Cheers Bushstar. I'll check out those tools. It's hard to find good ones with a light footprint that also provide you with an amount of control as to what is flagged for removal.
Seems that the attacker either brute forced or had my password.
Lesson learned.
Topic: My account on pool hacked - remember to use strong unique passwords! (Read 1494 times)
April 27, 2013, 07:19:20 AM
April 27, 2013, 07:05:49 AM
Realized afterwards it was only 8 LTC that was redirected. I actually received the previous payout.
Really not too concerned about the limited loss of LTC, but would be nice to know how it was compromised so that I can ensure it won't happen again. I can't find any holes in my system.
Just goes to show the importance of keeping tabs on your accounts, and using strong passwords.
Address that funds got redirected to is Lg6ex4ufeN8Vqoh6jLa73Mn6FooPqxjEMi
Really not too concerned about the limited loss of LTC, but would be nice to know how it was compromised so that I can ensure it won't happen again. I can't find any holes in my system.
Just goes to show the importance of keeping tabs on your accounts, and using strong passwords.
Address that funds got redirected to is Lg6ex4ufeN8Vqoh6jLa73Mn6FooPqxjEMi
Not sure what tools you are using but the following is what I use to disinfect most computers that come into the office.
ComboFix, TDSS Killer, Malwarebytes Antimalware and ADWCleaner
However think about where else you have signed up with the same credentials as Coinotron, it could be that one of those sites is malicious.
April 27, 2013, 06:55:39 AM
Realized afterwards it was only 8 LTC that was redirected. I actually received the previous payout.
Really not too concerned about the limited loss of LTC, but would be nice to know how it was compromised so that I can ensure it won't happen again. I can't find any holes in my system.
Just goes to show the importance of keeping tabs on your accounts, and using strong passwords.
Address that funds got redirected to is Lg6ex4ufeN8Vqoh6jLa73Mn6FooPqxjEMi
Really not too concerned about the limited loss of LTC, but would be nice to know how it was compromised so that I can ensure it won't happen again. I can't find any holes in my system.
Just goes to show the importance of keeping tabs on your accounts, and using strong passwords.
Address that funds got redirected to is Lg6ex4ufeN8Vqoh6jLa73Mn6FooPqxjEMi
It seems that attacker had your password or simply was really lucky. It took him only 2 attemps to log in as you.
April 27, 2013, 06:22:18 AM
Realized afterwards it was only 8 LTC that was redirected. I actually received the previous payout.
Really not too concerned about the limited loss of LTC, but would be nice to know how it was compromised so that I can ensure it won't happen again. I can't find any holes in my system.
Just goes to show the importance of keeping tabs on your accounts, and using strong passwords.
Address that funds got redirected to is Lg6ex4ufeN8Vqoh6jLa73Mn6FooPqxjEMi
Really not too concerned about the limited loss of LTC, but would be nice to know how it was compromised so that I can ensure it won't happen again. I can't find any holes in my system.
Just goes to show the importance of keeping tabs on your accounts, and using strong passwords.
Address that funds got redirected to is Lg6ex4ufeN8Vqoh6jLa73Mn6FooPqxjEMi
April 27, 2013, 04:48:32 AM
Looks like it's just me then which is good. I'm assuming then that my system was compromised somehow. I've run several scans and nothing has been found though. Wish I knew, but I'll probably be doing a full reformat now if I end up finding nothing.
I did have Java installed so it could have just been an attack using Armitage or CobaltStrike. Thankfully wallets are all offline.
I did have Java installed so it could have just been an attack using Armitage or CobaltStrike. Thankfully wallets are all offline.
Coinotron db is safe, not compromised. There are no suspicious payouts. So it seeems that it is related only to your account.
Lately there was quite a few attacks on LTC pools, BTC pools. Maybe you used same password in two places?
PM me your username. I checked out user Kryptox, and it doesn't look like it is yours.
April 27, 2013, 04:04:43 AM
Looks like it's just me then which is good. I'm assuming then that my system was compromised somehow. I've run several scans and nothing has been found though. Wish I knew, but I'll probably be doing a full reformat now if I end up finding nothing.
