Is cow pool harmful
Publish: 2021-04-04 21:33:29
1.
mining is perhaps one of the most important components of the bitcoin ecosystem. Miners need to solve complex mathematical problems, so as to ensure the smooth implementation of the transaction. These problems are so complex that they are difficult to solve even for extremely powerful computers. Computers need work and luck to solve these mathematical problems, just as miners dig underground. The chance of solving this problem correctly is about one in 13 trillion
bitcoin mining has two purposes. Firstly, by solving mathematical problems, bitcoin miners can verify the transaction information, so as to ensure the security and reliability of bitcoin payment network. Miners are the people who ensure that transactions are accurate and that there is no "double payment."
Secondly, when the computer solves these complex mathematical problems on the bitcoin network, the system will generate new bitcoin, which is similar to the process of mining gold from the ground. The reward is called "block reward", and after the event called "halving", its amount will be periodically halved. The newly discovered concept of bitcoin is an important part of bitcoin protocol. The bitcoin obtained by the miners is brand new and has never been in circulation beforesince miners will eventually sell the bitcoin, it is also an important source of supply and liquidity. As chainalysis reports, many digital currency exchanges rely on miners to receive bitcoin and increase their liquidity. Typically, exchanges get about 88% of bitcoin from other exchanges, and bitcoin miners are the largest source of the remaining percentage. As you can imagine, there is fierce competition between exchanges to receive bitcoin directly from miners
further enlarge the map, most of the mining activities are only carried out in four provinces, the first two provinces are Xinjiang and Sichuan, accounting for nearly half of all bitcoin mining in China. Electricity prices are cheap and the weather is cold in these areas. This helps to keep mining profits and equipment cool ring the 24 / 7 operation and maintenance period of bitcoin mining
but this is nothing new for digital currency issuance. For many years, China has been a major market for bitcoin miners e to its cheap electricity and abundant resources. Bitmain, f2pool and Canaan are all located in China
whether this is a negative or positive message depends on your point of view. But for decentralized, distributed, unlicensed networks, geographic regions across multiple entities are more healthy for the entire ecosystem
2. Trojan horse fully parses
a customer's PC has strange symptoms, such as slow speed, CD-ROM trays coming in and out irregularly, never seen error messages, screen image flipping, etc. I cut off his Internet connection, followed the standard proceres for dealing with malware, and finally found out the culprit: two remote access Trojans - one is the cult of the dead cow, the infamous back origin, and the less common one is the thing. In this incident, the attacker seems to be a child, he just wants to play some pranks, so that others can not access the Internet, or exchange some pornographic information, but there is nothing more dangerous. If the attacker has other more dangerous targets, he may have stolen a lot of confidential information from the client's machine and its network
Trojan horse is more dangerous than any other malicious code. The best way to ensure security is to be familiar with the type and working principle of Trojan horse, and master how to detect and prevent these malicious code< Trojan horse is a kind of malicious program, which runs quietly on the host machine, and allows the attacker to access and control the system remotely without the user's awareness. Generally speaking, most Trojans imitate the functions of some regular remote control software, such as Symantec's PcAnyWhere, but Trojans also have some obvious characteristics, such as its installation and operation are completed in concealment. Attackers often hide Trojan horse in some games or small software to lure careless users to run on their own machine. The most common situation is that the cheated users either download and run the software with malicious code from the irregular website, or accidentally click the email attachment with malicious code
most Trojans include client and server. The attacker uses a tool called binding program to bind part of the server to a legitimate software to ince users to run legitimate software. As long as the user runs the software, the server part of the Trojan horse will complete the installation process without the user's awareness. Generally, the server part of Trojan horse can be customized, and the items that attackers can customize generally include: the IP port number of the server, the starting time of the program, how to call, how to hide, and whether to encrypt. In addition, the attacker can also set the password of login server and determine the communication mode
