Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Announcements (Altcoins)
Re: [ANN] [QCN] QuazarCoin | Privacy&Data protection | CPU only | Optimized miner
by
john641
on 30/05/2014, 11:30:54 UTC
Quote from: restless on May 30, 2014, 11:21:06 AM
Quote from: john641 on May 30, 2014, 10:57:48 AM
Quote from: restless on May 27, 2014, 06:17:53 AM
Quote from: johncitizen on May 27, 2014, 05:58:51 AM
Regarding the botnet issue "claim"

https://forum.cryptonote.org/viewtopic.php?f=2&t=9
Yesterday I already had to remove "bot-infection" on one office PC - the trojan was really sophisticated, had downloaded more than 10 miners, including CN one

Hello, can you elaborate on this? What was the name of trojan and where were you able to "get infected"? Also, what did this trojan download? Daemon?

Sorry for the such late notice of all this - I love to inspect malwares - they are fascinating. :]
It was on the PC of CEO's personal secretary Cheesy, I was pissed off because thought a coleague  put it there - started deleting services and files... and when I realized it was way more sophisticated, the "smart" parts of it were gone Smiley, so I just finished deleting it. Probably afraid to be tempted to the dark side Smiley
It had at least 2 services,  a dozen miners downloaded to windows folder (there were miners for scrypt, dark, MRO, yam, nrs, rie ... maybe 10+ different exes)...
and during watching running tasks I saw it to change the running miner&pool in cmd line of the process.

Luckily it was written dumb enough to lock 100% of cpu cores all the time. When latest i5 starts to struggle with everyday usage, people start to be suspicious Smiley

Usually this type of malware are looking for a short term profit - that's why it loaded CPU for a 100%. Smiley

I assume that personal secretary has "absolutely no idea" where it came from? Smiley