Professional mining botnet
Publish: 2021-05-12 15:21:37
1.
It's a scam. Many Internet enterprises and network security enterprises believe that illegal "mining" has become a serious network security problem
with the rise of "cloud mining", the virtual machine has become the main use object of digital currency such as Monroe coin and Eli coin, and the situation of embezzling cloud computing resources for "mining" has also increased significantly; Security team monitoring found that "competing for mining machine" has become one of the important purposes of Botnet expansion; And found a new type of "mining" virus (mining XmR / Monroe), the virus spread wildly in two months, illegal "mining" profits of nearly one million yuan
extended information:
from a commercial point of view, the business model of mining can walk out of a "healthy road". As long as the "incentive money" is lower than the average cost of new users in the market, the business model will be reasonable and feasible
however, if the platform tempts users to participate with "no capital, no profit", it is worth being vigilant. The so-called "mining" opportunity provided by the platform is likely to be "digging a good hole" waiting for you to jump in
2. First of all, this problem is related to the original intention of the birth of bitcoin. Bitcoin was invented by Nakamoto to to fight against the inflation of the issued legal currency. Using mathematical laws to solve the problem that the partial reserve system under the monopoly of the central bank will inevitably lead to the issue of additional money out of nothing and rob the wealth of ordinary people Take a look at the bad cases of India, Venezuela and other countries)
of course, bitcoin is not perfect. Even if it is bad, at least it will be better than legal currency in one point, that is, there will be no inflation.
of course, bitcoin is not perfect. Even if it is bad, at least it will be better than legal currency in one point, that is, there will be no inflation.
3. Botnet defense methods
If a computer is attacked by DOS from a botnet, there is little choice. Generally speaking, botnets are geographically distributed, so it is difficult to determine the attack mode of botnets
passive operating system fingerprint identification can confirm the attack from botnet. Network administrators can configure firewall devices and use the information obtained from passive operating system fingerprint identification to take action against botnet. The best defense measure is to use the intrusion prevention system with special hardware
some botnets use free DNS hosting services to point a subdomain to an IRC server harboring "broilers". Although these free DNS services do not attack themselves, they provide a reference point. Clearing these services can disrupt the entire botnet. Recently, some companies have tried to eliminate the subdomains of these domains. Zombie communities call this route "null route" because DNS hosting services usually redirect aggressive subdomains to an inaccessible IP address
the botnet server structure mentioned above has inherent loopholes and problems. For example, if a server with botnet channel is found, all other servers and other zombies will be exposed. If a botnet server lacks rendancy, disconnecting the server will cause the whole botnet to crash. However, IRC server software includes some features to hide other servers and zombies, so finding a channel may not lead to the demise of botnets
host based technology uses heuristics to identify zombie behaviors that bypass traditional anti-virus mechanisms. The network-based methods graally use the above technologies to shut down the servers that botnets rely on, such as the DNS project of "empty route", or shut down the IRC server completely
however, the new generation of Botnet is almost entirely P2P. By embedding command and control into Botnet, botnet can avoid the failure of a single point through dynamic update and change. Spyware can hard code all suspicious passwords into the botnet with a public key. The data captured by botnet can only be read through the private key held by the botnet controller
it must be pointed out that the new generation botnet can detect and respond to attempts that can analyze the way it works. For example, when a large botnet detects that it is being analyzed, it can even disconnect researchers from the network. So units need professional botnet solutions
botnet solutions
the good news is that defense forces are also responding quickly when threats continue to grow. If you are in charge of a large enterprise, you can use some commercial procts or open source procts to deal with these threats
first of all, fireeye's proct, which can give a clear view of any attack without any signature assistance. Fireeye's virtual machine is private, which reces the risk of attackers learning how to destroy the virtual machine. Fireeye can identify botnet nodes and block their communication with client networks. This allows the customer's IT staff to take action when fireeye detects a botnet attack and then easily rebuild the infected system. When network access is less critical, infected machines can be banned immediately. Damballa created its own technology to track and defend botnets. The company's failsafe solution can identify damaged hosts within the enterprise network without using signature or behavior-based techniques. In addition, secureworks and eye digital security also have their own special technology to deal with botnets
famous large companies, such as Google, are unlikely to be defeated by botnets. The reason is very simple, they mainly rely on distributed servers. DDoS attackers will have to conquer this global distributed network, which is almost impossible, because this network can process up to 650GB of data per second. Small companies can guard against DDoS attacks by carefully selecting their Internet providers. It is a good idea if the providers can confirm and filter attacks at the high-speed link access level
however, because DDoS attacks are so easy to detect and intense, it is easy for defenders to isolate and clear botnets. Criminal organizations typically retain their resources for tasks that bring them more money and minimize their exposure.
