Pages:
Author

Topic: BitCoin mining virus (Read 20561 times)

sr. member
Activity: 435
Merit: 250
February 04, 2014, 12:50:53 PM
#23
Bitcoin mining virus isnt anything new. They have been around since 2012. And they have been in the news many times ::

http://www.theguardian.com/technology/2014/jan/08/yahoo-malware-turned-europeans-computers-into-bitcoin-slaves

I would suggest, not downloading stuff from unknown and untrusted sources. Scanning your computer with Kaspersky, Malwarebytes and Anti-Spyware.
member
Activity: 70
Merit: 10
February 03, 2014, 12:48:27 PM
#22
FUD indeed passes malware scans but FUDs change all the time, so its impossible for 1 virus to stay in your system for longer time.
as soon as file gets 2-03 tiems to virustotal the FUD is crushed.

so this is not as simple to spread as people think but of course loads of machines are infected.

That's why the RAT client has the option "update server". If you recrypt every two days or so, and with 3 mouseclicks update all your bots, no need to worry about it...
hero member
Activity: 672
Merit: 500
http://fuk.io - check it out!
February 03, 2014, 12:31:27 PM
#21
FUD indeed passes malware scans but FUDs change all the time, so its impossible for 1 virus to stay in your system for longer time.
as soon as file gets 2-03 tiems to virustotal the FUD is crushed.

so this is not as simple to spread as people think but of course loads of machines are infected.
legendary
Activity: 2142
Merit: 1010
Newbie
February 03, 2014, 12:31:07 PM
#20
I heard a Bitcoin mining virus is on round, that once installed in your machine, doing no harm, except taking your CPU power to mine for others. - True ?

Not 100% true. It attacks brain of people and makes them to mine proof-of-work currencies. It's easily detectable though, just ask opinion of these people about any proof-of-stake coin. Asking about Nxt, which is 100% PoS, gives the best level of detection.
member
Activity: 112
Merit: 10
February 03, 2014, 12:27:39 PM
#19
Is there any way to detect this virus? One of the computers at my job suddenly has the CPU light on all day and is very slow. It's probably something else, but if there's a common way to check for this virus I'd like to know.
Check the task manager for high CPU usage. If its poorly made it'll be there.
Also check the startup folder and the run registry keys, make sure nothing suspicious is there.
Scan with malwarebytes, should pick anything you can't catch up Smiley

Hardly needs to be poorly made - it's not easy to fake the CPU usage, unless you install a rootkit. And even then the sound of your fans blazing is pretty much a dead giveaway.

https://www.google.be/search?q=silent+miner&ie=utf-8&oe=utf-8&rls=org.mozilla:nl:official&client=firefox-a&gws_rd=cr&ei=zcnvUrDkDenV4wTXq4GYAg#q=FUD+silent+miner&rls=org.mozilla:nl:official

There you go. Undetectable silent miners.

Blazing fans? In your dreams. A silent miner takes about 30% of your CPU usage.
Then again, with ten thousands silent miners within a simple botnet, no need for maximum CPU usage Smiley

Can't see any that would be "undetectable" in that it wouldn't show up in Task Manager. You'd still need a rootkit for that - doable, but probably above the level of most script kiddies.

Of course you can throttle the usage down, but then you'd need 3 times more PCs to accomplish the same task (and in case of mining Bitcoin with CPUs scenario, that'd make your venture even more worthless).

And it's probably still detectable via a benchmark.
member
Activity: 70
Merit: 10
February 03, 2014, 11:56:03 AM
#18
Is there any way to detect this virus? One of the computers at my job suddenly has the CPU light on all day and is very slow. It's probably something else, but if there's a common way to check for this virus I'd like to know.
Check the task manager for high CPU usage. If its poorly made it'll be there.
Also check the startup folder and the run registry keys, make sure nothing suspicious is there.
Scan with malwarebytes, should pick anything you can't catch up Smiley

Hardly needs to be poorly made - it's not easy to fake the CPU usage, unless you install a rootkit. And even then the sound of your fans blazing is pretty much a dead giveaway.

https://www.google.be/search?q=silent+miner&ie=utf-8&oe=utf-8&rls=org.mozilla:nl:official&client=firefox-a&gws_rd=cr&ei=zcnvUrDkDenV4wTXq4GYAg#q=FUD+silent+miner&rls=org.mozilla:nl:official

There you go. Undetectable silent miners.

Blazing fans? In your dreams. A silent miner takes about 30% of your CPU usage.
Then again, with ten thousands silent miners within a simple botnet, no need for maximum CPU usage Smiley
member
Activity: 112
Merit: 10
February 03, 2014, 11:46:44 AM
#17
Is there any way to detect this virus? One of the computers at my job suddenly has the CPU light on all day and is very slow. It's probably something else, but if there's a common way to check for this virus I'd like to know.
Check the task manager for high CPU usage. If its poorly made it'll be there.
Also check the startup folder and the run registry keys, make sure nothing suspicious is there.
Scan with malwarebytes, should pick anything you can't catch up Smiley

Hardly needs to be poorly made - it's not easy to fake the CPU usage, unless you install a rootkit. And even then the sound of your fans blazing is pretty much a dead giveaway.
member
Activity: 70
Merit: 10
February 03, 2014, 11:40:24 AM
#16
Malware Bytes picks up every Bitcoin Miner I download, even though they are legitimate. I'm sure that it will pick up silent miners as well. Granted that they could have what was mentioned above, but AVs can pick stuff up and add it to the databases pretty fast.

Yes, because it is well known.

