Not much actual information, but it's nifty that bitcoin-mining malware
is maybe using Tor hidden services for command and control.
-------- Forwarded Message --------
From: Zebro kojos
From: "grarpamp"
Anbody have any information on; vwfws4obovm2cydl.onion ?
You must have obtained the address from somewhere. So what did the ad copy or context associated with it say?
1. It was harvested from malware which dropped a file; hostname.tmp which contained the name; vwfws4obovm2cydl.onion
2. It contained a script file named; poclbm120222.cl // -ck modified kernel taken from Phoenix taken from poclbm, with aspects of // phatk and others. // Modified version copyright 2011-2012 Con Kolivas
// This file is taken and modified from the public-domain poclbm project, and // we have therefore decided to keep it public-domain in Phoenix.
3. It contained the file; private_key.tmp which contains certificate keys
4. It contained the DLLs; pthreadGC2.dll, libpdcurses.dll, libcurl-4.dll
-- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.**co.ukhttp://multi-av.thespykiller.co.uk
http://www.pctipp.ch/**downloads/dl/35905.asp<http://www.pctipp.ch/downloads/ dl/35905.asp>
______________________________**_________________ tor-talk mailing list tor-talk@lists.torproject.org
https://lists.torproject.org/**cgi-bin/mailman/listinfo/tor-**talk<https://li sts.torproject.org/cgi-bin/mailman/listinfo/tor-talk>
_______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sent from Ubuntu [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]