Same thing happened to me about a month ago on Coinotron. I contacted Coinotron and they found a login from an IP from a different continent I'm in. Make sure you use different passwords (even different user names) on the different sites.
April 27, 2013, 01:37:57 AM
Looks like it's just me then which is good. I'm assuming then that my system was compromised somehow. I've run several scans and nothing has been found though. Wish I knew, but I'll probably be doing a full reformat now if I end up finding nothing.
I did have Java installed so it could have just been an attack using Armitage or CobaltStrike. Thankfully wallets are all offline.
I did have Java installed so it could have just been an attack using Armitage or CobaltStrike. Thankfully wallets are all offline.
April 27, 2013, 12:47:28 AM
I checked all my accounts and balances.
I am happy to report -- everything is right where it should be.
I am happy to report -- everything is right where it should be.
April 27, 2013, 12:35:13 AM
You may want to put a ? after your title.
April 27, 2013, 12:21:18 AM
Logged into my account today and found the payout address changed and payout threshold changed to 1. LTC from my account are gone - thankfully they only got about 17 LTC.
I've seen complaints about Coinotron's LTC pool having an unusually high number of rejected shares in the last while. Not sure if it's related, but I was also getting close to 10% on some of my rigs. (one was 30%). Either way, I've switched pools now and am getting less than 1% rejects now.
Anyone else get hacked? My account credentials couldn't be guessed. Either I have a keylogger on my system or Coinotron's database got hacked.
I've seen complaints about Coinotron's LTC pool having an unusually high number of rejected shares in the last while. Not sure if it's related, but I was also getting close to 10% on some of my rigs. (one was 30%). Either way, I've switched pools now and am getting less than 1% rejects now.
Anyone else get hacked? My account credentials couldn't be guessed. Either I have a keylogger on my system or Coinotron's database got hacked.
Can you post the address that the 17 LTC were sent to?
April 26, 2013, 11:46:52 PM
Logged into my account today and found the payout address changed and payout threshold changed to 1. LTC from my account are gone - thankfully they only got about 17 LTC.
I've seen complaints about Coinotron's LTC pool having an unusually high number of rejected shares in the last while. Not sure if it's related, but I was also getting close to 10% on some of my rigs. (one was 30%). Either way, I've switched pools now and am getting less than 1% rejects now.
Anyone else get hacked? My account credentials couldn't be guessed. Either I have a keylogger on my system or Coinotron's database got hacked.
I've seen complaints about Coinotron's LTC pool having an unusually high number of rejected shares in the last while. Not sure if it's related, but I was also getting close to 10% on some of my rigs. (one was 30%). Either way, I've switched pools now and am getting less than 1% rejects now.
Anyone else get hacked? My account credentials couldn't be guessed. Either I have a keylogger on my system or Coinotron's database got hacked.
If it was coinotron, we probably would have already heard about it by now. Some big hashing dudes mine there. I would take immediate steps to secure any coins that you have in wallets on that machine.
April 26, 2013, 11:42:36 PM
Logged into my account today and found the payout address changed and payout threshold changed to 1. LTC from my account are gone - thankfully they only got about 17 LTC.
I've seen complaints about Coinotron's LTC pool having an unusually high number of rejected shares in the last while. Not sure if it's related, but I was also getting close to 10% on some of my rigs. (one was 30%). Either way, I've switched pools now and am getting less than 1% rejects now.
Anyone else get hacked? My account credentials couldn't be guessed. Either I have a keylogger on my system or Coinotron's database got hacked.
I've seen complaints about Coinotron's LTC pool having an unusually high number of rejected shares in the last while. Not sure if it's related, but I was also getting close to 10% on some of my rigs. (one was 30%). Either way, I've switched pools now and am getting less than 1% rejects now.
Anyone else get hacked? My account credentials couldn't be guessed. Either I have a keylogger on my system or Coinotron's database got hacked.
Jump to: