Bitcoin Forum
December 09, 2016, 02:20:15 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Bitcoin mining with a virus or botnet on bitclockers  (Read 5320 times)
CD-RW
Jr. Member
*
Offline Offline

Activity: 57


View Profile
July 20, 2011, 08:12:52 AM
 #1

http://www.threatexpert.com/report.aspx?md5=69d0699d6b660db571a63b4b3eac4b7f

This is a virus/botnet. It uses IRC to get and send commands. Sure. But check out the 'bitcoin' command:
Code:
PRIVMSG #insomnia :[BITCOIN]: Downloading ufasoft bitcoin miner...
PRIVMSG #insomnia :[BITCOIN]: Mining started [user='nigger' url='http://pool.bitclockers.com:8332' proc='dnmsal' id='1288']

So it downloads 'http://ufasoft.com/files/open/bitcoin-miner.exe' and uses it to get bitcoins for the botherder.


I hope any bitclockers admins read this and will take appropriate steps.
1481250015
Hero Member
*
Offline Offline

Posts: 1481250015

View Profile Personal Message (Offline)

Ignore
1481250015
Reply with quote  #2

1481250015
Report to moderator
1481250015
Hero Member
*
Offline Offline

Posts: 1481250015

View Profile Personal Message (Offline)

Ignore
1481250015
Reply with quote  #2

1481250015
Report to moderator
1481250015
Hero Member
*
Offline Offline

Posts: 1481250015

View Profile Personal Message (Offline)

Ignore
1481250015
Reply with quote  #2

1481250015
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481250015
Hero Member
*
Offline Offline

Posts: 1481250015

View Profile Personal Message (Offline)

Ignore
1481250015
Reply with quote  #2

1481250015
Report to moderator
xcooling
Full Member
***
Offline Offline

Activity: 145


View Profile
July 20, 2011, 09:29:32 AM
 #2

Ouch, wouldn't mind looking at the source code for it though.

Could be a nice base to make a remote self updating miner for my multiple machines

deslok
Sr. Member
****
Offline Offline

Activity: 448


It's all about the game, and how you play it


View Profile
July 20, 2011, 11:55:58 PM
 #3

BTCguild had "thousands" of cpu miners connect to it after they were removed from the pool(that many cpu's makes a mess of things) they were ddosed for several days i wonder if this is an updated version of that botnet.
on another note how did you get that infromation do you have a computer that was infected with it a sample may be useful in preventing botnets from being a thorn in the side of bitcion in general.

"If we don't hang together, by Heavens we shall hang separately." - Benjamin Franklin

If you found that funny or something i said useful i always appreciate spare change
1PczDQHfEj3dJgp6wN3CXPft1bGB23TzTM
bal3wolf
Sr. Member
****
Offline Offline

Activity: 426



View Profile
July 21, 2011, 01:08:24 AM
 #4

If you have the bot you need to either give it to someone or do it yourself and find the dns they use and report it then that will pretty much kill them with no way to control them any longer.

my btc address 1LRWTJS3rf8ubG2oMjcm7CmGGDJQSomdRP
Mining tools and Drivers
V2-V3
Full Member
***
Offline Offline

Activity: 227


Jagersfontein


View Profile WWW
July 21, 2011, 01:45:32 AM
 #5

CD-RW ,Thank you for the heads up

This was taken care of by Backburn over at BitClockers not too long ago.


Boing7898
Sr. Member
****
Offline Offline

Activity: 266


View Profile
July 22, 2011, 06:11:48 PM
 #6

I PMed it to Backburner not long time ago but it seems he ignored my pm..

Ohai.
GRC: FtWgehaapGH5cKSmMPEH91sVzxLUioNZ3s
CD-RW
Jr. Member
*
Offline Offline

Activity: 57


View Profile
July 30, 2011, 05:07:10 PM
 #7

on another note how did you get that infromation do you have a computer that was infected with it a sample may be useful in preventing botnets from being a thorn in the side of bitcion in general.

I searched Threatexpert for 'BitCoin' somewhere in the virus, and got a few hits!
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!