Author

Topic: SCAM: CoinMiner at bitcoin-miner-pro.com steals wallet (Read 10631 times)

-ck
legendary
Activity: 4088
Merit: 1631
Ruu \o/
One by one every mining software is being tagged as a virus by the stupid virus software makers because the mining software is being packaged with a trojan set of parameters. Obviously that's not the mining software's fault, so the virus software makers can go and get fffff
full member
Activity: 168
Merit: 100
Live long and prosper. \\//,
Windows Defender flagged my GUIminer.exe as a trojan this morning. It was the 20110614 version. It showed it as trojan/coinminer. I downloaded it via the guiminer thread. Just Defender getting it wrong due to this CoinMiner in this thread?

I think this ain't the right topic, but: The GUIminer are legit (if you downloaded it from this forum), maybe one of the included command line miner program got flagged as false positive. That happened with version 20110701 and the included ufasoft miner, and thats why version 20110824 does not include it right out of the box.
STP
jr. member
Activity: 47
Merit: 12
Windows Defender flagged my GUIminer.exe as a trojan this morning. It was the 20110614 version. It showed it as trojan/coinminer. I downloaded it via the guiminer thread. Just Defender getting it wrong due to this CoinMiner in this thread?
hero member
Activity: 924
Merit: 501
newbie
Activity: 14
Merit: 0
Are you sure maybe they are being hacked... ZOMFG GOXEDE!
full member
Activity: 154
Merit: 100
hero member
Activity: 518
Merit: 500
@TheSeven

if a hosting provider does not agree to stick to such things as SPAM "because they are offshore and dont give a crap about foreign laws and policies", you can and should always make clear that you will warn others to stay away from them because they condone spam. If they are a serious business they will know what happens to hosters that allow spamming: People will stay off them because they could have a spammer on their node having negative effects on their own website rating.

You could also try to go a level up - I had this some time with a US company that simply ignored the spam issue - They were hosted with BurstNet(who are pretty strict and fast when it comes to the do nots) as resellers. So I contacted burst and it took about a day until the whole hosting company went offline.

Also I'd consider asking a lawyer(there are lawyers that accept bitcoin) for a new free software license that allows modification but forbids malicious modification. Unfortunately you cannot alter the GPL or most other licenses to adept to your likes, because the weird thing about those licenses is that they are usually under pretty restrictive licenses themselves(i.e. if you alter the GPL you break copyright law).

You could also dual license your work with the LGPL and charge for commercial modifications(like QT did use to). That way you could also DMCA those scammers.

EDIT: If you go for that latter thing, and the hoster does not react to DCMA(or national equivalent law) you can usually hold them responsible, and that should be pointed out(after some quick research on their national laws) in the first contact with them
full member
Activity: 126
Merit: 100
Yes it was in Roaming/bitcoin

how can I change it?
legendary
Activity: 910
Merit: 1000
PHS 50% PoS - Stop mining start minting
I installed this fu**** sofware 2 days ago and obviously I lost my 0.25 BTC (I just start mining so I don't have a lot of BTC). I scanned it with AVIRA Antivir and no virus were found...

I uninstalled it and deleted the install folder but is it enough?

How does it works?
Does it send the wallet to someone or does is use the bitcoin software of the PC so send directly the BTC to an adress?


Weird Avira caught the miner bot within a day or two.

Not sure but did you keep your wallet in the default location?

I won't go into wallet security here but anyone new to bitcoin should look around posts on here to see basic security measures to take.

hero member
Activity: 504
Merit: 500
FPGA Mining LLC
I just filed an abuse report to the abuse contact of solid.nsjet.com (where the emails were coming from, which is the same IP address that is hosting the site), after they basically acknowledged that they are violating CAN-SPAM, claiming that it doesn't apply to them because they are on the Bahamas, and explicitly refusing to exclude me from further mailings.
Seems like the abuse department did their job well: the vhost seems to be gone Smiley
full member
Activity: 126
Merit: 100
I installed this fu**** sofware 2 days ago and obviously I lost my 0.25 BTC (I just start mining so I don't have a lot of BTC). I scanned it with AVIRA Antivir and no virus were found...

