@PW got this from multipool.us
Mar 22 4:22 PM It appears there is some kind of malware diverting some users' hashpower to 206.223.224.225. This is not a multipool pool server. If you are seeing this, please report it as well as what miner you are using, where you obtained it, and check your computer for malware.
It appears that waffle is not the only multipool under attack!
how would people check for this?
Malware cannot explain what has happened.
I am running linux on each of my rigs. On those rigs running linux, there are several different distributions of linux. Linux is notoriously difficult to infect with malware. On those rigs, some are running sgminer, some cgminer 3.7.2 (original) and some kalroth's or other version of cgminer. One of my rigs is running cudaminer. Other people are running various versions of windows, or even Mac, with various miners.
I cannot imagine any malware that could possibly be written to affect multiple miners in multiple operating systems.
In my case, my security practices are very reliable.
When this happened to me, it happened simultaneously on all my rigs all running various OS's and all running different miners.
The symptoms are not indicative of client side malware. It is indicative of some kind of DNS or networking hijacking.
Though one can easily download maliciously inserted code within 'trusted' linux software, I am generally inclined to agree that the miner-side malware possibility seems unlikely, but cannot as yet be completely ruled out.
But as far as I know there has not been any effort to identify affected client side operating systems versions, miner versions, pool configurations including backups, failover-only settings, etc, to determine if there are any commonalities. And from reading this thread, one cannot even determine how many people might have been affected!
Where is poolwaffle through all of this? I'm one to support weekends off, but this problem is deserving of some attention as he has access to considerably more information than we do.
