Bitcoin Forum
December 08, 2016, 06:10:03 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 »  All
  Print  
Author Topic: Confession's of a Bitcoin Botnet coder...  (Read 19239 times)
MysteryMiner
Legendary
*
Offline Offline

Activity: 910



View Profile
May 12, 2012, 04:50:51 PM
 #21

A skilled person is safe with Windows or with Linux

Depends on the exploit. Yes, noobs click email attachments, download "codecs" from porn sites, etc. But it doesn't matter how good you are if somebody exploits a 0 day in chrome you are fucked. This is why Google pays people to disclose them.
Even for Windows 0-day exploits are becoming less damaging. Software does not run with administrative permissions. No system-wide damage, no rootkit installation possible. Some of vulnerabilities require special circumstances or already existing account on target computer.

The "codecs" are different kind of problem or "blessing" depending from context. When computers were expensive, only people who tried to master them used computers. Now everyone can afford a computer and they use it as entertainment device and don't want and can't use computers properly because of lack if IQ.

1LEaxxAh1LKFUvDKYVhiMEVAHRM7K5o7cF
1481177403
Hero Member
*
Offline Offline

Posts: 1481177403

View Profile Personal Message (Offline)

Ignore
1481177403
Reply with quote  #2

1481177403
Report to moderator
1481177403
Hero Member
*
Offline Offline

Posts: 1481177403

View Profile Personal Message (Offline)

Ignore
1481177403
Reply with quote  #2

1481177403
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481177403
Hero Member
*
Offline Offline

Posts: 1481177403

View Profile Personal Message (Offline)

Ignore
1481177403
Reply with quote  #2

1481177403
Report to moderator
1481177403
Hero Member
*
Offline Offline

Posts: 1481177403

View Profile Personal Message (Offline)

Ignore
1481177403
Reply with quote  #2

1481177403
Report to moderator
check_status
Full Member
***
Offline Offline

Activity: 196


Web Dev, Db Admin, Computer Technician


View Profile
May 12, 2012, 05:43:21 PM
 #22

Quote from: Gabi
Please avoid this Windows bullshit. Those are Windows boxes because noobs use Windows and not Linux. And, since they are noobs, they keep their computer NOT secure, unprotected and vulnerable to everything
The problem is the user, NOT the operative system.


A skilled person is safe with Windows or with Linux

A Windows Security Experts advice to Noobs:

Noob:
What can I do to improve my Windows security?

WSE:
Install Windows ($150) latest updates ASAP.
Make sure you are running a good up to date Anti-Virus. ($59.99)
Make sure you have a good Firewall turned on. ($39.99)
Don't click on or install dumb shit. (Priceless)

A Linux Security Experts advice to Noobs:

Noob:
What can I do to improve my Linux security?

LSE:
Install your Linux (Priceless) distro's latest updates and fixes.
Don't click on or install dumb shit. (Priceless)

The cost of being secure on W?ndows? $250
The cost of being secure on Linux? Priceless Cheesy  Cool

For Bitcoin to be a true global currency the value of BTC needs always to rise.
If BTC became the global currency & money supply = 100 Trillion then ⊅1.00 BTC = $4,761,904.76.
P2Pool Server List | How To's and Guides Mega List |  1EndfedSryGUZK9sPrdvxHntYzv2EBexGA
bulanula
Hero Member
*****
Offline Offline

Activity: 518



View Profile
May 12, 2012, 05:47:48 PM
 #23

Quote from: Gabi
Please avoid this Windows bullshit. Those are Windows boxes because noobs use Windows and not Linux. And, since they are noobs, they keep their computer NOT secure, unprotected and vulnerable to everything
The problem is the user, NOT the operative system.


A skilled person is safe with Windows or with Linux

A Windows Security Experts advice to Noobs:

Noob:
What can I do to improve my Windows security?

WSE:
Install Windows ($150) latest updates ASAP.
Make sure you are running a good up to date Anti-Virus. ($59.99)
Make sure you have a good Firewall turned on. ($39.99)
Don't click on or install dumb shit. (Priceless)

A Linux Security Experts advice to Noobs:

Noob:
What can I do to improve my Linux security?

LSE:
Install your Linux (Priceless) distro's latest updates and fixes.
Don't click on or install dumb shit. (Priceless)

The cost of being secure on W?ndows? $250
The cost of being secure on Linux? Priceless Cheesy  Cool

For Windblow you have to pay the stupid tax Cheesy
MoonShadow
Legendary
*
Offline Offline

Activity: 1666



View Profile
May 12, 2012, 06:20:05 PM
 #24

Something important for Windows users...Notice in the pics, W7, VS, XP. Every machine listed in the pics are Windows boxes. He also said he binds programs uploaded to usenet.
Quote from: throwaway236236
At the beginning it happened, my crypter got flagged and I had to rearrange the code to re"FUD" it. Now everything is automated, every victim gets a regular update, just for him. And because the polymorphism happens on my side, AV vendors can't get a detection for all modifications, it's game over for them.

