Connect with us

Hi, what are you looking for?

Standard

SA experts stop bitcoin virus

Published by IT-Online on 17 October 2017

A dangerous Bitcoin-mining virus has been detected and disabled by two Johannesburg-based IT experts
.

White hat ethical hacker William Vermaak, from PBSA’s digital arm pbDigital, and senior software developer Morne Wilken, detected malicious activity on one of their customer’s servers last week. The two immediately analysed the source of the virus and uninfected the server.

According to Vermaak, the virus had gone undetected by all available virus packages.

“We submitted samples to ESET the next day and [the company] immediately responded from its virus lab in Denmark, confirming the virus was wild and that detection for the threat had been added to its latest definition updates.”

By the time of detection, the virus had already infected 0,04% of Windows computers in South Africa. Russia was hardest hit, with 0,5% of all Windows computers infected.

Essentially a Bitcoin-mining virus, the Winlog Virus downloads a Bitcoin CPU miner on the victim’s computer, and then mines Bitcoins for the virus originator.

Vermaak says this type of virus is particularly evasive. “It tries to make itself resilient and configures various system schedules to start it again if it’s stopped. The virus will also install itself on the system as a system service.

“The virus infiltrates the System Registry and changes some keys to make itself run again if it’s shut down. Shortcuts on the victims’s Desktop are modified to run the virus and these then run the original program, in an attempt to mask it’s presence. The virus also copies itself into various other files on the system — including Microsoft.exe — to try ensure resilience.”

Almost three months ago, Russian president Vladimir Putin’s Internet advisor, Herman Klimenko, issued a dire public warning that 20% to 30% of all computers in Russia were infected with computer malware designed to turn devices into Bitcoin-mining machines.

At the time, Klimenko told Moscow-based news broadcaster RBC that viruses that install bitcoin-mining software are the “most common and most dangerous” type of computer malware in existence.

 

Filed under: Blogs, In the News, Index PAge, SignFlow Tagged: Bitcoin, Bitcoin-mining virus, Herman Klimenko, malware, Morne Wilken, PBSA, Russia, SignFlow, Vladimir Putin, white hat, white hat ethical hacker, William Vermaak, Windows
Source: SignFlow News

You May Also Like

Electronic Signatures

In today’s competitive banking landscape, it is all about service delivery to the digital citizen, where the bank that offers the most convenience, leads....

Electronic Signatures

The benefits of digitising business processes – both internal and external – are too significant for the move to paperless to be overlooked. Business...

Electronic Signatures

SigniFlow’s Portfolios feature allows businesses to fully digitise historically paper-heavy processes, from A to Z, enabling a paperless and efficient unit, and happy, stress-free...

Electronic Signatures

“Electronic” and “digital” are often used as interchangeable prefixes to the word “signature” – but there are vast differences between the two.

Electronic Signatures

Top ten benefits of digital signatures

Copyright © 2021 - SIGNIFLOW© SOFTWARE
Disclaimer: The information in this BLOG is provided for general informational purposes only and is the opinion of the author only. No information contained in this blog should be construed as legal advice from SigniFlow or the individual author, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this blog should act or refrain from acting on the basis of any information included in, or accessible through, this blog without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue.