Topic: Trojan.NSIS.Miner.a and NO botnet Cheating on DeepBit (Read 4189 times)
If you do happen to find this, there's one of two places the autorun could be located. One is in your start menu. The other is in your Task Scheduler. Very rarely will you find it in your registry, but if you see the miner running and you didn't install it, run a registry search to see if you can find any instance of it or a batch file to run it.
I think I might of had this, however it shows slow mh/s on your computer. What I did was reinstall windows to fix it.
Wonder what flags they set?
If you just threw it to full speed a user would likely find it fast if they were having full cpu constantly.
If you just threw it to full speed a user would likely find it fast if they were having full cpu constantly.
Honesty,
Fuckin NICE!
Deepbit +1
Fuckin NICE!
Deepbit +1
Awesome! Great to learn of additional security measures in place; I don't think this was ever announced. I finally decided to lock my payout address a couple of weeks ago, so I am really surprised that such a trojan/bot was created [not to mention it shows identity]. I don't know if most people have locked their address, but I hope so. At first I didn't like the idea, but now it doesn't matter. I shuttle my coins to another wallet ... another client on one of my mining boxes and once confirmed to my satisfaction, I shut the client down, encrypt the wallet.dat to wallet.dat.asc and put it in safe storage. No decryption keys on ANY of my machines nor accessible to anybody unless they get to one of a few locations ... and past my dogs, security system, and my pistol or shotgun (no joke) in one of the locations ... where I live .
I highly recommend a backup wallet and full public/private key encryption to avoid significant exposure should your machine be compromised [including physically].
.I highly recommend a backup wallet and full public/private key encryption to avoid significant exposure should your machine be compromised [including physically].
Good job!
Hats off to Tycho for blocking botnets automatically! Remember, it's causing a loss of 3% pool fees.
That's not how I read the screenshot. Look at the account's current hash rate, about 4 GH. So he's letting them get work and submit it, he's likely just made it so it isn't accumulating bitcoins for it - meaning instead of a 3% share of their work he's getting a 100% share of it.Then if we don't receive any explanation from user, his workers are blocked and he won't get any work (his miners will stop).
Mining operations on this account were already blocked when I saw this topic.
This red message turned out to be a bit misleading, I'll correct it now.
Hats off to Tycho for blocking botnets automatically! Remember, it's causing a loss of 3% pool fees.
That's not how I read the screenshot. Look at the account's current hash rate, about 4 GH. So he's letting them get work and submit it, he's likely just made it so it isn't accumulating bitcoins for it - meaning instead of a 3% share of their work he's getting a 100% share of it.
How about other pools? They have measure's in place against this?
Hats off to Tycho for blocking botnets automatically! Remember, it's causing a loss of 3% pool fees.
http://www.securelist.com/en/blog/208188132/Gold_rush
Found from http://www.reddit.com/r/Bitcoin/comments/icgo4/trojannsisminera_used_to_secretly_mine_bitcoin_on/
Quote
Today our analysts detected a new threat spreading in the Russian sector of the Internet – Trojan.NSIS.Miner.a. This Trojan has two components – the legitimate bcm.exe file BitCoin Miner (not-a-virus:RiskTool.Win32.BitCoinMiner.a), and a malicious module that installs bcm without the user’s knowledge and adds it to the autorun registry. The infected computer then starts to generate bit-coins for the Trojan’s author.
Of course, the Trojan’s code clearly indicates the server address where the cybercriminal’s account is located.
We decided to see how successful our nameless ‘miner’ was, and ended up getting a bit of a surprise.
Of course, the Trojan’s code clearly indicates the server address where the cybercriminal’s account is located.
We decided to see how successful our nameless ‘miner’ was, and ended up getting a bit of a surprise.
Found from http://www.reddit.com/r/Bitcoin/comments/icgo4/trojannsisminera_used_to_secretly_mine_bitcoin_on/
Jump to: