| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Jul 2011 20:48:38 +0100 From: Robin <robin@...ec.net> To: full-disclosure@...ts.grok.org.uk Subject: Hacked servers mining for bitcoins? Had to deal with a server today that had been hacked (still running realVNC 4.0, so there's that lovely bypass exploit released 4 years ago). This server was an exchange/domain controller for a small business. Not much seemed to have been done to it. From the looks of it, all the attacker had done was make themselves a new account (domain user, local admin, username 'sys'), and had then logged into it, downloaded the Ufasoft bitcoin miner from a russian file sharing site, and then run it. The file was called `mmc.exe`, and was saved in the new account's `My Documents`. No other attempts to hide what was being done. Has anyone seen this before? Can you make more money from generating bitcoins on a hacked server than sending spam from it? The value of bitcoin is usually offset by the cost of generating it, but if you're using other people's resources to do it, it suddenly seems much more attractive. This looked like a fairly amateur attempt, so it could be a one-off skiddy, but maybe others will follow... ~Robin _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists