SoylentNews is people
SoylentNews
Cryptocurrency-mining malware-scum have started to write code that evicts rivals from compromised computers.
The miner in question was first noticed by SANS Internet Storm Center handler Xavier Mertens. Mertens spotted the PowerShell script on March 4, and noting that it kills any other CPU-greedy processes it spots on target machines, he wrote: “The fight for CPU cycles started!”
Pre-infection, the attack script checks whether a target machine is 32-bit or 64-bit and downloads files known to VirusTotal as hpdriver.exe or hpw64 (they're pretending to be HP drivers of some kind).
If successfully installed, the attack then lists running processes and kills any it doesn't like. Mertens noted that alongside ordinary Windows stuff, the list of death-marked processes includes many associated with cryptominers, some of which are listed below.
Mertens wrote that the script also checks for processes associated with security tools.
(Score: 4, Funny) by dbe on Wednesday March 07 2018, @06:40PM (7 children)
All along we though Symantec and friends were not programmed efficiently, they were just mining stuff on our computer for the "antivirus" feature...
If not that does smells like a new market opportunity, we'll protect you from miners and other pests for a very minimal 25% of your cycles in exchange!
-dbe
(Score: -1, Troll) by Anonymous Coward on Wednesday March 07 2018, @06:45PM
An imposing man stood in front of around thirty other people. There were numerous objects lined up, and the man was standing near the first one on the left; this appeared similar to those scenarios where someone would break wood with karate chops in front of an audience. Indeed, the man was a famous martial arts instructor, and he was about to demonstrate his immense prowess in front of his students by destroying all 100 objects using a single karate chop for each of them. Furthermore, the man had only ten seconds to accomplish this amazing feat. Despite this challenge, the man was calm; to him, failure was not even a possibility. Then, a loud pang was heard; the man flew into action.
Wham! The first object was utterly destroyed by the man's superhuman chop, which could barely be seen by his students. Then, in only around a second, a great number of the objects had similarly been destroyed. Phenomenal. The man's students were stunned. How could someone become so skilled and powerful? The man's hand collided with the final object, and it too was obliterated. Seven seconds. It had only taken seven seconds for the man to destroy all 100 objects. Yes, this martial artist was a legend.
After the demonstration, the instructor tasked several of his students with disposing of the destroyed targets. The students methodically chucked every object into several large dumpsters. When they were finished, they walked towards the dojo; they did not even once look back at the dumpsters, which were filled with women's corpses.
(Score: 1) by cocaine overdose on Wednesday March 07 2018, @06:57PM
It should also be noted that Symantec is not just Symantec Norton (the anti-virus). They make most of their revenue off enterprise products and services (that don't blow ass), and from subsidiaries they've purchased over the years. I think Symantec made something like $150 billion off Norton (very rough estimates) in 2016, which is around 10% of their revenue,
(Score: 2) by Freeman on Wednesday March 07 2018, @07:11PM (1 child)
Cryptocurrency is relatively new. Norton's horrendous slowness has been around for ages. Doesn't mean they can't add a new feature though!
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2, Interesting) by Anonymous Coward on Wednesday March 07 2018, @08:28PM
i can't believe this is making the rounds now. this security expert is wayyy behind.
there have been crypto miner 'worms' evicting existing worms off consumer routers and ip cameras and stuff for a while now. couple examples of code floating about, and i believe a wallet or two was shut down as a result.
maybe i should write about the stuff i see and become an expert, but the thing is... it was posted elsewhere too. this guy is repeating yesterdays news and we get it here as well, so i am just as guilty for not posting it when it was new as I am guilty about complaining about old news being treated as new.
(Score: 3, Informative) by Anonymous Coward on Wednesday March 07 2018, @08:02PM (2 children)
Microsoft calls that "gathering telemetry data".
(Score: 2) by frojack on Wednesday March 07 2018, @08:35PM (1 child)
I wonder how Microsoft has avoided being bombed by embedded malware in all the data they ex-filtrate during their telemetry data grab.
I mean all you have to do is watch any modern spy TV show to know that there's an edgy girl hacker (its always a girl) who could send them something that would infect their entire operation and let them look at the cameras in the elevators and stuff. All by putting a little code inside a text file somewhere in a windows machine and waiting for Microsoft to snatch it up.
No, you are mistaken. I've always had this sig.
(Score: 2) by maxwell demon on Thursday March 08 2018, @06:06AM
I guess simply by not trying to execute it.
The Tao of math: The numbers you can count are not the real numbers.