Pages:
Author

Topic: Confession's of a Bitcoin Botnet coder... - page 3. (Read 20237 times)

rjk
sr. member
Activity: 448
Merit: 250
1ngldh
If someone wants to be completely genuine about anti-virus software, why not ask for a government grant to kickstart a FOSS AV program that users are able to download and compile themselves? Then you can absolutely guarantee that your friendly anti-virus isn't burning up the idle time on your GPU.

http://www.clamav.net/lang/en/download/sources/ <-- not commenting on how good it is, but it's open source.
I use that for all my mail servers. It's lightweight and fast.
legendary
Activity: 2618
Merit: 1007
If you get a Linux machine, it's likely a server. Probably quite often these are then used for FTP dumps and similar instead of being searched for credit card/Paypal/... information.
legendary
Activity: 1806
Merit: 1003
Actually the botnet operator herself said windows is just as secure as macos or linux, it is just that botnets don't target linux because its tiny market share and the users are often knowledgeable about computers.

Quote from: Gabi
Please avoid this Windows bullshit. Those are Windows boxes because noobs use Windows and not Linux. And, since they are noobs, they keep their computer NOT secure, unprotected and vulnerable to everything
The problem is the user, NOT the operative system.


A skilled person is safe with Windows or with Linux

A Windows Security Experts advice to Noobs:

Noob:
What can I do to improve my Windows security?

WSE:
Install Windows ($150) latest updates ASAP.
Make sure you are running a good up to date Anti-Virus. ($59.99)
Make sure you have a good Firewall turned on. ($39.99)
Don't click on or install dumb shit. (Priceless)

A Linux Security Experts advice to Noobs:

Noob:
What can I do to improve my Linux security?

LSE:
Install your Linux (Priceless) distro's latest updates and fixes.
Don't click on or install dumb shit. (Priceless)

The cost of being secure on W?ndows? $250
The cost of being secure on Linux? Priceless Cheesy  Cool
legendary
Activity: 1358
Merit: 1002
If someone wants to be completely genuine about anti-virus software, why not ask for a government grant to kickstart a FOSS AV program that users are able to download and compile themselves? Then you can absolutely guarantee that your friendly anti-virus isn't burning up the idle time on your GPU.

http://www.clamav.net/lang/en/download/sources/ <-- not commenting on how good it is, but it's open source.
hero member
Activity: 775
Merit: 1000
can we tip the anti virus companies with advise on how to catch these background bitcoin mining processes so it's more difficult for botnets to operate as miners?

No no no... AV companies are like "reformed criminals" -- you never really know if they're 100% trustworthy.

1) They're self-proclaimed experts on viruses and other malware,
2) They like to install software on your computer which just happens to be a massive resource hog,
3) Their business model relies on a never-ending supply of viruses and customer fear.

If someone wants to be completely genuine about anti-virus software, why not ask for a government grant to kickstart a FOSS AV program that users are able to download and compile themselves? Then you can absolutely guarantee that your friendly anti-virus isn't burning up the idle time on your GPU.
legendary
Activity: 2618
Merit: 1007
As long there is Gigamining and Bitbond don't worry.
They collected now in only 3 weeks more than 30000 BTC to run their miners.

Volume does not mean income... I could sell a single share at 1 BTC and then it gets traded a million times --> volume is 1m BTC, but I still only got this single coin.

About the thread itself - just with the info he posted, as I said, it's not impossible to track his coins down at all for anyone. German speaker, miner at BTCguild (and no, I would NOT ban mining botnets by the way!) with a total of 10+ GH/s (possibly spread on several accounts), most likely has a higher-than-average stale rate, as he'd need to tunnel his getworks through his own proxy + TOR... do I need to go on?

What I find a bit disturbing is that even though he acts like a "total pro", in the end 1-2 years of reading coding tutorials online don't magically transform you in the god of programming. Likely he introduced a few security holes in his botnet software too.
legendary
Activity: 938
Merit: 1001
bitcoin - the aerogel of money
13-20 Ghash/s means his mining botnet earns him approx. $1.100-1.700 per month.

Now, I don't want to condone his actions, but putting myself in his skin, that seems hardly worth it to me. That's less than a cleaning lady earns where I live.  Why doesn't he just get a real job?  Why risk going to prison for such a modest amount of income?  

I assume that selling the CC information is a lot more lucrative than mining, and the mining is just a side project of his.

Either that, or his is doing this for reasons other than money. Prestige? Power?

He seems to think he is invincible, but even Tor is not 100% safe, and all it takes is a second of carelessness and your anonymity is blown, and your life is ruined.
legendary
Activity: 1708
Merit: 1010
Something important for Windows users...Notice in the pics, W7, VS, XP. Every machine listed in the pics are Windows boxes. He also said he binds programs uploaded to usenet.
Quote from: throwaway236236
At the beginning it happened, my crypter got flagged and I had to rearrange the code to re"FUD" it. Now everything is automated, every victim gets a regular update, just for him. And because the polymorphism happens on my side, AV vendors can't get a detection for all modifications, it's game over for them.

I wonder if he has compromised any linux boxes?
Please avoid this Windows bullshit. Those are Windows boxes because noobs use Windows and not Linux. And, since they are noobs, they keep their computer NOT secure, unprotected and vulnerable to everything
The problem is the user, NOT the operative system.


A skilled person is safe with Windows or with Linux

Skilled people don't use Windows exclusively, so it's a moot point.  Skilled people who use mutiple OS's know that GNU/Linux (and many other *nix class operating systems) is inherently more secure than Windows, even though Windows has improved significantly over the past decade.  Therefore, if some random person asks me what to do to improve their bitcoin security on windows, my default answer is still to use something else.
hero member
Activity: 518
Merit: 500
Quote from: Gabi
Please avoid this Windows bullshit. Those are Windows boxes because noobs use Windows and not Linux. And, since they are noobs, they keep their computer NOT secure, unprotected and vulnerable to everything
The problem is the user, NOT the operative system.


A skilled person is safe with Windows or with Linux

A Windows Security Experts advice to Noobs:

Noob:
What can I do to improve my Windows security?

WSE:
Install Windows ($150) latest updates ASAP.
Make sure you are running a good up to date Anti-Virus. ($59.99)
Make sure you have a good Firewall turned on. ($39.99)
Don't click on or install dumb shit. (Priceless)

A Linux Security Experts advice to Noobs:

Noob:
What can I do to improve my Linux security?

LSE:
Install your Linux (Priceless) distro's latest updates and fixes.
Don't click on or install dumb shit. (Priceless)

The cost of being secure on W?ndows? $250
The cost of being secure on Linux? Priceless Cheesy  Cool

For Windblow you have to pay the stupid tax Cheesy
full member
Activity: 196
Merit: 100
Web Dev, Db Admin, Computer Technician
Quote from: Gabi
Please avoid this Windows bullshit. Those are Windows boxes because noobs use Windows and not Linux. And, since they are noobs, they keep their computer NOT secure, unprotected and vulnerable to everything
The problem is the user, NOT the operative system.


A skilled person is safe with Windows or with Linux

A Windows Security Experts advice to Noobs:

Noob:
What can I do to improve my Windows security?

WSE:
Install Windows ($150) latest updates ASAP.
Make sure you are running a good up to date Anti-Virus. ($59.99)
Make sure you have a good Firewall turned on. ($39.99)
Don't click on or install dumb shit. (Priceless)

A Linux Security Experts advice to Noobs:

Noob:
What can I do to improve my Linux security?

LSE:
Install your Linux (Priceless) distro's latest updates and fixes.
Don't click on or install dumb shit. (Priceless)

The cost of being secure on W?ndows? $250
The cost of being secure on Linux? Priceless Cheesy  Cool
legendary
Activity: 1512
Merit: 1049
Death to enemies!
A skilled person is safe with Windows or with Linux

Depends on the exploit. Yes, noobs click email attachments, download "codecs" from porn sites, etc. But it doesn't matter how good you are if somebody exploits a 0 day in chrome you are fucked. This is why Google pays people to disclose them.
Even for Windows 0-day exploits are becoming less damaging. Software does not run with administrative permissions. No system-wide damage, no rootkit installation possible. Some of vulnerabilities require special circumstances or already existing account on target computer.

The "codecs" are different kind of problem or "blessing" depending from context. When computers were expensive, only people who tried to master them used computers. Now everyone can afford a computer and they use it as entertainment device and don't want and can't use computers properly because of lack if IQ.
donator
Activity: 2058
Merit: 1007
Poor impulse control.
I'm tell you guys, this stuff is going to be the end of bitcoin.

Just as viruses were the end of the internet!

I don't know.  How many internets were stolen or freely mined and sold at whatever price the perpetrator could fetch at the time?

This many:

legendary
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
Something important for Windows users...Notice in the pics, W7, VS, XP. Every machine listed in the pics are Windows boxes. He also said he binds programs uploaded to usenet.
Quote from: throwaway236236
At the beginning it happened, my crypter got flagged and I had to rearrange the code to re"FUD" it. Now everything is automated, every victim gets a regular update, just for him. And because the polymorphism happens on my side, AV vendors can't get a detection for all modifications, it's game over for them.

I wonder if he has compromised any linux boxes?
Please avoid this Windows bullshit. Those are Windows boxes because noobs use Windows and not Linux. And, since they are noobs, they keep their computer NOT secure, unprotected and vulnerable to everything
The problem is the user, NOT the operative system.


A skilled person is safe with Windows or with Linux
full member
Activity: 265
Merit: 100
As long there is Gigamining and Bitbond don't worry.
They collected now in only 3 weeks more than 30000 BTC to run their miners.
legendary
Activity: 1512
Merit: 1049
Death to enemies!
Quote
I find it interesting that these criminals are using a superior (and ultimately less vulnerable) system like bitcoin to exploit an antiquated system that is rife with insecurities.
It is so true!
legendary
Activity: 2198
Merit: 1311
I'm tell you guys, this stuff is going to be the end of bitcoin.

Just as viruses were the end of the internet!

I don't know.  How many internets were stolen or freely mined and sold at whatever price the perpetrator could fetch at the time?
full member
Activity: 196
Merit: 100
Web Dev, Db Admin, Computer Technician
Something important for Windows users...Notice in the pics, W7, VS, XP. Every machine listed in the pics are Windows boxes. He also said he binds programs uploaded to usenet.
Quote from: throwaway236236
At the beginning it happened, my crypter got flagged and I had to rearrange the code to re"FUD" it. Now everything is automated, every victim gets a regular update, just for him. And because the polymorphism happens on my side, AV vendors can't get a detection for all modifications, it's game over for them.

I wonder if he has compromised any linux boxes?
member
Activity: 79
Merit: 10
can we tip the anti virus companies with advise on how to catch these background bitcoin mining processes so it's more difficult for botnets to operate as miners?
legendary
Activity: 1008
Merit: 1023
Democracy is the original 51% attack
I'm tell you guys, this stuff is going to be the end of bitcoin.

Just as viruses were the end of the internet!
hero member
Activity: 868
Merit: 1008
I'm tell you guys, this stuff is going to be the end of bitcoin.
I think you have it backward…this stuff is going to be the end of the traditional banking system.  At least with Bitcoin you have a fighting chance of securing your assets.  With the traditional banking system, the theft just gets subsidized and no one cares or will care until entire companies (or nations that bail them out) start to collapse.  Unfortunately, by that time, it will be too late for that system.  I find it interesting that these criminals are using a superior (and ultimately less vulnerable) system like bitcoin to exploit an antiquated system that is rife with insecurities.
Pages:
Jump to: