The Miner botnet: Bitcoin mining goes peer-to-peer
Revision as of 00:25, 31 July 2015 by Eric.freyssinet (talk | contribs)
(Publication) Google search: [1]
| The Miner botnet: Bitcoin mining goes peer-to-peer | |
|---|---|
| Botnet | Miner |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2011 / 2011-08-19 |
| Editor/Conference | Kaspersky Securelist |
| Link | https://securelist.com/blog/incidents/30863/the-miner-botnet-bitcoin-mining-goes-peer-to-peer-33/ (Archive copy) |
| Author | Tillman Werner |
| Type | |
Abstract
“ Identifying a botnet is not an easy task sometimes, especially when one gets lost in different components like droppers, infectors and other bad stuff. Some two weeks ago, Jose Nazario from Arbor Networks pointed me to a new varmint that appears to be another peer-to-peer bot. When executed, the program installs tons of stuff that holds a number of goodies, for example
- an executable hidden in an Alternate Data Stream,
- three Bitcoin miners: the Ufasoft miner, the RCP miner and the Phoenix miner,
- a file with geo-location information for IP address ranges.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR1983,
editor = {Kaspersky Securelist},
author = {Tillman Werner},
title = {The Miner botnet: Bitcoin mining goes peer-to-peer},
date = {19},
month = Aug,
year = {2011},
howpublished = {\url{https://securelist.com/blog/incidents/30863/the-miner-botnet-bitcoin-mining-goes-peer-to-peer-33/}},
}