Other issues in this category (31)
About miners that feather their nests with others’ resources
Thursday, July 29, 2021
We’re devoting today's issue to the problem of cryptocurrency mining, having analysed this process from the point of view of information security. The fact is that mining itself, which spans almost the whole world today, is not a harmful activity, but the specifics of mining, which are entirely based on using computing power leads many "crypto specialists" to think that these resources can be, charitably speaking, borrowed without permission. And they use specialised programs for this—miners. Moreover, they use them covertly.
Miners—are they viruses or not?
In everyday life, miners are often referred to as viruses. But in reality, it's a little more complicated: Dr.Web considers some of these programs just potentially dangerous because even if they are legitimate, they can harm a computer system when used by attackers There also exist overtly malicious miners that belong to a trojan species—they are more often called viruses, though that is somewhat undeserved.
Why are miners dangerous?
These programs can:
- disrupt the normal operation of computer devices to the point that they break down;
- reduce their performance;
- cause device overheating and an over-expenditure of electricity.
The first miners appeared in 2011, and they continue to pose a serious threat—including to corporate users. The fact is that in the case of companies, the temptation is great to use the computing power of computers and servers that are not operating at peak capacity or are idle.
How miners spread
A miner can be detected in several ways. The below methods used by these malicious software programs to penetrate computer systems have been detected at various times by Doctor Web’s specialists:
- penetration under the guise of useful applications from sites designed by hackers (Trojan.BtcMine.221 to mine Litecoin);
- penetration with the help of affiliate programs for owners of legitimate sites—when these owners host various applications for downloading and receive a sales percentage (for example, this is how Trojan.BtcMine.218 was spread);
- as a "side" malicious program. For example, Trojan.Tofsee could download 17 plug-in modules, including Trojan.BtcMine.148 trojan, to mine Bitcoin.
How to tell that a miner is running on your computer
Hidden miners consume large amounts of computer resources. If your computer starts slowing down when performing the simplest tasks, if your cooler is constantly noisy and your PC or laptop housing is unusually warm—these can be signs that a miner is at work.
You can use the Task Manager in Windows to find out which process is loading the CPU. After opening it, you should, for a while, keep track of which of the running processes is behaving suspiciously active—provided that the user is totally inactive. If the browser is observed to be loading the system, this can also indicate that hidden mining is occurring in the system: some of these programs are activated when harmful sites are visited and can work in online mode.
It is important to take into account that a hidden miner can use video-adapter resources, not those of the CPU. So, you should use special utilities for additional monitoring.
You must also bear in mind that a miner can take control of the Task Manager—and make it so that the standard use of computing resources is displayed.
Another indicator of miner activity can be increased traffic flow, the loss of important files or regular Internet drops.
Of course, at the slightest suspicion, it’s always essential to use an anti-virus. For example, use the free Dr.Web CureIt! utility to detect malicious activity in Windows. After detecting a miner, the utility neutralises its activity but does not provide resident protection.
Ideally, a comprehensive protection product—such as Dr.Web Security Space—should be installed. It cuts off all the routes used by miners to penetrate a protected device:
- the anti-virus monitors attempts to download any potentially dangerous programs and blocks them;
- in the Parental/Office Control settings, you can choose the category "Cryptocurrency mining pools"—in this case, Dr.Web will prevent you from visiting such sites;
- Using behavioural analysis, Dr.Web Preventive Protection will detect the newest miner species.
The Anti-virus Times recommends
When using an anti-virus, it is important to follow a number of recommendations that will make the protective software really effective against miners and mining:
- install and activate all the modules incorporated into the anti-virus, especially the HTTP monitor for checking traffic, and also the preventive protection, anti-spam and firewall;
- don’t add too many programs, directories or disks to the exceptions list—it makes sense to use this feature if you are 100% confident in the safety of these objects;
- when configuring actions that you want the anti-virus to take, you should choose the option "Cure, move to quarantine if incurable": miners can be defined not only as trojans but also as potentially dangerous programs.
More detailed information on how to configure the Dr.Web anti-virus to protect a system from miners can be found in our brochure "Configure Dr.Web to protect your computer from miners".