the way the server notifies the attacker may be to send an email to announce that it has successfully taken over the machine; Or it may be to contact a hidden Internet communication channel and broadcast the IP address of the occupied machine; In addition, when the server part of the Trojan horse is started, it can directly communicate with the client program running on the attacker's machine through a predefined port. No matter how the Trojan's server and client program establish contact, one thing remains unchanged. The attacker always uses the client program to send commands to the server program to control the user's machine
Trojan attackers can not only view the intruded machines at will, but also issue commands through broadcast to instruct all Trojans under his control to act together, or spread to a wider range, or do other dangerous things. In fact, with a pre-defined keyword, all the intruded machines can format their own hard disks or attack another host. Attackers often use Trojans to invade a large number of machines, and then launch a distributed denial of service (DOS) attack on a critical host. When the victim detects that the network is going to be flooded by unusual traffic and tries to find out the attacker, he can only trace a large number of unknown DSL or cable modem users who are also victims, The real attackers have long since escaped< Second, extremely dangerous malicious programs. For most malicious programs, as long as you delete them, even if the danger is past, the threat will no longer exist. However, Trojan horse is special. Like viruses and worms, Trojans can also delete or modify files, format hard disks, upload and download files, harass users, and expel other malicious programs. For example, it is often seen that attackers occupy the intruded machine to save games or attack tools, and all the disk space of users is almost occupied, Trojans also have unique features - content theft, remote control - which make them the most dangerous malware
first of all, Trojan has the ability to capture every user's screen and every keystroke event, which means that attackers can easily steal the user's password, directory path, drive mapping, and even medical records, bank accounts and credit cards, personal communication information. If the PC has a microphone, the Trojan can eavesdrop on the conversation. If the PC has a camera, many Trojans can open it and capture video content. In the world of malicious code, there is no Trojan horse that threatens users' privacy more. Everything you say and do in front of the PC may be recorded
some Trojans have packet sniffers, which can capture and analyze every packet flowing through the network card. The attacker can use the information stolen by Trojan horse to set the back door. Even if the Trojan horse is cleared later, the attacker can still use the back door left before to break in easily
secondly, if an unauthorized user has the ability to remotely control the host machine, the host machine will become a powerful attack weapon. Remote attackers not only have the ability to manipulate PC's own resources at will, but also can impersonate legitimate users of PC, such as sending e-mail and modifying documents, and of course, they can attack other machines by using the occupied machine. Two years ago, a home user asked me to help him prove to the trading agency that he had not submitted a stock transaction that appeared to be a significant loss. The trading agency did record the IP address of his PC in the transaction, and I also found traces of the controversial transaction in his browser buffer. In addition, I found subseven (backdoor)_ G) Signs of a Trojan horse. Although there is no evidence to show that the Trojan horse is directly related to the stock transaction that caused him heavy losses, it can be seen that the Trojan horse was active at the time of the transaction< Third, the types of Trojan horse
common Trojan horses, such as back origin and subseven, are all multi-purpose attack toolkits with comprehensive functions, including capturing screen, sound and video content. These Trojans can be used as key recorders, remote controllers, FTP servers, HTTP servers, telnet servers, and can also find and steal passwords. The attacker can configure the port and operation mode of Trojan horse monitoring, and whether the Trojan horse contacts the attacker through email, IRC or other means of communication. Some of the most harmful Trojans have the ability of anti detection. They can hide themselves in various ways, encrypt communication, and even provide professional API for other attackers to develop additional functions. Because of their comprehensive functions, these Trojans are usually large in size, usually up to 100 kb to 300 KB. Relatively speaking, it is more difficult to install them on the user's machine without attracting anyone's attention
for a relatively simple Trojan horse, the attacker will try to keep it smaller, usually 10 KB to 30 KB, so that it can be activated quickly without attention. These Trojans are usually used as key recorders. They record every keystroke event of the victim and save it to a hidden file, so that the attacker can download the file and analyze the user's operation. There are also some Trojans with FTP, web or chat server functions. Usually, these micro Trojans are only used to steal the initial remote control ability which is difficult to obtain, so as to ensure the security of the initial invasion, so as to upload and install a large Trojan horse with comprehensive functions at the appropriate time when it is unlikely to attract attention
