Posted on 11/03/2019 7:47:14 AM PST by DUMBGRUNT
Hackers are using BlueKeep to break into Windows systems and install a cryptocurrency miner.
Security researchers have spotted the first mass-hacking campaign using the BlueKeep exploit; however, the exploit is not being used as a self-spreading worm, as Microsoft was afraid it would happen last May when it issued a dire warning and urged users to patch.
Instead, a hacker group has been using a demo BlueKeep exploit released by the Metasploit team back in September to hack into unpatched Windows systems and install a cryptocurrency miner.
This BlueKeep campaign has been happening at scale for almost two weeks, but it's been only spotted today by cybersecurity expert Kevin Beaumont.
At one point in the future, some low-skilled threat actor will figure out how to run BlueKeep properly, and that's when we'll see it used more broadly. Chances are that it's still going to be used to mine cryptocurrency -- the same thing for which EternalBlue is also mostly used nowadays.
Despite having months to patch systems, the latest headcount of publicy-accessible Windows systems that expose an RDP endpoint online and are vulnerable to BlueKeep is at around 750,000. These scans don't include systems inside private networks, behind firewalls.
(Excerpt) Read more at zdnet.com ...
I found this: One Hacker Can Make $100M A Year With Evil Cryptocurrency Miners https://www.forbes.com/sites/thomasbrewster/2018/01/31/100-million-opportunity-for-criminal-monero-cryptocurrency-miners/#186993914684
Talk about a honeypot! Surprising anything with a CPU still functions?
What is a crypto miner? Stealing coins by an app”
A nice simple question.
The answers get very complicated very quickly!
Bitcoin pays people to check the books and pays in Bitcoin.
The process eats a lot of computer time.
So, hijack a multitude of computers to work for you, and keep the money!
Warning!!!
Explanation possibly causes brain pain!!!
Mining is the process of adding transaction records to Bitcoin’s public ledger of past transactions (and a “mining rig” is a colloquial metaphor for a single computer system that performs the necessary computations for “mining”. This ledger of past transactions is called the block chain as it is a chain of blocks.
https://en.bitcoin.it/wiki/Mining
Its analogous to physically mining for gold, then bringing the gold from those rock melted and refined, to a store to be able to exchange it for cash.
Ping for your Windows list. . .
Its analogous to physically mining for gold, then bringing the gold from those rock melted and refined, to a store to be able to exchange it for cash.”
I dont see an analogy. Physical gold can be held in the hand, used for commerce, stolen, etc.
It seems to me that bitcoins are created out of the air from the bowels of a computer and are valuable based only on the faith in them by a holder or user. What is to stop me from creating my own bitcoin?
The governments control the issue of paper money which is also exchanged on the basis of faith and acceptance and they prosecute counterfeiters. So we don’t see wild swings of valuation based on speculation.
“The governments control the issue of paper money which is also exchanged on the basis of faith and acceptance and they prosecute counterfeiters. So we dont see wild swings of valuation based on speculation.”
Long ago, maybe?
1971 Nixon cut the dollar loose and let it float.
Currency speculation, not just the dollar is TRILLIONS of dollars every day!
The dollar is not static.
EUR USD - Historical Annual Data
https://www.macrotrends.net/2548/euro-dollar-exchange-rate-historical-chart
Yes, bitcoin is more volatile.
“These scans don’t include systems inside private networks, behind firewalls.”
And that is the problem. There could be 90% of average non-techy users infected with this and never know. If you are infected the first sign will be an unusually excessive amount of resources being used compared to what is truly needed for what you are doing on it.
They highjack your machine’s resources as added remote computing power to do the mining. It takes a LOT of resources to mine digital currency. And now that Bitcoin is getting closer to the end of availability, it takes even more and more computing power to mine each coin.
The concept is similar to the reason Gold is valuable. To mine gold it takes costs, resources, and labor. And there are no short cuts, it always has to be mined and require these resources. This is why it holds it’s value. If it could be counterfeited then it would be worthless.
It is a similar thing with digital currency, all the effort and resources required to mine it is what gives it value. And some don’t want to invest the costs to acquire the massive computing power it requires, so they have figured out how to steal the resources of others without their knowledge. And know what? These mining scripts can be implanted with just a cookie from a website visit.
I keep telling folks, while a strict script blocker might cause a few inconveniences, it is dumb as hell to not have one in place. There is not one thing out there you can trust.
But I’m with you, I have NEVER entertained the concept of digital currency.
Is it not just as simple to delete cookies after webbing or prevent cookie storage to begin with?
Unfortunately it’s not that simple anymore. They are becoming pretty sophisticated, they can install something permanent into your system simultaneously as the cookie loads into your temp file. Or just copy one image file as “Save as” and there it is. And there is a LOT of “cross scripting” out there now.
You can try to stop cookies or delete them, but the cookies are becoming smarter than the cookie blockers and the blockers do not even see them as they load. The last 6 months I have noticed that even with my strict script blocker they have scripts that it sees, but it doesn’t register them in the list so that I can block them. Some are smarter than even the script blockers.
The advantage I have for those that do make it past my script blocker is the protection of Linux as an OS. This is one of the advantages of Linux over Windows. It is pretty darn hard if not almost impossible for things like this to make any system changes or install themselves without my knowledge and approval.
The latest post function here on free republic it’s not working right.
Really? I haven’t noticed an issue on mine yet? something in our browser maybe? Or is it when you post on a phone? I do have problems when I try to post on my phone and have my cookie blocker on.
I didn’t look into it very deep because I never post to here on my phone. But I suspect it may be statistical analytics software being used on the phone script for FR. It looks like they use a different analytic API for the regular webpage script.
Really? I haven’t noticed an issue on mine yet? something in our browser maybe? Or is it when you post on a phone? I do have problems when I try to post on my phone and have my cookie blocker on.
I didn’t look into it very deep because I never post to here on my phone. But I suspect it may be statistical analytics software being used on the phone script for FR. It looks like they use a different analytic API for the regular webpage script.
What’s it doing?
Thanks to Swordmaker for the ping!
Windows BlueKeep Attack That U.S. Government Warned About Is Happening Right Now
The First BlueKeep Mass Hacking Is Finally Herebut Don't Panic
The BlueKeep vulnerability exists in unpatched versions of Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2.
So everybody who still has a Windows XP, Windows 7, or god forbid Windows Vista computer around -- PATCH IT!
I am a currency trader with years of successful trading including most of the dollar currencies. So I participate in currency speculation every day but Sat. but nothing seems to be as speculative as the Bitcoin market.
I understand Bit coin had a ride from a few dollars to over 10k per coin and back to 5K and now at 6+K. I don’t think you can entertain worldwide commerce at that rate of swinging valuation. Seems like a total speculation to me.
The first time I ran across it, I was offered a streaming service on NBA games for 15 bit coins monthly for the season. I didn’t know what it was and although I could buy the 15 dollar coin for about 15 dollars at the time, I decided not to get into it.
I have nothing against speculation, but don’t see how an unregulated electronic currency is going to be able to run alongside an official government currency, electronic or not.
As long as you have all your Windows 95 Patches installed you should be fine!
These mining scripts can be implanted with just a cookie from a website visit.
Cookies cannot install scripts. Scripts are run by your browser. Cookies temporarily store information. Scripts or exploits are what can infect your computer.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.