Hi, I had to create an account to tell/warn/spread awareness about this.
There seems to be a "bitcoin miner malware" spreading. One office PC had its CPU at 100% pretty much constantly if network was connected. There is one good Google hit about it and a few Chinese/Japanese Google hits that do not have anything interesting.
There is a process "ping.exe" running under svchost, with command line:
"C:\WINDOWS\System32\ping.exe" -g no -t 1 -o httX://re********-startup.com:8344/ -u *** -p *********
The "re********-startup.com" resolves at the moment to:
re********-startup.com has address 38.99.169.85
re********-startup.com has address 38.99.169.86
re********-startup.com has address 38.99.169.87
re********-startup.com has address 184.82.193.155
I have censored the address. If people think it is a good idea to publicize it, I can. The censored username/pass I will not publicize.
Someone already have noticed it few weeks back. See for details:
http://www.virustotal.com/file-scan/report.html?id=f2868ba54f077bf77f24d36648e5a631ad7a672cbbaf18a2dcb3bced94ccbd00-1316899029But the poster did not notice the obvious connection to bitcoin!
I have the binary soon and will do some analysis on it. I am an IT professional with a little experience in doing binary analysis.
I believe I am the first one to find this one out, does anyone have estimates how wide-spread this is?
I am not familiar with mining but do the command line switches look familiar to some public miner?
