lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 19 Jul 2011 12:20:08 -0700
From: "Zach C." <fxchip@...il.com>
To: Robin <robin@...ec.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Hacked servers mining for bitcoins?

Hmm -- that's interesting. I wonder if it would be possible/feasible to
build a botnet in this fashion that would overtake legitimate bitcoin nodes
in terms of CPU power. (You probably know what would happen then)
On Jul 19, 2011 12:11 PM, "Robin" <robin@...ec.net> wrote:
> Had to deal with a server today that had been hacked (still running
> realVNC 4.0, so there's that lovely bypass exploit released 4 years
> ago). This server was an exchange/domain controller for a small business.
>
> Not much seemed to have been done to it. From the looks of it, all the
> attacker had done was make themselves a new account (domain user, local
> admin, username 'sys'), and had then logged into it, downloaded the
> Ufasoft bitcoin miner from a russian file sharing site, and then run it.
> The file was called `mmc.exe`, and was saved in the new account's `My
> Documents`. No other attempts to hide what was being done.
>
> Has anyone seen this before? Can you make more money from generating
> bitcoins on a hacked server than sending spam from it? The value of
> bitcoin is usually offset by the cost of generating it, but if you're
> using other people's resources to do it, it suddenly seems much more
> attractive. This looked like a fairly amateur attempt, so it could be a
> one-off skiddy, but maybe others will follow...
>
> ~Robin
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