I wonder if he has compromised any linux boxes?
Please avoid this Windows bullshit. Those are Windows boxes because noobs use Windows and not Linux. And, since they are noobs, they keep their computer NOT secure, unprotected and vulnerable to everything
The problem is the user, NOT the operative system.


A skilled person is safe with Windows or with Linux

Skilled people don't use Windows exclusively, so it's a moot point.  Skilled people who use mutiple OS's know that GNU/Linux (and many other *nix class operating systems) is inherently more secure than Windows, even though Windows has improved significantly over the past decade.  Therefore, if some random person asks me what to do to improve their bitcoin security on windows, my default answer is still to use something else.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
Timo Y
Legendary
*
Offline Offline

Activity: 938


bitcoin - the aerogel of money


View Profile
May 12, 2012, 07:10:04 PM
 #25

13-20 Ghash/s means his mining botnet earns him approx. $1.100-1.700 per month.

Now, I don't want to condone his actions, but putting myself in his skin, that seems hardly worth it to me. That's less than a cleaning lady earns where I live.  Why doesn't he just get a real job?  Why risk going to prison for such a modest amount of income?  

I assume that selling the CC information is a lot more lucrative than mining, and the mining is just a side project of his.

Either that, or his is doing this for reasons other than money. Prestige? Power?

He seems to think he is invincible, but even Tor is not 100% safe, and all it takes is a second of carelessness and your anonymity is blown, and your life is ruined.

GPG ID: FA868D77   bitcoin-otc:forever-d
Sukrim
Legendary
*
Offline Offline

Activity: 1848


View Profile
May 12, 2012, 10:19:19 PM
 #26

As long there is Gigamining and Bitbond don't worry.
They collected now in only 3 weeks more than 30000 BTC to run their miners.

Volume does not mean income... I could sell a single share at 1 BTC and then it gets traded a million times --> volume is 1m BTC, but I still only got this single coin.

About the thread itself - just with the info he posted, as I said, it's not impossible to track his coins down at all for anyone. German speaker, miner at BTCguild (and no, I would NOT ban mining botnets by the way!) with a total of 10+ GH/s (possibly spread on several accounts), most likely has a higher-than-average stale rate, as he'd need to tunnel his getworks through his own proxy + TOR... do I need to go on?

What I find a bit disturbing is that even though he acts like a "total pro", in the end 1-2 years of reading coding tutorials online don't magically transform you in the god of programming. Likely he introduced a few security holes in his botnet software too.

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3Zb
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
blablahblah
Legendary
*
Offline Offline

Activity: 775


View Profile
May 13, 2012, 12:17:21 AM
 #27

can we tip the anti virus companies with advise on how to catch these background bitcoin mining processes so it's more difficult for botnets to operate as miners?

No no no... AV companies are like "reformed criminals" -- you never really know if they're 100% trustworthy.

1) They're self-proclaimed experts on viruses and other malware,
2) They like to install software on your computer which just happens to be a massive resource hog,
3) Their business model relies on a never-ending supply of viruses and customer fear.

If someone wants to be completely genuine about anti-virus software, why not ask for a government grant to kickstart a FOSS AV program that users are able to download and compile themselves? Then you can absolutely guarantee that your friendly anti-virus isn't burning up the idle time on your GPU.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
May 13, 2012, 12:31:18 AM
 #28

If someone wants to be completely genuine about anti-virus software, why not ask for a government grant to kickstart a FOSS AV program that users are able to download and compile themselves? Then you can absolutely guarantee that your friendly anti-virus isn't burning up the idle time on your GPU.

http://www.clamav.net/lang/en/download/sources/ <-- not commenting on how good it is, but it's open source.

kokojie
Legendary
*
Offline Offline

Activity: 1498



View Profile WWW
May 13, 2012, 01:24:00 AM
 #29

Actually the botnet operator herself said windows is just as secure as macos or linux, it is just that botnets don't target linux because its tiny market share and the users are often knowledgeable about computers.

Quote from: Gabi
Please avoid this Windows bullshit. Those are Windows boxes because noobs use Windows and not Linux. And, since they are noobs, they keep their computer NOT secure, unprotected and vulnerable to everything
The problem is the user, NOT the operative system.


A skilled person is safe with Windows or with Linux

A Windows Security Experts advice to Noobs:

Noob:
What can I do to improve my Windows security?

