Bitcoin Forum
November 14, 2024, 03:50:41 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Bitcoin mining with a virus or botnet on bitclockers  (Read 6114 times)
CD-RW (OP)
Jr. Member
*
Offline Offline

Activity: 56
Merit: 22


View Profile
July 20, 2011, 08:12:52 AM
 #1

http://www.threatexpert.com/report.aspx?md5=69d0699d6b660db571a63b4b3eac4b7f

This is a virus/botnet. It uses IRC to get and send commands. Sure. But check out the 'bitcoin' command:
Code:
PRIVMSG #insomnia :[BITCOIN]: Downloading ufasoft bitcoin miner...
PRIVMSG #insomnia :[BITCOIN]: Mining started [user='nigger' url='http://pool.bitclockers.com:8332' proc='dnmsal' id='1288']

So it downloads 'http://ufasoft.com/files/open/bitcoin-miner.exe' and uses it to get bitcoins for the botherder.


I hope any bitclockers admins read this and will take appropriate steps.
xcooling
Member
**
Offline Offline

Activity: 145
Merit: 10


View Profile
July 20, 2011, 09:29:32 AM
 #2

Ouch, wouldn't mind looking at the source code for it though.

Could be a nice base to make a remote self updating miner for my multiple machines

deslok
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250


It's all about the game, and how you play it


View Profile
July 20, 2011, 11:55:58 PM
 #3

BTCguild had "thousands" of cpu miners connect to it after they were removed from the pool(that many cpu's makes a mess of things) they were ddosed for several days i wonder if this is an updated version of that botnet.
on another note how did you get that infromation do you have a computer that was infected with it a sample may be useful in preventing botnets from being a thorn in the side of bitcion in general.

"If we don't hang together, by Heavens we shall hang separately." - Benjamin Franklin

If you found that funny or something i said useful i always appreciate spare change
1PczDQHfEj3dJgp6wN3CXPft1bGB23TzTM
bal3wolf
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250

Power to the people!


View Profile
July 21, 2011, 01:08:24 AM
 #4

If you have the bot you need to either give it to someone or do it yourself and find the dns they use and report it then that will pretty much kill them with no way to control them any longer.
V2-V3
Full Member
***
Offline Offline

Activity: 227
Merit: 100



View Profile
July 21, 2011, 01:45:32 AM
 #5

CD-RW ,Thank you for the heads up

This was taken care of by Backburn over at BitClockers not too long ago.

Boing7898
Sr. Member
****
Offline Offline

Activity: 686
Merit: 259



View Profile
July 22, 2011, 06:11:48 PM
 #6

I PMed it to Backburner not long time ago but it seems he ignored my pm..
CD-RW (OP)
Jr. Member
*
Offline Offline

Activity: 56
Merit: 22


View Profile
July 30, 2011, 05:07:10 PM
 #7

on another note how did you get that infromation do you have a computer that was infected with it a sample may be useful in preventing botnets from being a thorn in the side of bitcion in general.

I searched Threatexpert for 'BitCoin' somewhere in the virus, and got a few hits!
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!