Bitcoin Forum
November 06, 2024, 11:31:38 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: SCAM: CoinMiner at bitcoin-miner-pro.com steals wallet  (Read 10627 times)
Kiv (OP)
Full Member
***
Offline Offline

Activity: 162
Merit: 100



View Profile
July 03, 2011, 11:53:42 PM
 #1

It's come to my attention that a miner called CoinMiner is being distributed at bitcoin-miner-pro.com.

This is nothing more than my own GUIMiner with a wallet stealing trojan attached. DO NOT DOWNLOAD this miner unless you want to lose all your coins and maybe worse. It will not increase your mining speed or do anything else magical except send your wallet to some scammers.

I'm very upset that my free software is being used in this way and have contacted the site owners, but I don't expect that they will be very cooperative. I just wanted to warn people not to use it, and if anyone wants to DDOS their site that would be cool. (Joking)

GUIMiner - get started easily mining Bitcoins on your GPU or CPU
Donate to support work on GUIMiner: 1MDDh2h4cAZDafgc94mr9q95dhRYcJbNQo
or YouTipIt
error
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500



View Profile
July 04, 2011, 12:23:10 AM
 #2

Site's down now.

3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
antares
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
July 04, 2011, 12:25:18 AM
 #3

well, I hope you consider changing the license of GUIminer to something that makes it stay free software, but prohibits malicious redistribution of that code.
At least you could then file a lawsuit against them, for copyright issues. Also, be sure to get a whois output for their domain and report their doings to the registrar. then do a whois on the ip-address where the site is hosted and write some mail to their hoster.(if domain registrar and hoster are not the same company). These usually react fast to complaints. They react even faster to DMCA complaints(in case you really change your license)
Kiv (OP)
Full Member
***
Offline Offline

Activity: 162
Merit: 100



View Profile
July 04, 2011, 12:36:07 AM
 #4

Site's down now.

Sometimes when visiting it I get an error, other times it goes through. Looks like the server reliability is not great. I'm still able to access the site now.

well, I hope you consider changing the license of GUIminer to something that makes it stay free software, but prohibits malicious redistribution of that code.
At least you could then file a lawsuit against them, for copyright issues.

The license is GNU GPL and I believe they are already in violation of it (though I'm no lawyer), at least by not distributing the source code to their modified version.

Also, be sure to get a whois output for their domain and report their doings to the registrar. then do a whois on the ip-address where the site is hosted and write some mail to their hoster.(if domain registrar and hoster are not the same company). These usually react fast to complaints. They react even faster to DMCA complaints(in case you really change your license)

I tried a whois and apparently they're with ezinom.com. I guess that's who I can write mail to?

GUIMiner - get started easily mining Bitcoins on your GPU or CPU
Donate to support work on GUIMiner: 1MDDh2h4cAZDafgc94mr9q95dhRYcJbNQo
or YouTipIt
Boing7898
Sr. Member
****
Offline Offline

Activity: 686
Merit: 259



View Profile
July 04, 2011, 08:15:43 AM
 #5

403 Forbidden error..

It seems they already went down.. or away..
TheSeven
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500


FPGA Mining LLC


View Profile WWW
July 04, 2011, 08:40:18 AM
 #6

Got a couple SPAM emails from then as well :/
The address was apparently harvested from the Mt. Gox database leak.

My tip jar: 13kwqR7B4WcSAJCYJH1eXQcxG5vVUwKAqY
antares
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
July 04, 2011, 09:56:16 AM
 #7

Site's down now.

Sometimes when visiting it I get an error, other times it goes through. Looks like the server reliability is not great. I'm still able to access the site now.

well, I hope you consider changing the license of GUIminer to something that makes it stay free software, but prohibits malicious redistribution of that code.
At least you could then file a lawsuit against them, for copyright issues.

The license is GNU GPL and I believe they are already in violation of it (though I'm no lawyer), at least by not distributing the source code to their modified version.

Also, be sure to get a whois output for their domain and report their doings to the registrar. then do a whois on the ip-address where the site is hosted and write some mail to their hoster.(if domain registrar and hoster are not the same company). These usually react fast to complaints. They react even faster to DMCA complaints(in case you really change your license)

I tried a whois and apparently they're with ezinom.com. I guess that's who I can write mail to?

yep, ezinom.com should be responsible. If they do not react, you can also contact Californian Authorities for (helping) violating the US-CAN-SPAM act(ezinom is, according to their whois record listed as a company in CA). US-Authorities can then seize the domain name.
TheSeven
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500


FPGA Mining LLC


View Profile WWW
July 04, 2011, 11:01:49 PM
 #8

I just filed an abuse report to the abuse contact of solid.nsjet.com (where the emails were coming from, which is the same IP address that is hosting the site), after they basically acknowledged that they are violating CAN-SPAM, claiming that it doesn't apply to them because they are on the Bahamas, and explicitly refusing to exclude me from further mailings.

My tip jar: 13kwqR7B4WcSAJCYJH1eXQcxG5vVUwKAqY
gellimac
Full Member
***
Offline Offline

Activity: 126
Merit: 100



View Profile
July 05, 2011, 09:37:46 AM
 #9

I installed this fu**** sofware 2 days ago and obviously I lost my 0.25 BTC (I just start mining so I don't have a lot of BTC). I scanned it with AVIRA Antivir and no virus were found...

I uninstalled it and deleted the install folder but is it enough?