I uninstalled it and deleted the install folder but is it enough?

How does it works?
Does it send the wallet to someone or does is use the bitcoin software of the PC so send directly the BTC to an adress?
hero member
Activity: 504
Merit: 500
FPGA Mining LLC
I just filed an abuse report to the abuse contact of solid.nsjet.com (where the emails were coming from, which is the same IP address that is hosting the site), after they basically acknowledged that they are violating CAN-SPAM, claiming that it doesn't apply to them because they are on the Bahamas, and explicitly refusing to exclude me from further mailings.
hero member
Activity: 518
Merit: 500
Site's down now.

Sometimes when visiting it I get an error, other times it goes through. Looks like the server reliability is not great. I'm still able to access the site now.

well, I hope you consider changing the license of GUIminer to something that makes it stay free software, but prohibits malicious redistribution of that code.
At least you could then file a lawsuit against them, for copyright issues.

The license is GNU GPL and I believe they are already in violation of it (though I'm no lawyer), at least by not distributing the source code to their modified version.

Also, be sure to get a whois output for their domain and report their doings to the registrar. then do a whois on the ip-address where the site is hosted and write some mail to their hoster.(if domain registrar and hoster are not the same company). These usually react fast to complaints. They react even faster to DMCA complaints(in case you really change your license)

I tried a whois and apparently they're with ezinom.com. I guess that's who I can write mail to?

yep, ezinom.com should be responsible. If they do not react, you can also contact Californian Authorities for (helping) violating the US-CAN-SPAM act(ezinom is, according to their whois record listed as a company in CA). US-Authorities can then seize the domain name.
hero member
Activity: 504
Merit: 500
FPGA Mining LLC
Got a couple SPAM emails from then as well :/
The address was apparently harvested from the Mt. Gox database leak.
sr. member
Activity: 686
Merit: 259
403 Forbidden error..

It seems they already went down.. or away..
Kiv
full member
Activity: 162
Merit: 100
Site's down now.

Sometimes when visiting it I get an error, other times it goes through. Looks like the server reliability is not great. I'm still able to access the site now.

well, I hope you consider changing the license of GUIminer to something that makes it stay free software, but prohibits malicious redistribution of that code.
At least you could then file a lawsuit against them, for copyright issues.

The license is GNU GPL and I believe they are already in violation of it (though I'm no lawyer), at least by not distributing the source code to their modified version.

Also, be sure to get a whois output for their domain and report their doings to the registrar. then do a whois on the ip-address where the site is hosted and write some mail to their hoster.(if domain registrar and hoster are not the same company). These usually react fast to complaints. They react even faster to DMCA complaints(in case you really change your license)

I tried a whois and apparently they're with ezinom.com. I guess that's who I can write mail to?
hero member
Activity: 518
Merit: 500
well, I hope you consider changing the license of GUIminer to something that makes it stay free software, but prohibits malicious redistribution of that code.
At least you could then file a lawsuit against them, for copyright issues. Also, be sure to get a whois output for their domain and report their doings to the registrar. then do a whois on the ip-address where the site is hosted and write some mail to their hoster.(if domain registrar and hoster are not the same company). These usually react fast to complaints. They react even faster to DMCA complaints(in case you really change your license)
hero member
Activity: 588
Merit: 500
Site's down now.
Kiv
full member
Activity: 162
Merit: 100
It's come to my attention that a miner called CoinMiner is being distributed at bitcoin-miner-pro.com.

This is nothing more than my own GUIMiner with a wallet stealing trojan attached. DO NOT DOWNLOAD this miner unless you want to lose all your coins and maybe worse. It will not increase your mining speed or do anything else magical except send your wallet to some scammers.

I'm very upset that my free software is being used in this way and have contacted the site owners, but I don't expect that they will be very cooperative. I just wanted to warn people not to use it, and if anyone wants to DDOS their site that would be cool. (Joking)
Jump to: