Poll on potentially malicious bitcoin miners.

[Waschtel]

Recently, a large amount of bitcoins was stolen (see http://forum.bitcoin.org/index.php?topic=16457.0)

A mining program is suspected to have been the vector of the malicious code enabling the theft.

If any of the following has been the case:

• You have seen unexplained deductions from your bitcoin client (even small ones).
• Your mining pool account has been hacked.
• You have not been receiving your shares for mining work done.

then please participate in this thread poll.

DO NOT PARTICIPATE IF YOU HAVE NOT BEEN A VICTIM.
ONLY PARTICIPATE IF YOU HAVE BEEN A VICTIM.

As the Simple-Machines-Forum only allows for radio-box polls, not check-box polls, this poll is conducted in the following manner:

Copy the miner-list (last line of this post) of the thread post IMMEDIATELY superior to your own into your reply and add +1 to the sum of any miners you have been using while being hacked.

MAKE THE MINER-LIST THE LAST LINE OF YOUR POST.



Phoenix:01----Guiminer:01----Poclbm:01----CpuMiner:01----Ufasoft:01----SseMiner:01----Other[please specify]:00

[1714110526]

1714110526

[1714110526]

1714110526

[1714110526]

1714110526

[1714110526]

1714110526

[joepie91]

While it wasn't a mining pool account, my Mt. Gox got broken into. Although I haven't been able to find anything suspicious on my system, I'll post nevertheless.

Phoenix:02----Guiminer:01----Poclbm:02----CpuMiner:01----Ufasoft:01----SseMiner:01----Other[please specify]:00

[kwukduck]

Same here MtGox got hacked only...


Phoenix:03----Guiminer:02----Poclbm:02----CpuMiner:01----Ufasoft:01----SseMiner:01----DiabloMiner:01----Other[please specify]:00

[allinvain]

Phoenix:02----Guiminer:00----Poclbm:00----CpuMiner:00----Ufasoft:00----SseMiner:00----Other[please specify]:00

Phoenix 1.48 with phatk opencl kernel.

[freequant]

Recently, a large amount of bitcoins was stolen (see http://forum.bitcoin.org/index.php?topic=16457.0)
A mining program is suspected to have been the vector of the malicious code enabling the theft.

Mining applications are opensource.
Just check the code if you have a doubt.
I skimmed through the code of poclbm and phoenix : very clean and standard python without a track of suspicious logic.
When the average mining app is a mere thousand lines of code long, it doesn't make much sense to try to find statistically something that can be found deterministically by checking the code.

[joepie91]

Recently, a large amount of bitcoins was stolen (see http://forum.bitcoin.org/index.php?topic=16457.0)
A mining program is suspected to have been the vector of the malicious code enabling the theft.

Mining applications are opensource.
Just check the code if you have a doubt.
I skimmed through the code of poclbm and phoenix : very clean and standard python without a track of suspicious logic.
When the average mining app is a mere thousand lines of code long, it doesn't make much sense to try to find statistically something that can be found deterministically by checking the code.

Which doesn't exactly go for a miner written in Python that was made into an .exe by py2exe, and used on Windows. If you used a premade .exe it might have had something that is not in the source.

[Waschtel]

Renormalizing....

@allinvain: I included your installations in the first post.

@mtgox victims: I think mtgox hacks are dictionary attacks: No captcha to prevent them.

Phoenix:03----Guiminer:02----Poclbm:02----CpuMiner:01----Ufasoft:01----SseMiner:01----DiabloMiner:01----Other[please specify]:00

[joepie91]

@mtgox victims: I think mtgox hacks are dictionary attacks: No captcha to prevent them.

I can't see how a randomly generated password is hit by a dictionary attack.

As far as I know, Mt. Gox has a system that locks out an IP after a certain amount of failed login attempts, but NOT a system that freezes an account after a lot of failed attempts from a lot of IPs. This would make it crackable by a botnet (through bruteforce even, provided the botnet is large enough). It wouldn't surprise me if the "DDoS" is actually bots trying to bruteforce accounts - although, this is purely speculation and I have no facts to support it with, except for what it looks like.