How does it works?
Does it send the wallet to someone or does is use the bitcoin software of the PC so send directly the BTC to an adress?
TheSeven
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500


FPGA Mining LLC


View Profile WWW
July 05, 2011, 09:47:28 AM
 #10

I just filed an abuse report to the abuse contact of solid.nsjet.com (where the emails were coming from, which is the same IP address that is hosting the site), after they basically acknowledged that they are violating CAN-SPAM, claiming that it doesn't apply to them because they are on the Bahamas, and explicitly refusing to exclude me from further mailings.
Seems like the abuse department did their job well: the vhost seems to be gone Smiley

My tip jar: 13kwqR7B4WcSAJCYJH1eXQcxG5vVUwKAqY
Palmdetroit
Legendary
*
Offline Offline

Activity: 910
Merit: 1000


PHS 50% PoS - Stop mining start minting


View Profile
July 05, 2011, 05:05:07 PM
 #11

I installed this fu**** sofware 2 days ago and obviously I lost my 0.25 BTC (I just start mining so I don't have a lot of BTC). I scanned it with AVIRA Antivir and no virus were found...

I uninstalled it and deleted the install folder but is it enough?

How does it works?
Does it send the wallet to someone or does is use the bitcoin software of the PC so send directly the BTC to an adress?


Weird Avira caught the miner bot within a day or two.

Not sure but did you keep your wallet in the default location?

I won't go into wallet security here but anyone new to bitcoin should look around posts on here to see basic security measures to take.


gellimac
Full Member
***
Offline Offline

Activity: 126
Merit: 100



View Profile
July 05, 2011, 05:08:38 PM
 #12

Yes it was in Roaming/bitcoin

how can I change it?
antares
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
July 06, 2011, 10:45:04 PM
 #13

@TheSeven

if a hosting provider does not agree to stick to such things as SPAM "because they are offshore and dont give a crap about foreign laws and policies", you can and should always make clear that you will warn others to stay away from them because they condone spam. If they are a serious business they will know what happens to hosters that allow spamming: People will stay off them because they could have a spammer on their node having negative effects on their own website rating.

You could also try to go a level up - I had this some time with a US company that simply ignored the spam issue - They were hosted with BurstNet(who are pretty strict and fast when it comes to the do nots) as resellers. So I contacted burst and it took about a day until the whole hosting company went offline.

Also I'd consider asking a lawyer(there are lawyers that accept bitcoin) for a new free software license that allows modification but forbids malicious modification. Unfortunately you cannot alter the GPL or most other licenses to adept to your likes, because the weird thing about those licenses is that they are usually under pretty restrictive licenses themselves(i.e. if you alter the GPL you break copyright law).

You could also dual license your work with the LGPL and charge for commercial modifications(like QT did use to). That way you could also DMCA those scammers.

EDIT: If you go for that latter thing, and the hoster does not react to DCMA(or national equivalent law) you can usually hold them responsible, and that should be pointed out(after some quick research on their national laws) in the first contact with them
haydent
Full Member
***
Offline Offline

Activity: 154
Merit: 100



View Profile
July 09, 2011, 03:20:19 AM
 #14

heres another copy http://www.l5b.net/Bitcoin-Speed-Miner/

2x Gigabyte 6950 OC @ 920/450 w/ ati tray tools (1 shader modded) - 760Mhs on ozco.in 0% fee aus pool
btc: 1HS5Brzcsh7XkJn566XYbvfpa2JuBRBdss
Leon
Newbie
*
Offline Offline

Activity: 14
Merit: 0



View Profile
July 14, 2011, 10:42:05 PM
 #15

Are you sure maybe they are being hacked... ZOMFG GOXEDE!
Viceroy
Hero Member
*****
Offline Offline

Activity: 924
Merit: 501


View Profile
July 24, 2011, 05:00:02 PM
 #16

User "leon" is a scammer:

http://forum.bitcoin.org/index.php?topic=29636.140


STP
Jr. Member
*
Offline Offline

Activity: 47
Merit: 12


View Profile
August 27, 2011, 03:32:05 PM
 #17

Windows Defender flagged my GUIminer.exe as a trojan this morning. It was the 20110614 version. It showed it as trojan/coinminer. I downloaded it via the guiminer thread. Just Defender getting it wrong due to this CoinMiner in this thread?
PLaci1982
Full Member
***
Offline Offline

Activity: 168
Merit: 100


Live long and prosper. \\//,


View Profile
August 28, 2011, 07:23:02 AM
 #18

Windows Defender flagged my GUIminer.exe as a trojan this morning. It was the 20110614 version. It showed it as trojan/coinminer. I downloaded it via the guiminer thread. Just Defender getting it wrong due to this CoinMiner in this thread?

I think this ain't the right topic, but: The GUIminer are legit (if you downloaded it from this forum), maybe one of the included command line miner program got flagged as false positive. That happened with version 20110701 and the included ufasoft miner, and thats why version 20110824 does not include it right out of the box.

Hardware Expert / WinXP, Win7 Expert

1J5oPkyGVdb4mv44KGZQYsHS2ch6e1t4rc
-ck
Legendary
*
Offline Offline

Activity: 4284
Merit: 1645


Ruu \o/


View Profile WWW
August 28, 2011, 09:24:05 AM
 #19

One by one every mining software is being tagged as a virus by the stupid virus software makers because the mining software is being packaged with a trojan set of parameters. Obviously that's not the mining software's fault, so the virus software makers can go and get fffff

Developer/maintainer for cgminer, ckpool/ckproxy, and the -ck kernel
2% Fee Solo mining at solo.ckpool.org
-ck
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!