|
June 21, 2011, 12:18:55 PM Last edit: June 21, 2011, 01:56:26 PM by w1R903 |
|
I'm a long-time lurker who has only bothered registering to pass on a piece of information that might interest forum users and moderators. Someone on the forum is causing other users'machines to send packets to deepbit.net. I noticed that whenever I was on the forum, my machine was connecting to 91.213.175.240. Turns out this is a deepbit.net IP. For those that don't know, deepbit.net is a bitcoin mining pool. I've 100% isolated this behavior to the Bitcoin forum. It would appear that someone on the forum has is using some variation of CSRF, probably via a link or image tag in their signature, to cause other users' computers to call 91.213.175.240; I would assume to use their CPUs/GPUs to mine on their behalf. I'm not knowledgeable enough about security issues to guess how exactly they are doing it, and I'm in the middle of a big work project and so don't time to track it down. I would assume the script is only using our computers to mine on their behalf, but who knows? I'm kind of surprised that no one else has posted about it.
I'm running windows and I've not yet tried to isolate this behavior on a linux machine, but I'd assume it would work there, too. It's really amazing the level of sophistication that attackers use now against users. Everyone be on guard.
Just to be clear, I don't think this is related to the forum owners, but rather to a member of the forum.
PS -- I don't mine and have no mining clients installed. PPS -- This hasn't happened on the newbie section, but in the general section.
|