Reporting potential Bitcoin botnet

[PsykoTenshi]

Simply put, today when I started my comp the gpu was throttling like crazy. Apparently someone managed to infiltrate a bitcoin miner bot into my computer. I know I didn't do that willingly at least, not having just a "mere" Radeon HD4890, that won't get me anywhere with bitcoins. Also I've even identified when and how I did (unwittingly) install it, but that's another story.

So I figured I'd go make the guy's easy money plan backfire on him by reporting his bitcoin info to the community.
Among the scripts I've found on my system, there was two url's, I hope that's enough.

http://ophelion_1:123@mergedmining.btcguild.com:8332
http://1ERX1hr6xbGDgt8cB2whUf9HpeqzTqp3T:x@mining.eligius.st:8337

I can also submit the .exe file that installs all this stuff for analysis if required.


P.S.: The only rules I saw was "no posting illegal stuff" and "I understand I'll be restricted to the Newbies section", I am not aware if posting someone's bitcoin info is "illegal" or similar. In any case, the guy is a just lowly gpu processor cycles and bitcoins leecher, he doesn't deserve any special treatment.

[odolvlobo]

Because he has btcguild in his URL, he is likely to be mining in the btcguild pool. Contact btcguild (http://www.btcguild.com/), and perhaps they can ban him or something.

[PsykoTenshi]

Aw I'll have to make even more new accounts. Oh well, it'll make for an even more satisfactory (if) successful backfire on the guy's "free money" plan.

Edit: Silly me not noticing they have IRC-based support before making an account. :facepalm:

[eleuthria]

Aw I'll have to make even more new accounts. Oh well, it'll make for an even more satisfactory (if) successful backfire on the guy's "free money" plan.

Thank you for coming into #btcguild IRC and reporting the user.  I'll be looking at the account shortly to see if other factors point to the account being a botnet (which in most cases is possible when an outside report is made).  If anything looks funny, paired with your report, the account will be disabled.

[eleuthria]

The user was confirmed as definitely showing botnet activity, and their workers have been disabled.

[fcmatt]

How did you install it?

[mokahless]

I think it would be really cool to see what the exe installed. I'd love to run it in a vm.

[davidblack]

Hi - I'm looking into botnets & Bitcoin for Channel 4 News - anyone in the UK been affected and fancy talking to us?

[PsykoTenshi]

Oh... Sorry I didn't respond for so long, I utterly forgot about this.

@ fcmatt: Self extractor (poorly) disguised as game executable. I was careless, I know.

@ mokahless: Sent you PM.

@ davidblack: Well, I must say I feel honored, my English is good enough to pass as an English gentleman http://img14.imageshack.us/img14/4923/likeasiriconsmaller.png
I'm an ocean away, in Argentina (southern corner of South America). Thanks for the offer though

On a related note, hurray for eleuthria and his lightning fast response!