if you look for any Internet search website and search for the keyword remote access Trojan, you will soon get hundreds of Trojan horses. There are so many kinds of Trojan horses that most web sites specializing in Trojan horse collection have to arrange them in alphabetical order, with dozens or even more than 100 Trojans under each letter. Let's take a look at the two most popular Trojans: back origin and subseven
■ back origin
in 1998, cult of the dead cow developed back origin. This program soon became popular in the field of Trojan horse. It not only has a programmable API, but also has many other new functions, which makes many regular remote control software look pale. Back orifice2000 (bo2k) is issued according to GNU GPL (general public license), hoping to attract a group of regular users, so as to compete with the old remote control software such as PcAnyWhere
however, many users are unlikely to accept it in a short time e to its default covert operation mode and obvious intention of attack. The attacker can use the server configuration tool of bo2k to configure many server parameters, including TCP or UDP, port number, encryption type, secret activation (it runs better on Windows 9x, but is inferior on Windows NT), password, plug-in, etc
back origin has many impressive features, such as keystroke event logging, http file browsing, registry editing, audio and video capture, password stealing, TCP / IP port redirection, message sending, remote restart, remote locking, packet encryption, file compression, etc. Back orifices comes with a software development kit (SDK), which allows you to extend its functions through plug-ins
Default Bo_ The peep.dll plug-in allows attackers to remotely control the keyboard and mouse of the machine. As far as practical application is concerned, back orifices are very sensitive to wrong input commands. Inexperienced novices may make it crash frequently, but experienced veterans will make it tame and tough<
■ subseven
subseven may be even more popular than back origin. This trojan has always been in the forefront of infection statistics of major anti-virus software manufacturers. Subseven can be used as key logger, packet sniffer, port redirection, registry modification, microphone and camera recording. Figure 2 shows some of subseven's client commands and server configuration options
subseven has many functions that embarrass victims: attackers can remotely exchange mouse buttons to turn caps lock off / on
a customer's PC has strange symptoms, such as slow speed, CD-ROM trays coming in and out irregularly, never seen error messages, screen image flipping, etc. I cut off his Internet connection, followed the standard proceres for dealing with malware, and finally found out the culprit: two remote access Trojans - one is the cult of the dead cow, the infamous back origin, and the less common one is the thing. In this incident, the attacker seems to be a child, he just wants to play some pranks, so that others can not access the Internet, or exchange some pornographic information, but there is nothing more dangerous. If the attacker has other more dangerous targets, he may have stolen a lot of confidential information from the client's machine and its network
Trojan horse is more dangerous than any other malicious code. The best way to ensure security is to be familiar with the type and working principle of Trojan horse, and master how to detect and prevent these malicious code< Trojan horse is a kind of malicious program, which runs quietly on the host machine, and allows the attacker to access and control the system remotely without the user's awareness. Generally speaking, most Trojans imitate the functions of some regular remote control software, such as Symantec's PcAnyWhere, but Trojans also have some obvious characteristics, such as its installation and operation are completed in concealment. Attackers often hide Trojan horse in some games or small software to lure careless users to run on their own machine. The most common situation is that the cheated users either download and run the software with malicious code from the irregular website, or accidentally click the email attachment with malicious code
most Trojans include client and server. The attacker uses a tool called binding program to bind part of the server to a legitimate software to ince users to run legitimate software. As long as the user runs the software, the server part of the Trojan horse will complete the installation process without the user's awareness. Generally, the server part of Trojan horse can be customized, and the items that attackers can customize generally include: the IP port number of the server, the starting time of the program, how to call, how to hide, and whether to encrypt. In addition, the attacker can also set the password of login server and determine the communication mode
the way the server notifies the attacker may be to send an email to announce that it has successfully taken over the machine; Or it may be to contact a hidden Internet communication channel and broadcast the IP address of the occupied machine; In addition, when the server part of the Trojan horse is started, it can directly communicate with the client program running on the attacker's machine through a predefined port. No matter how the Trojan's server and client program establish contact, one thing remains unchanged. The attacker always uses the client program to send commands to the server program to control the user's machine
