Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Pools (Altcoins)
Re: [ANN][POOL] Profit switching pool - wafflepool.com
by
Zamboniman
on 23/03/2014, 07:48:52 UTC
Quote from: comeonalready on March 23, 2014, 07:43:31 AM
Quote from: Zamboniman on March 23, 2014, 07:31:32 AM
Quote from: dogechode on March 23, 2014, 04:42:33 AM
Quote from: utahjohn on March 23, 2014, 04:41:48 AM
@PW got this from multipool.us

Mar 22 4:22 PM It appears there is some kind of malware diverting some users' hashpower to 206.223.224.225. This is not a multipool pool server. If you are seeing this, please report it as well as what miner you are using, where you obtained it, and check your computer for malware.

It appears that waffle is not the only multipool under attack!

how would people check for this?

Malware cannot explain what has happened.

I am running linux on each of my rigs. On those rigs running linux, there are several different distributions of linux. Linux is notoriously difficult to infect with malware. On those rigs, some are running sgminer, some cgminer 3.7.2 (original) and some kalroth's or other version of cgminer. One of my rigs is running cudaminer. Other people are running various versions of windows, or even Mac, with various miners.

I cannot imagine any malware that could possibly be written to affect multiple miners in multiple operating systems.

In my case, my security practices are very reliable.

When this happened to me, it happened simultaneously on all my rigs all running various OS's and all running different miners.

The symptoms are not indicative of client side malware. It is indicative of some kind of DNS or networking hijacking.


Though one can easily download maliciously inserted code within 'trusted' linux software, I am generally inclined to agree that the miner-side malware possibility seems unlikely, but cannot as yet be completely ruled out.  

But as far as I know there has not been any effort to identify affected  client side operating systems versions, miner versions, pool configurations including backups, failover-only settings, etc, to determine if there are any commonalities.  And from reading this thread, one cannot even determine how many people might have been affected!


Agreed that it's possible to download malicious code in linux.

Given that I'm running various versions of cgminer, sgminer, bfgminer, and even cudaminer, all git pulled myself and compiled myself, this seems unlikely in the extreme. Possible, but very unlikely. The perpetrator would ave had to insert malicious working code in many different and seperate miners source codes, some completely incompatible with others, administered by many different people, and all able to function simultaneously.

Again, possible, but does not seem very plausible.