Yahoo Malware Turned PCs Into Bitcoin Miners

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Here's a follow-up to that story about Yahoo ads infecting peoples computers with malware.

Researchers at security firm Light Cyber revealed this week that one of the malware programs aimed to use the resources of infected PCs to perform the calculations necessary to run a Bitcoin network. Revealed earlier this month by fellow security firm Fox IT, the campaign spread its package by using Yahoo's ad server to deploy malicious ads. The malware took advantage of vulnerabilities in Java to install itself on computers that visited the ads.yahoo.com site.
 
Well lookie here...
A few weeks ago, I was in a user chat of my mining pool's site, and there was somebody asking if it's possible to infect sites with some kind of malware that would turn PC's into miners... Hmm...:eek:
 
How can anyone not applaud the genius of this particular bit: Using a revenue generation stream platform to distribute a revenue generation stream platform.

You get paid twice!
 
There ya go, distributed bit mining! Someone needs to hack folding at home or seti at home or whatever to covertly mine instead of folding proteins/looking for aliens :D
 
glad they caught it -- but I have to say this.... I wish I'd thought of and executed it.

Any coins (or fractions of coins) mined are sent to one or a handful of addresses. Good luck catching the person who did it (here is a hint: they wont)
 
glad they caught it -- but I have to say this.... I wish I'd thought of and executed it.

Any coins (or fractions of coins) mined are sent to one or a handful of addresses. Good luck catching the person who did it (here is a hint: they wont)

Just like they would never catch Anon....
 
Just like they would never catch Anon....
If they catch the person it will likely be the same way that they caught the individual running Silk Road: user error (he used his real email address to ask for help with setting up security on a TOR network similar to what Silk Road used, had fake passports + ids mailed to his home address, etc).
 
One of my client laptops (T410) that I use got infected for some reason with this kind of thing. I don't remember ever going to yahoo the past 2 months. (checked History, no yahoo.com sites visited). i dunno if this is related to that Yahoo issue.

The laptop would just shut off when it goes in idle.
Took me a couple of hours to figure it out.
Finally found a weird filename in the process that i know i haven't installed. mpc.exe
It was also in the Startup folder called Windows Media Player.
So they dropped the files in the c:\program files\Intel\Media folder and as another exe file they named as explore.exe. The MPC.exe just calls the explore.exe to run whenever the computer is in idle.

anyways, the username they tied it to is chandra_argentis.Mcd on multipool.us

unfortunately mbm or norton corp AV can't even detect this.
 
Looks like the ransomware virus, huh. The worst virus ever that encrypts your files and demand for Bitcoin ransom. It gets my goat actually! Beware guys, as far as I know, such virus is targeting big time businesses and consumers.
 
Back
Top