the data harvested and identifies things that could be wallet passwords, and then automatically steals it or forwards the processed information to a person that tries the passwords. I recommend you use DBAN on your computer and reinstall a clean OS with a good antivirus if it's windows, but there are some ways you can fool a simple keylogger, you can type one letter in the PIN field, and then garbage in the search bar or somewhere else, and with your mouse, try to enter your PIN (and SR password) in a random order to make it harder for them to get your PIN. They could still get it but I think such website just exploit the easy targets, I may be wrong though.
That being said even though you can fool a simple keylogger with your mouse by entering your password in the wrong order and writing thing in other fields, the person having installed the keylogger will still know you access silkroad and will know exactly everything you do on your computer, and knows who you are. It could even be LE malware in the worst case. S
o the best option is DBAN + clean OS, or just use TAILS on a live USB from now on, the malware wouldn't work there. Don't ever access crap sites like that again, install add-ons like noscript to protect you.
-
Thanks for the reply and advice..
Unfortunately, I can't really manage wiping my hard drive and reinstalling os at the moment.. I don't have access to a proper version of windows, and this is my only machine and only connection to the outside world really as I'm pretty much house bound, so can't afford to screw it up and be left with nothing..
I've been meaning to get a new pc for a while, but life's been crazy and not really had a chance to yet..
I've run msert.exe full scan and mse full scans, and they all came back clear, have uninstalled and reinstalled mse and IE, and now fb works fine.. I am also able to access Microsoft urls that I was blocked from before I restored my system.. Is the malware just tricking these scans? Everything seems to be running fine now..
I was referred to that site buy the guy I bought bitcoins from before, as he wasn't selling anymore. The deals I made all went smoothly, and only bought off reputable sellers and wasn't asked to download anything.. I guess that isn't always enough? I have been too paranoid to log on to my bank accounts at the moment to check if they have been accessed (I do get calls from the bank when -I- try to do things on my account, so one would assume if anyone had moved a load of money around, I would know..).. :-\
Will update my Tor now and hope for the best i guess..
-
You shouldn't use IE, seriously. At least use firefox, and install security add-ons like noscript, it prevents some malicious website from fucking with you too much. IE is just really bad. I don't think they'll access your bank but usually, fake bitcoin websites like that try to steal your bitcoins one way or another so I would worry about my bitcoins... You can be safe if you use a live USB/CD and you should really do that if you can't wipe and reinstall your OS. But don't install TAILS using this computer, use a clean computer, preferably. It would still be safer to run TAILS if it were installed on your computer than if you browse SR with an infected computer. Maybe you got all the malware out but I really doubt that. You could try to install anti-keylogger software from trusted sources, if you really can't use a live USB, but I don't know if you trust those software either. So at least use firefox with good add-ons and download some anti-keylogging software (but don't go on malicious websites again, check the site's reputation with WOT for example).
-
Ok.. So after doing the bare minimum on infected desktop, the hacker showed his ugly face and tried ordering a camera and new mobile on some of my accounts, and left me his address and phone number!
It's with the police now, desktop is offline, friend lent me a clean laptop. Didn't lose any money, got new debit card and changed all my passwords.
So now I feel safe enough to go on SR road again (that, and I'm low on weed.. :P ), but VERY weary of making the same mistake again, so would like a recommendation of a safe and fast way to buy Bitcoins, if you have any?
Many thanks!
-
I would strongly suggest making up a whole new SR account entirely, You have no idea of what has been compromised, best to make sure of EVERYTHING.
For standard browsing use a decent browser (chrome/firefox) with a good ad-blocker. For tor, use tor, never one of the plugins that lets you get tor on something else. Make sure you have a firewall in place and a good anti-spyware/malware program in place (microsoft security essentials is free and better than most paid ones).
Using internet explorer in this day and age is like going in a $1 whorehouse with no condoms, it's a terrible, terrible bit of software