Bitcoin Forum
December 03, 2016, 06:58:31 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Poll on potentially malicious bitcoin miners.  (Read 2930 times)
Waschtel
Newbie
*
Offline Offline

Activity: 18


View Profile
June 15, 2011, 06:21:09 PM
 #1

Recently, a large amount of bitcoins was stolen (see http://forum.bitcoin.org/index.php?topic=16457.0)

A mining program is suspected to have been the vector of the malicious code enabling the theft.

If any of the following has been the case:


  • You have seen unexplained deductions from your bitcoin client (even small ones).
  • Your mining pool account has been hacked.
  • You have not been receiving your shares for mining work done.


then please participate in this thread poll.

DO NOT PARTICIPATE IF YOU HAVE NOT BEEN A VICTIM.
ONLY PARTICIPATE IF YOU HAVE BEEN A VICTIM.

As the Simple-Machines-Forum only allows for radio-box polls, not check-box polls, this poll is conducted in the following manner:

Copy the miner-list (last line of this post) of the thread post IMMEDIATELY superior to your own into your reply and add +1 to the sum of any miners you have been using while being hacked.

MAKE THE MINER-LIST THE LAST LINE OF YOUR POST.



Phoenix:01----Guiminer:01----Poclbm:01----CpuMiner:01----Ufasoft:01----SseMiner:01----Other[please specify]:00
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480748311
Hero Member
*
Offline Offline

Posts: 1480748311

View Profile Personal Message (Offline)

Ignore
1480748311
Reply with quote  #2

1480748311
Report to moderator
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 16, 2011, 12:28:05 PM
 #2

While it wasn't a mining pool account, my Mt. Gox got broken into. Although I haven't been able to find anything suspicious on my system, I'll post nevertheless.

Phoenix:02----Guiminer:01----Poclbm:02----CpuMiner:01----Ufasoft:01----SseMiner:01----Other[please specify]:00

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
kwukduck
Legendary
*
Offline Offline

Activity: 1564


View Profile
June 16, 2011, 01:02:34 PM
 #3

Same here MtGox got hacked only...


Phoenix:03----Guiminer:02----Poclbm:02----CpuMiner:01----Ufasoft:01----SseMiner:01----DiabloMiner:01----Other[please specify]:00

14b8PdeWLqK3yi3PrNHMmCvSmvDEKEBh3E
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 16, 2011, 01:41:46 PM
 #4

Phoenix:02----Guiminer:00----Poclbm:00----CpuMiner:00----Ufasoft:00----SseMiner:00----Other[please specify]:00

Phoenix 1.48 with phatk opencl kernel.

freequant
Hero Member
*****
Online Online

Activity: 686


View Profile
June 16, 2011, 03:17:19 PM
 #5

Recently, a large amount of bitcoins was stolen (see http://forum.bitcoin.org/index.php?topic=16457.0)
A mining program is suspected to have been the vector of the malicious code enabling the theft.

Mining applications are opensource.
Just check the code if you have a doubt.
I skimmed through the code of poclbm and phoenix : very clean and standard python without a track of suspicious logic.
When the average mining app is a mere thousand lines of code long, it doesn't make much sense to try to find statistically something that can be found deterministically by checking the code.
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 16, 2011, 03:34:16 PM
 #6

Recently, a large amount of bitcoins was stolen (see http://forum.bitcoin.org/index.php?topic=16457.0)
A mining program is suspected to have been the vector of the malicious code enabling the theft.

Mining applications are opensource.
Just check the code if you have a doubt.
I skimmed through the code of poclbm and phoenix : very clean and standard python without a track of suspicious logic.
When the average mining app is a mere thousand lines of code long, it doesn't make much sense to try to find statistically something that can be found deterministically by checking the code.
Which doesn't exactly go for a miner written in Python that was made into an .exe by py2exe, and used on Windows. If you used a premade .exe it might have had something that is not in the source.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
Waschtel
Newbie
*
Offline Offline

Activity: 18


View Profile
June 16, 2011, 06:28:06 PM
 #7

Renormalizing....

@allinvain: I included your installations in the first post.

@mtgox victims: I think mtgox hacks are dictionary attacks: No captcha to prevent them.

Phoenix:03----Guiminer:02----Poclbm:02----CpuMiner:01----Ufasoft:01----SseMiner:01----DiabloMiner:01----Other[please specify]:00
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 16, 2011, 07:35:29 PM
 #8

@mtgox victims: I think mtgox hacks are dictionary attacks: No captcha to prevent them.
I can't see how a randomly generated password is hit by a dictionary attack.

As far as I know, Mt. Gox has a system that locks out an IP after a certain amount of failed login attempts, but NOT a system that freezes an account after a lot of failed attempts from a lot of IPs. This would make it crackable by a botnet (through bruteforce even, provided the botnet is large enough). It wouldn't surprise me if the "DDoS" is actually bots trying to bruteforce accounts - although, this is purely speculation and I have no facts to support it with, except for what it looks like.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!