[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] vwfws4obovm2cydl.onion ??
So from what it seems, the malware included a bitcoin miner that perhaps is
to report found blocks / sub-hashes (? is that a term; i.e. if it works in
a mining pool) to a server, perhaps this site in question.
On Sat, Jun 23, 2012 at 4:06 PM, David H. Lipman <DLipman@xxxxxxxxxxx>wrote:
> From: "grarpamp" <grarpamp@xxxxxxxxx>
> Anbody have any information on; vwfws4obovm2cydl.onion ?
>> You must have obtained the address from somewhere.
>> So what did the ad copy or context associated with it say?
> 1. It was harvested from malware which dropped a file; hostname.tmp
> which contained the name; vwfws4obovm2cydl.onion
> 2. It contained a script file named; poclbm120222.cl
> // -ck modified kernel taken from Phoenix taken from poclbm, with
> aspects of
> // phatk and others.
> // Modified version copyright 2011-2012 Con Kolivas
> // This file is taken and modified from the public-domain poclbm
> project, and
> // we have therefore decided to keep it public-domain in Phoenix.
> 3. It contained the file; private_key.tmp which contains certificate
> 4. It contained the DLLs; pthreadGC2.dll, libpdcurses.dll, libcurl-4.dll
> Multi-AV Scanning Tool - http://multi-av.thespykiller.**co.uk<http://multi-av.thespykiller.co.uk>
> tor-talk mailing list
tor-talk mailing list