The Miner botnet: Bitcoin mining goes peer-to-peer
Jump to navigation
Jump to search
(Publication) Google search: [1]
The Miner botnet: Bitcoin mining goes peer-to-peer | |
---|---|
Botnet | Miner |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2011 / 2011-08-19 |
Editor/Conference | Kaspersky Securelist |
Link | https://securelist.com/blog/incidents/30863/the-miner-botnet-bitcoin-mining-goes-peer-to-peer-33/ (Archive copy) |
Author | Tillman Werner |
Type |
Abstract
“ Identifying a botnet is not an easy task sometimes, especially when one gets lost in different components like droppers, infectors and other bad stuff. Some two weeks ago, Jose Nazario from Arbor Networks pointed me to a new varmint that appears to be another peer-to-peer bot. When executed, the program installs tons of stuff that holds a number of goodies, for example
- an executable hidden in an Alternate Data Stream,
- three Bitcoin miners: the Ufasoft miner, the RCP miner and the Phoenix miner,
- a file with geo-location information for IP address ranges.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR1983, editor = {Kaspersky Securelist}, author = {Tillman Werner}, title = {The Miner botnet: Bitcoin mining goes peer-to-peer}, date = {19}, month = Aug, year = {2011}, howpublished = {\url{https://securelist.com/blog/incidents/30863/the-miner-botnet-bitcoin-mining-goes-peer-to-peer-33/}}, }