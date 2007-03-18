from the miner-kerfluffle dept.
Cryptocurrency-mining malware-scum have started to write code that evicts rivals from compromised computers.
The miner in question was first noticed by SANS Internet Storm Center handler Xavier Mertens. Mertens spotted the PowerShell script on March 4, and noting that it kills any other CPU-greedy processes it spots on target machines, he wrote: “The fight for CPU cycles started!”
Pre-infection, the attack script checks whether a target machine is 32-bit or 64-bit and downloads files known to VirusTotal as hpdriver.exe or hpw64 (they're pretending to be HP drivers of some kind).
If successfully installed, the attack then lists running processes and kills any it doesn't like. Mertens noted that alongside ordinary Windows stuff, the list of death-marked processes includes many associated with cryptominers, some of which are listed below.
Mertens wrote that the script also checks for processes associated with security tools.
(Score: 4, Funny) by dbe on Wednesday March 07, @06:40PM (6 children)
All along we though Symantec and friends were not programmed efficiently, they were just mining stuff on our computer for the "antivirus" feature...
If not that does smells like a new market opportunity, we'll protect you from miners and other pests for a very minimal 25% of your cycles in exchange!
(Score: -1, Troll) by Anonymous Coward on Wednesday March 07, @06:45PM
(Score: 1) by cocaine overdose on Wednesday March 07, @06:57PM
It should also be noted that Symantec is not just Symantec Norton (the anti-virus). They make most of their revenue off enterprise products and services (that don't blow ass), and from subsidiaries they've purchased over the years. I think Symantec made something like $150 billion off Norton (very rough estimates) in 2016, which is around 10% of their revenue,
(Score: 2) by Freeman on Wednesday March 07, @07:11PM (1 child)
Cryptocurrency is relatively new. Norton's horrendous slowness has been around for ages. Doesn't mean they can't add a new feature though!
(Score: 1, Interesting) by Anonymous Coward on Wednesday March 07, @08:28PM
i can't believe this is making the rounds now. this security expert is wayyy behind.
there have been crypto miner 'worms' evicting existing worms off consumer routers and ip cameras and stuff for a while now. couple examples of code floating about, and i believe a wallet or two was shut down as a result.
maybe i should write about the stuff i see and become an expert, but the thing is... it was posted elsewhere too. this guy is repeating yesterdays news and we get it here as well, so i am just as guilty for not posting it when it was new as I am guilty about complaining about old news being treated as new.
(Score: 2, Informative) by Anonymous Coward on Wednesday March 07, @08:02PM (1 child)
Microsoft calls that "gathering telemetry data".
(Score: 2) by frojack on Wednesday March 07, @08:35PM
I wonder how Microsoft has avoided being bombed by embedded malware in all the data they ex-filtrate during their telemetry data grab.
I mean all you have to do is watch any modern spy TV show to know that there's an edgy girl hacker (its always a girl) who could send them something that would infect their entire operation and let them look at the cameras in the elevators and stuff. All by putting a little code inside a text file somewhere in a windows machine and waiting for Microsoft to snatch it up.
(Score: 0) by Anonymous Coward on Wednesday March 07, @06:41PM (6 children)
Maybe new malware will save them from other older malware!
(Score: 2) by frojack on Wednesday March 07, @06:54PM (3 children)
Well, since its PowerShell we know its windows.
The fact that both snuck through window's sieve/defense and got installed in the first place, while interesting and instructive, is not central to the question.
Instead I ask should windows users actually care if one malware manages to kill off another malware?
That make it easier to eradicate them all, does it not? Let them duke it out, then kill the winner.
Of course, if the user didn't notice any of these thing sneaking onto his machine in the first place he probably won't notice the battle or the winner.
(Score: 2) by bob_super on Wednesday March 07, @07:06PM (2 children)
We just need to educate users on how to freeze their CPUs, to make sure all the gorilla miners die?
(Score: 2) by Freeman on Wednesday March 07, @07:13PM (1 child)
I'm quite sure the average user knows how to place their computer in a freezer. Most of them may not have room in the freezer, though.
(Score: 2) by bob_super on Wednesday March 07, @07:17PM
Not with gorillas inside, obviously.
(Score: 1, Funny) by Anonymous Coward on Wednesday March 07, @08:05PM (1 child)
The only thing that can stop bad malware on a computer is good malware on a computer.
(Score: 2) by requerdanos on Wednesday March 07, @10:00PM
This idea that there is "good" malware and "bad" malware is an excuse people use to run Windows