WSE:
Install Windows ($150) latest updates ASAP.
Make sure you are running a good up to date Anti-Virus. ($59.99)
Make sure you have a good Firewall turned on. ($39.99)
Don't click on or install dumb shit. (Priceless)

A Linux Security Experts advice to Noobs:

Noob:
What can I do to improve my Linux security?

LSE:
Install your Linux (Priceless) distro's latest updates and fixes.
Don't click on or install dumb shit. (Priceless)

The cost of being secure on W?ndows? $250
The cost of being secure on Linux? Priceless Cheesy  Cool

If my post has been helpful, send me some love -> BTC: 1kokojUapmWqCqPw3Ch2rjcVh57tJEzka | PPC: PDyXAgA8eH47gokVW6zVZPSuu15aao5nZF | Bitshares: kokojie
My reputation
Sukrim
Legendary
*
Offline Offline

Activity: 1848


View Profile
May 13, 2012, 01:27:11 AM
 #30

If you get a Linux machine, it's likely a server. Probably quite often these are then used for FTP dumps and similar instead of being searched for credit card/Paypal/... information.

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3Zb
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 13, 2012, 04:00:38 AM
 #31

If someone wants to be completely genuine about anti-virus software, why not ask for a government grant to kickstart a FOSS AV program that users are able to download and compile themselves? Then you can absolutely guarantee that your friendly anti-virus isn't burning up the idle time on your GPU.

http://www.clamav.net/lang/en/download/sources/ <-- not commenting on how good it is, but it's open source.
I use that for all my mail servers. It's lightweight and fast.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
dizzy1
Full Member
***
Offline Offline

Activity: 134


View Profile
May 13, 2012, 04:54:59 AM
 #32


Volume does not mean income... I could sell a single share at 1 BTC and then it gets traded a million times --> volume is 1m BTC, but I still only got this single coin.

About the thread itself - just with the info he posted, as I said, it's not impossible to track his coins down at all for anyone. German speaker, miner at BTCguild (and no, I would NOT ban mining botnets by the way!) with a total of 10+ GH/s (possibly spread on several accounts), most likely has a higher-than-average stale rate, as he'd need to tunnel his getworks through his own proxy + TOR... do I need to go on?

What I find a bit disturbing is that even though he acts like a "total pro", in the end 1-2 years of reading coding tutorials online don't magically transform you in the god of programming. Likely he introduced a few security holes in his botnet software too.

One of the pictures he linked to showed a modified version of https://github.com/cdhowie/Bitcoin-mining-proxy. He also said although he only says he has 10-20gh/s, he suspects that up to 30% of the current hashing power is from botnets.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
May 13, 2012, 09:42:52 AM
 #33

If someone wants to be completely genuine about anti-virus software, why not ask for a government grant to kickstart a FOSS AV program that users are able to download and compile themselves? Then you can absolutely guarantee that your friendly anti-virus isn't burning up the idle time on your GPU.

http://www.clamav.net/lang/en/download/sources/ <-- not commenting on how good it is, but it's open source.
I use that for all my mail servers. It's lightweight and fast.

So do I. Just didn't want to start a discussion that AV's suck, and blah blah blah, hence the part about not commenting Wink

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
May 13, 2012, 01:54:19 PM
 #34

A Windows Security Experts advice to Noobs:

Noob:
What can I do to improve my Windows security?

WSE:
Install Windows ($150 $0.00) latest updates ASAP.  (Already installed on that computer you just bought, service Packs have never cost anything)
Make sure you are running a good up to date Anti-Virus. ($59.99 $0.00)  (You said good not expensive right?  Avast = Free)
Make sure you have a good Firewall turned on. ($39.99 $0.00)  (Windows firewall is fine for 99% of users.  For power users there are free alternatives.)
Don't click on or install dumb shit. (Priceless)


FYPFY

I would add:
Install Windows Defender (there are better anti-malware products but I generally give WD to noobs because it just works).
use a router w/ NAT & SPI.  Only forward ports you need.

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
May 13, 2012, 01:58:10 PM
 #35

13-20 Ghash/s means his mining botnet earns him approx. $1.100-1.700 per month.

Now, I don't want to condone his actions, but putting myself in his skin, that seems hardly worth it to me. That's less than a cleaning lady earns where I live.  Why doesn't he just get a real job?  Why risk going to prison for such a modest amount of income?  