FUD crypters are using unique stubs, there are no two equal. Therefore, they are FUD.
You dont have to believe me, just google FUD crypters and virus. You'll see.

It's this kind of thinking that gets people hacked in the first place.

It's as foolish as thinking you need no AV on a Mac or Linux.
legendary
Activity: 2352
Merit: 1268
In Memory of Zepher
February 03, 2014, 11:23:19 AM
#15
Malware Bytes picks up every Bitcoin Miner I download, even though they are legitimate. I'm sure that it will pick up silent miners as well. Granted that they could have what was mentioned above, but AVs can pick stuff up and add it to the databases pretty fast.
member
Activity: 70
Merit: 10
February 03, 2014, 10:42:16 AM
#14
Well i created a special tool to scan your network to see if your miners are being exploited remotely or not. This was build as proof of concept tool to show a huge miner exploit.

Because of some script kiddies reverse engineering and decompiling the tool, and posting it on topic with a fake antivirus link, linking to a Java drive by exploit, i locked the topic and asked a admin to remove it.

You can still search the topic in the 'mining' section, called "KnC Miner : Security hacked - UPDATE with TOOL"

On topic:

The main problem is these viruses are NOT detected by your AV because they are crypted to be, what's called, FUD (Fully Undetectable).

They pay big bucs for those crypters to keep them always FUD. Never ever will an AV or malwarebytes pick up a virus that has been 100% FUD crypted.

It takes you only to click a stupid link, like the one user ici_lemmy posted in my topic, to get infected. You can only know if you are infected or not by scanning if your miners are being remotely viewed, or, an instance of cgminer/bfgminer is running silent full hidden on your system.

Never be fooled by thinking "I have a good AV scanner, i'm safe", because you are NOT and never will be.

There are thousands of computers hooked up in botnets to mine without the users knowing it.
newbie
Activity: 1
Merit: 0
February 03, 2014, 08:15:19 AM
#13
Get information about antivirus (100% free) to address the problems of viruses. The last few months I'm testing some software Bitcoin miners, turned out to contain computer viruses that make us so slow. Luckily I was able to use antivirus mendeksi various viruses. I use antivirus memoirs updated every 15 days.
Source of Information "Powerful Antivirus Plus 2014 Able to Fix OS" = http://www.repindose.com/2014/01/antivirus-ampuh-2014.html.
hero member
Activity: 616
Merit: 500
December 24, 2013, 04:46:06 PM
#12
Try to use Adaware, usually block most of the crap you get.
full member
Activity: 223
Merit: 100
December 22, 2013, 09:08:35 PM
#11
Is there any way to detect this virus? One of the computers at my job suddenly has the CPU light on all day and is very slow. It's probably something else, but if there's a common way to check for this virus I'd like to know.
Check the task manager for high CPU usage. If its poorly made it'll be there.
Also check the startup folder and the run registry keys, make sure nothing suspicious is there.
Scan with malwarebytes, should pick anything you can't catch up Smiley
global moderator
Activity: 3794
Merit: 2612
In a world of peaches, don't ask for apple sauce
December 22, 2013, 09:34:57 AM
#10
Is there any way to detect this virus? One of the computers at my job suddenly has the CPU light on all day and is very slow. It's probably something else, but if there's a common way to check for this virus I'd like to know.
Well, a scan with an antivirus won't do any harm.

I think as it is not doing any direct harm, it is probably not updated in all virus definition for anti-virus companies. Hence it is not even detected always through anti-virus scam. Someone told me that he detected it by checking current running processes on his CPU.
Some software might pick it up.
full member
Activity: 182
Merit: 100
December 22, 2013, 09:11:22 AM
#9
Try a scan using ESET online scanner

http://www.eset.com/int/home//products/online-scanner/
legendary
Activity: 980
Merit: 1000
December 22, 2013, 08:45:13 AM
#8
I found a process running on my kids computer that was called CPUMiner. AVG didn't pick up on it but MalwareBytes did.
sr. member
Activity: 302
Merit: 250
December 22, 2013, 08:12:44 AM
#7
You may find it in your process manager.  Look for any process that is using up the bulk of your processing power.  Sometimes they're named to look like a legitimate system process.

They are not always detected by anti-malware.  They can also be persistent, meaning even if you kill the program, it will just come back.

Typically, silent miners are installed on systems by botnet operators only after infecting your system with a herding application.  So if you find that your system has in fact been mining coins without your knowledge, there is a high probability that your system has already been totally compromised.  If so, you'll also probably find any wallets on your system to already be emptied as well.
legendary
Activity: 2394
Merit: 1216
The revolution will be digital
December 22, 2013, 07:58:47 AM
#6
Is there any way to detect this virus? One of the computers at my job suddenly has the CPU light on all day and is very slow. It's probably something else, but if there's a common way to check for this virus I'd like to know.
Well, a scan with an antivirus won't do any harm.

I think as it is not doing any direct harm, it is probably not updated in all virus definition for anti-virus companies. Hence it is not even detected always through anti-virus scam. Someone told me that he detected it by checking current running processes on his CPU.
full member
Activity: 173
Merit: 100
December 22, 2013, 07:05:26 AM
#5
yes it is, use the malwarebytes, some virus can rob your bitcoins too  Shocked
global moderator
Activity: 3794
Merit: 2612
In a world of peaches, don't ask for apple sauce
December 22, 2013, 05:32:09 AM
#4
Is there any way to detect this virus? One of the computers at my job suddenly has the CPU light on all day and is very slow. It's probably something else, but if there's a common way to check for this virus I'd like to know.
Well, a scan with an antivirus won't do any harm.
Pages:
Jump to: