Ethereum, Ethereum Classic, SiaCoin, ZCash, Pascal and Monero mining pool. Stable, anonymous, user-friendy pool with great user interface. PPLNS, regular payouts, low comisson. Bitcoin is the currency of the Internet: a distributed, worldwide, decentralized digital money. Unlike traditional currencies such as dollars, bitcoins are issued and managed without any central authority whatsoever: there is no government, company, or bank in charge of Bitcoin. As such, it is more resistant to wild inflation and corrupt banks. With Bitcoin, you can be your own bank. If you are new to Bitcoin, check out and. You can also explore the: • • • • • • • • • • • • Community guidelines • Do not use URL shortening services: always submit the real link. • Begging/asking for bitcoins is absolutely not allowed, no matter how badly you need the bitcoins. Only requests for donations to large, recognized charities are allowed, and only if there is good reason to believe that the person accepting bitcoins on behalf of the charity is trustworthy. • News articles that do not contain the word 'Bitcoin' are usually off-topic. Do you think you've got what it takes to join the tough world of cryptocurrency mining? Mycelium Wallet Bitcoin. A Bitcoin or Ethereum Cloud Mining. Bitcoin Cloud Mining. Bitzfree.com offers the most interactive and simple bitcoin cloud mining solution. Just type your e-mail and choose a password with at least 8. This subreddit is not about general financial news. • Submissions that are mostly about some other cryptocurrency belong elsewhere. For example, is a good place to discuss all cryptocurrencies. • Promotion of client software which attempts to alter the Bitcoin protocol without overwhelming consensus is not permitted. • No referral links in submissions. • No compilations of free Bitcoin sites. • Trades should usually not be advertised here. For example, submissions like 'Buying 100 BTC' or 'Selling my computer for bitcoins' do not belong here. Is primarily for news and discussion. • Please avoid repetition — is a subreddit devoted to new information and discussion about Bitcoin and its ecosystem. New merchants are welcome to announce their services for Bitcoin, but after those have been announced they are no longer news and should not be re-posted. Aside from new merchant announcements, those interested in advertising to our audience should consider. • Do not post your Bitcoin address unless someone explicitly asks you to. • Be aware that Twitter, etc. Is full of impersonation. Related communities Sorted roughly by decreasing popularity. • • • • • • [] • • (NSFW) • • • • • • Non-Bitcoin communities • • • • • • • Join us on IRC Other Bitcoin sites Download Bitcoin Core is the. Almost all Bitcoin wallets rely on Bitcoin Core in one way or another. If you have a fairly powerful computer that is almost always online, you can help the network by running Bitcoin Core. You can also use Bitcoin Core as a very secure Bitcoin wallet. • Latest stable version: [] • • You MUST before running it. Style sheet credits The CSS used by this subreddit is the Erdune Theme modified by and. Check out his other work. Ad campaign: We previously collected donations to fund Bitcoin advertising efforts, but we no longer accept donations. The funds already donated will be spent on some sort of advertising, as intended. As of now, 7 BTC was spent out of 4. If you have ideas for the remaining BTC,. Guys PLEASE READ THIS before investing your MONEY at GENESIS MINING This is simple MATH!! 10 years old child can understand this! In this experiment, I will pay 105 $(0.105974 BTC) for 700 GH/s GENESIS MINING will charge you FEES (Guys please read the Agreement ): a. 0.150 $ per GH/s upfront = 0.000150313 BTC * 700 GH/s = 0.1052191 BTC upfront fee b. 0.00028 $ per GH/s a day = 0.24 BTC * 700 GH/s = 0. BTC A DAY fee ( 0.071750532 BTC a year) Now to calculate the profit is very simple, BTC mined in a year minus you cost/investment and the sum of fees. 700GH/s will generate ≈ 0.1554 BTC a year. BTC Profit first year= 0.1554 earning - (0.1052191 + 0.071750532) fees - 0.105974 cost = - 0.127543632 BTC (-127.79 $) ROI of negative -27% You invested 100 $ in GENESIS MINING after a year you LOST 100 $ and you OWE them 27 $. Their system is designed to keep you buying more Hash Power in the hope of making a ROI in a distant future. More Hash power= more daily fees = less profitable Bitcoin earnings. In the second year, you wont pay the Upfront fee, but if the daily fee stay the same, you wont make any profit form the Bitcoin mined, because of the difficulty increase over time, in the end your daily fees will overcome the Bitcoin mined, the following will happen, and your account will be terminated in 20 days. ' if, on any day, Coins generated on one day do not suffice to pay item 2 of the Fee above, the Service Provider may use Coins generated on any day thereafter for such payment.' I wont consider this a SCAM because it's written in the Agreement, If you have already invested please stop the bleeding and use you money for better good. The conversion rate (1 BTC = 990.811 $) and BTC mining rewards (12.5 BTC) are calculated on 2/13/2017 *edits: I improved the formating, The second year paragraph added, ROI of negative -27% • • • • •. This is troubling, but it's what happens when there are a lot of new people exposed to Bitcoin, like during the bull runs of the end of last year. There are ponzi scams, bitcoin doublers, bitcoin 'investing', and there's cloud mining. All are scams meant to extract as much money from as many other people as possible. When engaging in a scam, even if you're somehow gaming the system to make a profit, there are 10 other people who lose money. It doesn't make you clever, it makes you complicit in the scam. The scammer is still making his profit while you make pennies due to someone else's misfortune. The best thing you can do is simply call out scams whenever you see them. I know this is going to be an unpopular view but here it goes. I disagree with revcback. I think bitcoin mining makes sense from an economics perspective based on the benefits of diversification. The economics of renting out cloud mining hash power is similar to that of a lead bank syndicating out a big loan it made to other banks (if you don't know what that is, check out investopedia: lead bank doesn't necessarily syndicate the loan bc it thinks the loan has a negative expected value. The lead bank normally is just trying to decrease the range/volatility of expected returns (even if it decreases overall/mean expected return for the big bank). I'm not positive that is the case with Genesis Mining, but it makes sense from an economics perspective. Also, with regard to the original post, sure you may not achieve ROI within 1 year, but few investments do. And by the poster's calculations, you would be at 23% ROI by 1.5 years! That may not seem like a lot to someone looking for a get-rich-quick scheme, but that is a pretty amazing return considering that the vast majority of Wall Street hedge funds can't beat the average market return of only 6-8% a year over the long term (see, e.g., ). Plus, once you achieve positive ROI, you're just making pure profit until the contract stops running because fees overcome mining revenues, without any risk of losing your already gained revenues (unlike with, for example, an investment in stock, where in order to get more profits, you always have to risk all your investment and previous returns evaporating bc the company could become insolvent due to an unforeseen event). With regard to the risk of the contract stopping prematurely due increasing fees/block difficulty, I think that risk is somewhat naturally hedged by the economics of the contract. Although block difficulty could increase faster than expected if there is a rush of people starting to mine more, people will only rush to mine more if bitcoin skyrockets in price (thus making the bitcoins you did mine/are mining worth more, and thus causing an increase in revenue per bitcoin mined that offsets the increased difficulty of mining). I'm not saying that I have all the answers or that I'm necessarily right. But I think that there is a valid argument that cloud mining need not be a scam and that the economics work out. The idea is that you carry the risk of currency depreciation and give them a guaranteed profit. At least that is how it is meant to work. Imagine the following: You purchase 1000 BTC worth of mining crap and make a farm. You need to make a return to pay off your creditors. A loss is unacceptable. You are god-tier sysadmin, so the only risk of loss is if the price of BTC tanks. You therefore sell mining contracts at the current BTC/USD rate. This means that regardless of what happens, you will make a predictable return. If BTC moons, then you make less than you could have, and the contract holder profits. If BTC tanks, then you make more than you would have, and the contract holder loses. Either way, you make the same, and the contract holder holds all the risk. Basically, you are engaging the contract holder in a futures contract. Again - this is how it is supposed to work. In reality, scams abound. Tread carefully:) • • • • •. While the world is holding its breath, wondering where notorious cybercriminal groups like Lazarus or Telebots will strike next with another destructive malware such as WannaCryptor or Petya, there are many other, less aggressive, much stealthier and often very profitable operations going on. One such operation has been going on since at least May 2017, with attackers infecting unpatched Windows webservers with a malicious cryptocurrency miner. The goal: use the servers’ computing power to mine Monero (XMR), one of the newer cryptocurrency alternatives to Bitcoin. To achieve this, attackers modified legitimate open source Monero mining software and exploited a known vulnerability in Microsoft IIS 6.0 to covertly install the miner on unpatched servers. Over the course of three months, the crooks behind the campaign have created a botnet of several hundred infected servers and made over USD 63,000 worth of Monero. ESET customers are protected against any attempts to exploit the CVE-2017-7269 vulnerability, even if their machines aren’t patched against it, as was. Why mine Monero and not Bitcoin? While far behind Bitcoin in market capitalization, Monero has several features that make it a very attractive cryptocurrency to be mined by malware – untraceable transactions and a proof of work algorithm called CryptoNight, which favors computer or server CPUs and GPUs, in contrast to specialized mining hardware needed for Bitcoin mining. We can observe the exchange rate jumping up from 40 USD/XMR up to 150 USD/XMR over the past month, falling back to 100 USD/XMR. Candlestick chart of the XMR/USD exchange rate in August, 2017 The Cryptominer First seen in-the-wild on 26 th May, 2017, the malicious mining software is a fork of a legitimate open source Monero CPU miner called, version 0.8.2 (also released May 26 2017). When creating the malicious mining software, the crooks did not apply any changes to the original open source codebase apart from adding hardcoded command line arguments of the attacker’s wallet address and the mining pool URL, plus a few arguments to kill all previously running instances of itself so as not to compete with its new instance. This couldn’t have taken the cybercrooks more than just couple of minutes as suggested by the fact that we saw it in-the-wild on the same day the base version of xmrig was released. You can see the attacker’s modified cryptominer and its identification with the available source code in the figures below. Code comparison between original and adapted versions Scanning and Exploitation The distribution of the miner to victims’ computers is the hardest part of this operation, but even here, the attackers went for the easiest approach. There are two IP addresses that we identified as the source of brute-force scans for the vulnerability and both point to servers in the Amazon Web Services cloud. The vulnerability exploited by the attackers was discovered in March 2017. It is a vulnerability in the WebDAV service that is part of Microsoft IIS version 6.0, the webserver in Windows Server 2003 R2. A dangerous buffer overflow in the ScStoragePathFromUrl function is triggered when the vulnerable server is processing a malicious HTTP request. In particular, a specifically crafted PROPFIND request leads to a buffer overflow due to a reallocation of double sized buffer when the count of Unicode characters is mistakenly provided instead of a byte-count. A very detailed analysis of the mechanism by Javier M. Mellid can be found. This vulnerability is especially susceptible to exploitation, since it’s located in a webserver service, which in most cases is meant to be visible from the internet and therefore can be easily accessed and exploited by anyone. The payload comes necessarily in the form of an alphanumeric string. The attackers replaced the string leading to the execution of the Windows calculator from the proof-of-concept with one leading to the download and execution of their malicious payload. However, this didn’t require much sophistication either, as there are online tools like that help to convert any shellcode into the desired string. The shellcode is the expected download-and-execute action (downloading dasHost.exe from hxxt://postgre[.]tk/ into the%TEMP% folder). Graph of infection waves over time Scanning is always done from one IP address, which seems to be a machine hosted on an Amazon cloud server that the attacker had rented and deployed their scanning software, and continue to use it to launch their attacks. Mitigation ESET detects the malicious binaries of the miner as Win32/CoinMiner.AMW trojan and the exploitation attempts at the network layer under the detection name webDAV/ExplodingCan. This is a real-world example of a packet that would be blocked. Specifically crafted HTTP request with an encoded shellcode and did not release any patch for this vulnerability until June 2017, when several critical vulnerabilities for its older systems were discovered and brought to the attention of malware authors. The good news is that despite the end-of-life status of the system, Microsoft decided to patch these critical vulnerabilities in order to avoid large-scale destructive attacks similar to the WannaCryptor (aka WannaCry) outbreak. However, keeping Windows Server 2003 up-to-date might be difficult due to the fact that automatic updates don’t always work smoothly (e.g. By Clint Boessen confirms our own troubles with updating the system). Consequently, many of these systems are still vulnerable to this day. We strongly advise users of Windows Server 2003 to apply and other critical patches as soon as possible (if automatic updates fail then download and install the security update manually!). Statistics Thanks to the mining pool stats being publicly available, we were able to see the combined hash rate of all victims, which represents the computing power dedicated to the mining account. The value seemed to consistently reach around 100 kilohashes per second (kH/s), with a surge of up to 160 kH/s in late August 2017, which we attribute to campaigns launched on August 23 and 30. Overall, the infected machines were making approximately XMR5.5 daily by the end of August and have made over XMR420 in total over the course of three months. According to the exchange rate of 150 USD/XMR at the time, these values were equal to USD 825 per day and over USD 63,000 in total, respectively. The attackers were very active at the end of August but have gone quiet since early this month with no new infections coming in. Moreover, because the miner has no persistence mechanism, the attackers have slowly begun losing already compromised machines, and the total hash rate has dropped all the way down to 60 kH/s at the time of writing. This is not the first time the attackers took such a break and it is likely a new campaign will be launched in the near future. The total number of victims is not known to us, but can be estimated from the total hash rate produced by the attacker. According to the, a high-end consumer Intel i7 processor has a hash rate of around 0.3-0.4 kH/s. However, considering the fact that the exploit is limited to systems running Windows Server 2003, which will most likely be running on older hardware with weaker CPUs, the average hash rate per victim will be much lower and the total number of infected machines probably much higher. Figure6: Statistics of the attackers’ wallet provided by the mining pool Conclusion We see that minimal know-how together with very low operating costs and a low risk of getting caught – in this case, misusing legitimate open-source cryptocurrency mining software and targeting old systems likely to be left unpatched – can be sufficient for securing a relatively high outcome. Sometimes it takes very little to gain a lot, and this is especially true in today’s world of cybersecurity, where even well-documented, long-known and warned about vulnerabilities are still very effective due to the lack of awareness of many users. IoCs Download Site: hxxp://postgre.tk hxxp://ntpserver.tk Source IPs: 54.197.4.10 52.207.232.106 18.220.190.151 Hashes: 31721AE37835F792EE792D8324E307BA423277AE A0BC6EA2BFA1D3D895FE8E706737D490D5FE3987 37D4CC67351B2BD8067AB99973C4AFD7090DB1E9 0902181D1B94646A089B1BDF428262 0AB00045D0D403F2D8F88C09BA4FEE A32A91FB766BA221F9A2DE3C06D173 9FCBE99C3BA077F7CB40 52413AE19BBCDB9339D38A6F305E040FE83DEE1B If you are interested in this topic you might also be interested in the following: Author and, ESET.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2018
Categories |