He indicated he is a student.  An $1800/mo part time job which is related to your major ain't that bad of a gig for a student.  As you indicated his total compensated is likely more when you include various other forms of revnue.  Would I personally do it?  No but I imagine a lot of other would if they had the ability.
Fiyasko
Legendary
*
Offline Offline

Activity: 1428


Okey Dokey Lokey


View Profile
May 13, 2012, 02:54:24 PM
 #36

Well. Atleast people might realise "omg my gpu is at 100% overnight"
Or "hey my fans slow down when i use my computer"

But ofcourse they wont /facepalm
Most people dont do regular Dust Checks

http://bitcoin-otc.com/viewratingdetail.php?nick=DingoRabiit&sign=ANY&type=RECV <-My Ratings
https://bitcointalk.org/index.php?topic=857670.0 GAWminers and associated things are not to be trusted, Especially the "mineral" exchange
Sukrim
Legendary
*
Offline Offline

Activity: 1848


View Profile
May 13, 2012, 09:49:55 PM
 #37

It might even help the PCs living longer having their fans run nonstop so there is less dust buildup! Wink

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3Zb
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
Nyaaan
Full Member
***
Offline Offline

Activity: 140


View Profile WWW
May 14, 2012, 01:28:25 PM
 #38

13-20 Ghash/s means his mining botnet earns him approx. $1.100-1.700 per month.

Now, I don't want to condone his actions, but putting myself in his skin, that seems hardly worth it to me. That's less than a cleaning lady earns where I live.  Why doesn't he just get a real job?  Why risk going to prison for such a modest amount of income?  

I assume that selling the CC information is a lot more lucrative than mining, and the mining is just a side project of his.

Either that, or his is doing this for reasons other than money. Prestige? Power?

He seems to think he is invincible, but even Tor is not 100% safe, and all it takes is a second of carelessness and your anonymity is blown, and your life is ruined.

It's extra money, everyone loves extra money. Also, he considers it a 'challenge', and I agree that it is one.
It's called anonymity and being careful. Your life is only ruined if you dox yourself and reveal everything to FBI lul

It might even help the PCs living longer having their fans run nonstop so there is less dust buildup! Wink

+1

I'm tell you guys, this stuff is going to be the end of bitcoin.
I think you have it backward…this stuff is going to be the end of the traditional banking system.  At least with Bitcoin you have a fighting chance of securing your assets.  With the traditional banking system, the theft just gets subsidized and no one cares or will care until entire companies (or nations that bail them out) start to collapse.  Unfortunately, by that time, it will be too late for that system.  I find it interesting that these criminals are using a superior (and ultimately less vulnerable) system like bitcoin to exploit an antiquated system that is rife with insecurities.

I have to agree with that.

I kinda want my own bitcoin botnet nowEmbarrassed

Send me a PM bro, I can work something out for you

Something important for Windows users...Notice in the pics, W7, VS, XP. Every machine listed in the pics are Windows boxes. He also said he binds programs uploaded to usenet.
Quote from: throwaway236236
At the beginning it happened, my crypter got flagged and I had to rearrange the code to re"FUD" it. Now everything is automated, every victim gets a regular update, just for him. And because the polymorphism happens on my side, AV vendors can't get a detection for all modifications, it's game over for them.

I wonder if he has compromised any linux boxes?

Zeus is not compatible with Linux, and most malware isn't either, because Windows is fail and idiots use Windows (double fail)

Gabi
Legendary
*
Offline Offline

Activity: 1050


View Profile
May 14, 2012, 01:49:54 PM
 #39

Quote from: Gabi
Please avoid this Windows bullshit. Those are Windows boxes because noobs use Windows and not Linux. And, since they are noobs, they keep their computer NOT secure, unprotected and vulnerable to everything
The problem is the user, NOT the operative system.


A skilled person is safe with Windows or with Linux

A Windows Security Experts advice to Noobs:

Noob:
What can I do to improve my Windows security?

WSE:
Install Windows ($150) latest updates ASAP.
Make sure you are running a good up to date Anti-Virus. ($59.99)
Make sure you have a good Firewall turned on. ($39.99)
Don't click on or install dumb shit. (Priceless)

A Linux Security Experts advice to Noobs:

Noob:
What can I do to improve my Linux security?

LSE:
Install your Linux (Priceless) distro's latest updates and fixes.
Don't click on or install dumb shit. (Priceless)

The cost of being secure on W?ndows? $250
The cost of being secure on Linux? Priceless Cheesy  Cool
Please, i use Windows 7 with Avast antivirus (wich is free) and nothing more and i get no virus

Yes i have to pay for the OS but except that nothing more.

Also a noob will get infected even with an antivirus and a firewall, that's why he is a noob
Dansker
Hero Member
*****
Offline Offline

Activity: 740


Hello world!


View Profile
May 14, 2012, 06:21:43 PM
 #40

He sounds like quite the Prodigy judging from his replies.

I wonder how he is spending his bitcoins?

Also, won't you be able to detect botnets mining in pools due to a change in mining power equal to people turning on and off their infected computers?

Pages: « 1 [2] 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!