Yes, it is well known that certain individuals are using compromised *nix servers particularly to run bitcoin miners into pools. Its only been happening for.. a long time.
On Tue, Jul 19, 2011 at 8:20 PM, Zach C. <fxc...@gmail.com> wrote: > Hmm -- that's interesting. I wonder if it would be possible/feasible to > build a botnet in this fashion that would overtake legitimate bitcoin nodes > in terms of CPU power. (You probably know what would happen then) > On Jul 19, 2011 12:11 PM, "Robin" <ro...@rbsec.net> wrote: > > Had to deal with a server today that had been hacked (still running > > realVNC 4.0, so there's that lovely bypass exploit released 4 years > > ago). This server was an exchange/domain controller for a small business. > > > > Not much seemed to have been done to it. From the looks of it, all the > > attacker had done was make themselves a new account (domain user, local > > admin, username 'sys'), and had then logged into it, downloaded the > > Ufasoft bitcoin miner from a russian file sharing site, and then run it. > > The file was called `mmc.exe`, and was saved in the new account's `My > > Documents`. No other attempts to hide what was being done. > > > > Has anyone seen this before? Can you make more money from generating > > bitcoins on a hacked server than sending spam from it? The value of > > bitcoin is usually offset by the cost of generating it, but if you're > > using other people's resources to do it, it suddenly seems much more > > attractive. This looked like a fairly amateur attempt, so it could be a > > one-off skiddy, but maybe others will follow... > > > > ~Robin > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- I’m a hot-wired, heat seeking, warm-hearted cool customer, voice activated and bio-degradable. I interface with my database, my database is in cyberspace, so I’m interactive, I’m hyperactive and from time to time I’m radioactive.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
