Your browser is obsolete!

The page may not load correctly.

Unexpected guests

Незваные гости

Other issues in this category (66)
  • add to favourites
    Add to Bookmarks

Way too hot

Read: 1076 Comments: 4 Rating: 7

"Scorching-hot hacked computer burned my hand". This is a lurid headline, indeed.

His computer silently powered off without warning.

Instinctively he touched one of many parts, cursed and pulled his hand again.

The graphics card was so sizzling, it had burned his fingers.

Source

As indicated in the news post, "Hackers used Abdelrhman’s computer to mine for the cryptocurrency Monero, but even when he burned his hand, he did not at first contemplate he was the sufferer of a hack."

But the alarming signs were there:

“Whenever I put my PC to sleep the screens would go blank but I could still hear the fans running and when I came back to it, it would just open up to the main desktop with none of the usual login page or anything,” he says. “My computer wasn’t actually going to sleep at all".

"I found that my computer had been sending loads of information back to a strange website I’ve never visited or heard of".

Source

Note that the user believed that the system was secure:

I was shocked and also a bit embarrassed as I take pride in keeping my PC safe. It’s really frustrating to know that there could be a program running without me knowing and some guy secretly mining crypto, destroying my hardware and stealing my electricity.

Source

That's how it usually happens…

Here are recommendations from the experts:

It’s additionally a good suggestion to put in some safety software program and do the usual virus scans.

Source

"Some safety software program"!

We, too, could content ourselves with a tip like that, but things aren't that simple. A mining program is not necessarily a rogue application (one that hides from users). An employee may decide to install a legitimate application on their office computer to engage in mining at their employer's expense. A program of this kind will trigger no response from any anti-virus.

I remember how ten years ago I would run folding@home at night on a hundred of our users' PCs. Am I an evil cryptojacking operator or a benevolent evangelist for medicine? :) Although, if I had known back then about cryptocurrencies and how their exchange rates would soar, I would probably have run something other than f@h and would now be living on an island of my own. :)

Source

That's why sometimes an investigation is necessary.

First, examine the list of running processes. To accomplish this, you can use the tools that are readily available in most operating systems. Under Windows, press Ctrl+Shift+Esc to open the Task Manager. In macOS, start the Activity monitor. In Unix-like systems, use the ps utility to view the list of running processes. But the problem is that rogue mining applications are smart. And they monitor system operation for attempts to launch programs of this kind. Because of this, you may want to download and install alternative tools, such as Process Hacker, Process Explorer, Process Monitor or another similar utility. But a rogue mining program may be able to detect these utilities too!

If you can't find anything, but you still have suspicions because:

  • Someone has been visiting websites, forums and message boards related to mining.
  • Mining software has been downloaded.
  • Certain hosts communicate with mining pools to exchange data about received blocks and hashes.

Source

Then contact us!

By the way, did you know about the war going on between rogue mining programs? Previously, only banking trojans were known for their habit of grabbing at each other's throats. But because system resources aren't infinite, cryptojacking applications also want to have the system to themselves.

The malicious payload includes the VBScript component, which checks the Windows version. It looks for systems whose BlueKeep (CVE-2019-0708) vulnerability in the RDP protocol hasn’t been patched, i.e., computers running Windows XP, Windows Vista, Windows 7, Windows Server 2003 and Windows Server 2008.

If the vulnerability is detected, the malware checks the list of installed Microsoft security patches. In particular, it looks for security updates dealing with the Bluekeep issue.

If Kingminer doesn't find them, it completely disables Remote Desktop Protocol on the server, which effectively thwarts any further attempts to mount a similar attack.

Source

So, if you don't install security patches, attackers can do it for you. But are you going to like what happens next?

#bitcoin #botnet #VCI #non-recommended_sites #signs_of_infection #Parental_Control

Dr.Web recommends

The usual things:

  1. Install an anti-virus and set a strong password to protect its settings.
  2. Apply security patches as soon as they are made available.
  3. Enable the option to examine potentially dangerous software.
  4. Use the Parental Control to block access to malicious sites.
  5. Run full system scans regularly.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments