Messing with the minds of Bitcoin fans

All off topic conversation held here. Have fun and play nice. =)

Moderators: Bookworm, starkruzr, MrFireDragon, PrettyPrincess, Wapsi

Post Reply
User avatar
AnotherFairportfan
Posts: 6402
Joined: Thu May 01, 2014 2:53 pm

Messing with the minds of Bitcoin fans

Post by AnotherFairportfan »

False Stoned virus detections in Bitcoin files are widespread

Summary: Some joker stuffed the virus signature into the return address for a Bitcoin transaction leading to Stoned virus detections when transactions are stored on-disk.
 
Larry Seltzer/Zero Day/June 24, 2014 wrote: Researcher Didier Stevens is reporting on his blog that he has confirmed the reports of anti-virus false positive detections in Bitcoin files. Stevens submitted samples to VirusTotal and received positive detections from several, including many respectable vendors like Symantec, Sophos and Trend Micro.
stoned-bitcoin

The programs are detecting the Stoned virus, an ancient boot sector virus created in 1987. A user report to Microsoft for the problem in May correctly notes that the detection is in error and that it appears to be the result of a prank: Someone inserted the virus signature as a string associated with a transaction. Stevens identified two transactions, both dated 4/4/2014, but he thinks there are others.

As Stevens explains: "tuffing messages in the address of the output(s) of a transaction is a well-known method to insert messages in the Bitcoin blockchain." The string does not contain an executable virus, nor would it ever be executed even if it were code.

As the Microsoft description says, Stoned is ancient. I recall cleaning up a major outbreak in a project I was running in 1990. In those days boot sector viruses were a more serious problem. Now the actual Stoned virus doesn't do any real damage, but just displays "YOUR COMPUTER HAS BEEN STONED" on one of every eight computer startups.
Proof Positive the world is not flat: If it were, cats would have pushed everything off the edge by now.
Post Reply