If a computer is attacked by DOS from a botnet, there is little choice. Generally speaking, botnets are geographically distributed, so it is difficult to determine the attack mode of botnets
passive operating system fingerprint identification can confirm the attack from botnet. Network administrators can configure firewall devices and use the information obtained from passive operating system fingerprint identification to take action against botnet. The best defense measure is to use the intrusion prevention system with special hardware
some botnets use free DNS hosting services to point a subdomain to an IRC server harboring "broilers". Although these free DNS services do not attack themselves, they provide a reference point. Clearing these services can disrupt the entire botnet. Recently, some companies have tried to eliminate the subdomains of these domains. Zombie communities call this route "null route" because DNS hosting services usually redirect aggressive subdomains to an inaccessible IP address
the botnet server structure mentioned above has inherent loopholes and problems. For example, if a server with botnet channel is found, all other servers and other zombies will be exposed. If a botnet server lacks rendancy, disconnecting the server will cause the whole botnet to crash. However, IRC server software includes some features to hide other servers and zombies, so finding a channel may not lead to the demise of botnets
host based technology uses heuristics to identify zombie behaviors that bypass traditional anti-virus mechanisms. The network-based methods graally use the above technologies to shut down the servers that botnets rely on, such as the DNS project of "empty route", or shut down the IRC server completely
however, the new generation of Botnet is almost entirely P2P. By embedding command and control into Botnet, botnet can avoid the failure of a single point through dynamic update and change. Spyware can hard code all suspicious passwords into the botnet with a public key. The data captured by botnet can only be read through the private key held by the botnet controller
it must be pointed out that the new generation botnet can detect and respond to attempts that can analyze the way it works. For example, when a large botnet detects that it is being analyzed, it can even disconnect researchers from the network. So units need professional botnet solutions
botnet solutions
the good news is that defense forces are also responding quickly when threats continue to grow. If you are in charge of a large enterprise, you can use some commercial procts or open source procts to deal with these threats
first of all, fireeye's proct, which can give a clear view of any attack without any signature assistance. Fireeye's virtual machine is private, which reces the risk of attackers learning how to destroy the virtual machine. Fireeye can identify botnet nodes and block their communication with client networks. This allows the customer's IT staff to take action when fireeye detects a botnet attack and then easily rebuild the infected system. When network access is less critical, infected machines can be banned immediately. Damballa created its own technology to track and defend botnets. The company's failsafe solution can identify damaged hosts within the enterprise network without using signature or behavior-based techniques. In addition, secureworks and eye digital security also have their own special technology to deal with botnets
famous large companies, such as Google, are unlikely to be defeated by botnets. The reason is very simple, they mainly rely on distributed servers. DDoS attackers will have to conquer this global distributed network, which is almost impossible, because this network can process up to 650GB of data per second. Small companies can guard against DDoS attacks by carefully selecting their Internet providers. It is a good idea if the providers can confirm and filter attacks at the high-speed link access level
however, because DDoS attacks are so easy to detect and intense, it is easy for defenders to isolate and clear botnets. Criminal organizations typically retain their resources for tasks that bring them more money and minimize their exposure.
4. What is a botnet? Botnet is a one to many control network formed between the controller and the infected host by infecting a large number of hosts with BOT programs by one or more means of transmission. There are several keywords in botnet's concept“ "BOT program" is the abbreviation of robot, which refers to the program code to realize the malicious control function“ "BOT computer" is the computer implanted into bot“ "Control server" refers to the central server for control and communication. Botnet is first of all a controllable network, this network does not refer to the physical sense of the network with topology, it has a certain degree of distribution, with the continuous spread of BOT programs and constantly have new location of Botnet added to the network. Secondly, this network is formed by certain means of malicious propagation, such as active vulnerability attack, e-mail virus and other means of virus and worm propagation, which can be used to spread botnet. In this sense, BOT is also a kind of virus or worm. Finally, the most important feature of botnets is that they can perform the same malicious behavior one to many, such as DDoS attack on a target website at the same time, and send a large number of spam at the same time, It enables attackers to efficiently control a large number of resources to serve them at a very low cost, which is also the fundamental reason why botnet attack mode is favored by hackers in recent years. Botnet acts as an attack platform when executing malicious behaviors, which makes botnet different from simple viruses and worms, and also different from Trojan horse in common sense. How do hackers use patch mail? At present, hackers use forged Microsoft patch e-mail to build botnets, so please confirm that the majority of Internet users have received the e-mail about Microsoft patch, and find out what you downloaded to your computer. According to the Internet Storm Center, hackers are forging malicious e-mails based on Microsoft's security updates. Such forged e-mails can not provide users with any useful security patches, but actually contain malicious code in the links or attachments provided by the e-mails, Those unsuspecting users download malicious programs to their hosts after clicking on these links. In fact, users who pay a little attention to Microsoft's security patches will know that Microsoft never notifies users to install security updates through e-mail. Microsoft always makes security announcements on the home page of its security center http://www.microsoft.com/china/technet/security/default.mspx The purpose of publishing safety information. Through this kind of forged email, the application downloaded with the security patch is actually a backdoor Trojan horse, that is, the BOT program mentioned above. The machine affected by this kind of Trojan horse will be controlled remotely by hackers, and the affected machine has joined the botnet. Hackers who forge e-mails are very smart. They put hyperlinks in the names of victims or companies to link to Trojans. So far, security researchers have found four different URL addresses that all point to Trojan horse programs. Among the forged emails, one of them read as follows: "because you have used Microsoft software and received this email, we obtained your email address from the email list you submitted to Microsoft Windows Update. A 0day vulnerability (an unpublished vulnerability) has spread on the Internet, which will affect users who use Microsoft Outlook. After successfully exploiting the vulnerability, the hacker can take full control of your machine Here is the link address of a patch
5. Be careful, fc.themeinstaller mobile phone virus can't be unloaded, you need to use mobile phone anti-virus software to kill it, you go to download netqin mobile phone anti-virus software to kill it, don't open the link you don't know, mobile phone virus comes out quickly, you should always pay attention to this aspect of information prevention
Hot content