[nsp-sec] Compromised bitcoin miners
Gabriel Iovino
giovino at ren-isac.net
Tue Aug 23 08:26:15 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 8/19/2011 12:53 PM, Leif Nixon wrote:
> The following is a list of 652 IP addresses that have been observed
> submitting bitcoin mining results to a mining pool account associated
> with malicious activities. \
ACK:
> 4511 | 192.111.123.191 | 192.111.123.0/24 | US | MIAMI-EDU - University of Miami
> 31886 | 131.104.44.206 | 131.104.0.0/18 | CA | UOGUELPH - University of Guelph
(We have so far not found any non-compromised machines in this context.)
The REN-ISAC reported on ~15 of these before this list hit NSP-SEC and
got zero false positive reports. I concur that most if not all of these
indicate a compromised machine.
Thanks!
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAk5TnGMACgkQwqygxIz+pTuAFgCeOVwsC2aEXjfG2osw2f8+fdkE
hiIAnjkjGlg+BPhevogvr33bvitNk4IA
=VRF2
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list