[Fwd: Re: [tor-talk] vwfws4obovm2cydl.onion ??]

Ted Smith tedks at riseup.net
Sun Jun 24 12:08:45 PDT 2012 

Not much actual information, but it's nifty that bitcoin-mining malware
is maybe using Tor hidden services for command and control.

-------- Forwarded Message --------
From: Zebro kojos <zebro.kojos at gmail.com>
Reply-to: tor-talk at lists.torproject.org
To: tor-talk at lists.torproject.org
Subject: Re: [tor-talk] vwfws4obovm2cydl.onion ??
Date: Sat, 23 Jun 2012 16:26:32 +0300

So from what it seems, the malware included a bitcoin miner that perhaps is
to report found blocks / sub-hashes (? is that a term; i.e. if it works in
a mining pool) to a server, perhaps this site in question.

On Sat, Jun 23, 2012 at 4:06 PM, David H. Lipman <DLipman at verizon.net>wrote:

> From: "grarpamp" <grarpamp at gmail.com>
>
>  Anbody have any information on;  vwfws4obovm2cydl.onion  ?
>>>
>>
>> You must have obtained the address from somewhere.
>> So what did the ad copy or context associated with it say?
>>
>
> 1.    It was harvested from malware which dropped a file; hostname.tmp
> which contained the name;  vwfws4obovm2cydl.onion
>
> 2.    It contained a script file named;  poclbm120222.cl
>   // -ck modified kernel taken from Phoenix taken from poclbm, with
> aspects of
>   // phatk and others.
>   // Modified version copyright 2011-2012 Con Kolivas
>
>   // This file is taken and modified from the public-domain poclbm
> project, and
>   // we have therefore decided to keep it public-domain in Phoenix.
>
> 3.   It contained the file;  private_key.tmp  which contains certificate
> keys
>
> 4.   It contained the DLLs;  pthreadGC2.dll, libpdcurses.dll, libcurl-4.dll
>
>
>
>
> --
> Dave
> Multi-AV Scanning Tool -
http://multi-av.thespykiller.**co.uk<http://multi-av.thespykiller.co.uk>
>
http://www.pctipp.ch/**downloads/dl/35905.asp<http://www.pctipp.ch/downloads/
dl/35905.asp>
>
> ______________________________**_________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
>
https://lists.torproject.org/**cgi-bin/mailman/listinfo/tor-**talk<https://li
sts.torproject.org/cgi-bin/mailman/listinfo/tor-talk>
>
_______________________________________________
tor-talk mailing list
tor-talk at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--
Sent from Ubuntu

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the cypherpunks-legacy mailing list