roflkittiez (OP)
Newbie
Offline
Activity: 4
Merit: 0
|
|
January 31, 2013, 07:24:52 AM |
|
Hello. Today I decided to do a virus scan because I've been neglecting to for a while. I found that someone had put a btc miner in a game patch that I installed. Before deleting it, I managed to get some usernames and logins from his bot. My question, is there anything I can do with these logins? As far as I can tell, these logins work just fine... but I have no idea what I am looking at. Would someone do the curticy of briefly explaining it as I attempt to look though this forum and learn more myself. An example of the logins are: mine2.btcguild.com
{ "error": null, "id": 1, "result": { "data": "<long string>", "hash1": "<long string>", "midstate": "<long string>", "target": "<long string>" } }
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1227
Away on an extended break
|
|
January 31, 2013, 07:26:17 AM |
|
PM me the login ID (the password is useless as it's probably x) and I'll ask the btcguild admin to look into it.
|
|
|
|
roflkittiez (OP)
Newbie
Offline
Activity: 4
Merit: 0
|
|
January 31, 2013, 07:32:35 AM |
|
PM me the login ID (the password is useless as it's probably x) and I'll ask the btcguild admin to look into it.
Cannot PM yet... Oh well Username: hydr451_1 There are several accounts for different sites. Some have x, others appear to have working passwords. Is there anything I can use from those accounts if the passwords are valid?
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1227
Away on an extended break
|
|
January 31, 2013, 07:34:00 AM |
|
PM me the login ID (the password is useless as it's probably x) and I'll ask the btcguild admin to look into it.
Cannot PM yet... Oh well Username: hydr451_1 There are several accounts for different sites. Some have x, others appear to have working passwords. Is there anything I can use from those accounts if the passwords are valid? Probably not as the miner passwords are separate from the account password. Best way would be to get his accounts closed by the pool admins themselves.
|
|
|
|
roflkittiez (OP)
Newbie
Offline
Activity: 4
Merit: 0
|
|
January 31, 2013, 07:37:49 AM |
|
Probably not as the miner passwords are separate from the account password. Best way would be to get his accounts closed by the pool admins themselves.
Ah, so pool accounts are basically useless to me? Ah well, guess I'll just contact the admins
|
|
|
|
mufa23
Legendary
Offline
Activity: 1022
Merit: 1001
I'd fight Gandhi.
|
|
January 31, 2013, 07:49:35 AM |
|
If you don't mind me asking, which game patch?
|
Positive rep with: pekv2, AzN1337c0d3r, Vince Torres, underworld07, Chimsley, omegaaf, Bogart, Gleason, SuperTramp, John K. and guitarplinker
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1227
Away on an extended break
|
|
January 31, 2013, 07:54:44 AM |
|
Probably not as the miner passwords are separate from the account password. Best way would be to get his accounts closed by the pool admins themselves.
Ah, so pool accounts are basically useless to me? Ah well, guess I'll just contact the admins Yep, basically useless to you. I've PM'ed BTCGuild (eleuthria) about it, you could PM other pool operators too.
|
|
|
|
roflkittiez (OP)
Newbie
Offline
Activity: 4
Merit: 0
|
|
January 31, 2013, 08:08:49 AM |
|
Yep, basically useless to you. I've PM'ed BTCGuild (eleuthria) about it, you could PM other pool operators too.
Alright, thanks I'll PM the rest of the admins tomorrow morning. If you don't mind me asking, which game patch?
Assassins Creed 3... Was a high seeded torrent from kat.ph that was still up (I flagged it). Probably was a pretty successful bot.
|
|
|
|
Envite
Newbie
Offline
Activity: 22
Merit: 0
|
|
January 31, 2013, 11:25:25 AM |
|
This remember me... Trust No One
|
|
|
|
eleuthria
Legendary
Offline
Activity: 1750
Merit: 1007
|
|
January 31, 2013, 03:33:22 PM |
|
Thank you for the report. The user's account has been denied access to any generated funds, and the worker has been moved off of their account into my "catch-all". Once their activity dies down the worker will be removed as well [workers remain active for a short time because many miners will slam the pool with invalid logins otherwise].
|
RIP BTC Guild, April 2011 - June 2015
|
|
|
RodeoX
Legendary
Offline
Activity: 3066
Merit: 1147
The revolution will be monetized!
|
|
January 31, 2013, 03:38:06 PM |
|
That's a funny way to discover bitcoin, welcome. If you want to get into bitcoin I would strongly recommend reading up on security. It could have just as easily been a wallet stealer that infected you. There are ways to mitigate your risk. Cheers.
|
|
|
|
Gabi
Legendary
Offline
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
|
|
January 31, 2013, 03:44:11 PM |
|
Wow, a virus miner. So bot mining really exists. I wonder if it was a cpu or gpu one...
Well, welcome in the bitcoin forum, get rid of that virus!
|
|
|
|
eleuthria
Legendary
Offline
Activity: 1750
Merit: 1007
|
|
January 31, 2013, 03:46:58 PM |
|
Wow, a virus miner. So bot mining really exists. I wonder if it was a cpu or gpu one...
Well, welcome in the bitcoin forum, get rid of that virus!
Botnet mining has been around since at least April 2011. Almost every botnet I've encountered fits into three categories: 1) Very small GPU mining botnet [rarely over a few hundred machines] 2) Very small CPU mining botnet [sometimes not a botnet, but a corporate IT guy who installed a miner on their network] 3) Very large CPU mining botnet 1 and 2 aren't so bad. They don't influence the network much, they tend to be very localized and don't spread outside of users downloading things they shouldn't. #3 is the bad category. These are the full zombie botnets that can be modified to do many other things in addition to mining, and attempt to spread aggressively. When you attempt to deal with them, you generally see a large number of pools get DDoS'd in the following week in retaliation for being banned.
|
RIP BTC Guild, April 2011 - June 2015
|
|
|
greyhawk
|
|
January 31, 2013, 03:47:31 PM |
|
Wow, a virus miner. So bot mining really exists. I wonder if it was a cpu or gpu one...
Hiding the thing in AssCreed has a certain perverse beauty to it what with it being all about conspiracies and stuff.
|
|
|
|
Gabi
Legendary
Offline
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
|
|
January 31, 2013, 03:52:28 PM |
|
Meh, it is just because it's a thing downloaded often.
Interesting info eleuthria, didn't know these things. Well, with ASIC mining these botnets will become soon mostly useless, or anyway, they will see their profit reduce dramatically. As for ddosing, luckily we have p2pool.
|
|
|
|
|