Trojan attackers can not only view the intruded machines at will, but also issue commands through broadcast to instruct all Trojans under his control to act together, or spread to a wider range, or do other dangerous things. In fact, with a pre-defined keyword, all the intruded machines can format their own hard disks or attack another host. Attackers often use Trojans to invade a large number of machines, and then launch a distributed denial of service (DOS) attack on a critical host. When the victim detects that the network is going to be flooded by unusual traffic and tries to find out the attacker, he can only trace a large number of unknown DSL or cable modem users who are also victims, The real attackers have long since escaped< Second, extremely dangerous malicious programs. For most malicious programs, as long as you delete them, even if the danger is past, the threat will no longer exist. However, Trojan horse is special. Like viruses and worms, Trojans can also delete or modify files, format hard disks, upload and download files, harass users, and expel other malicious programs. For example, it is often seen that attackers occupy the intruded machine to save games or attack tools, and all the disk space of users is almost occupied, Trojans also have unique features - content theft, remote control - which make them the most dangerous malware
first of all, Trojan has the ability to capture every user's screen and every keystroke event, which means that attackers can easily steal the user's password, directory path, drive mapping, and even medical records, bank accounts and credit cards, personal communication information. If the PC has a microphone, the Trojan can eavesdrop on the conversation. If the PC has a camera, many Trojans can open it and capture video content. In the world of malicious code, there is no Trojan horse that threatens users' privacy more. Everything you say and do in front of the PC may be recorded
some Trojans have packet sniffers, which can capture and analyze every packet flowing through the network card. The attacker can use the information stolen by Trojan horse to set the back door. Even if the Trojan horse is cleared later, the attacker can still use the back door left before to break in easily
secondly, if an unauthorized user has the ability to remotely control the host machine, the host machine will become a powerful attack weapon. Remote attackers not only have the ability to manipulate PC's own resources at will, but also can impersonate legitimate users of PC, such as sending e-mail and modifying documents, and of course, they can attack other machines by using the occupied machine. Two years ago, a home user asked me to help him prove to the trading agency that he had not submitted a stock transaction that appeared to be a significant loss. The trading agency did record the IP address of his PC in the transaction, and I also found traces of the controversial transaction in his browser buffer. In addition, I found subseven (backdoor)_ G) Signs of a Trojan horse. Although there is no evidence to show that the Trojan horse is directly related to the stock transaction that caused him heavy losses, it can be seen that the Trojan horse was active at the time of the transaction< Third, the types of Trojan horse
common Trojan horses, such as back origin and subseven, are all multi-purpose attack toolkits with comprehensive functions, including capturing screen, sound and video content. These Trojans can be used as key recorders, remote controllers, FTP servers, HTTP servers, telnet servers, and can also find and steal passwords. The attacker can configure the port and operation mode of Trojan horse monitoring, and whether the Trojan horse contacts the attacker through email, IRC or other means of communication. Some of the most harmful Trojans have the ability of anti detection. They can hide themselves in various ways, encrypt communication, and even provide professional API for other attackers to develop additional functions. Because of their comprehensive functions, these Trojans are usually large in size, usually up to 100 kb to 300 KB. Relatively speaking, it is more difficult to install them on the user's machine without attracting anyone's attention
for a relatively simple Trojan horse, the attacker will try to keep it smaller, usually 10 KB to 30 KB, so that it can be activated quickly without attention. These Trojans are usually used as key recorders. They record every keystroke event of the victim and save it to a hidden file, so that the attacker can download the file and analyze the user's operation. There are also some Trojans with FTP, web or chat server functions. Usually, these micro Trojans are only used to steal the initial remote control ability which is difficult to obtain, so as to ensure the security of the initial invasion, so as to upload and install a large Trojan horse with comprehensive functions at the appropriate time when it is unlikely to attract attention
if you look for any Internet search website and search for the keyword remote access Trojan, you will soon get hundreds of Trojan horses. There are so many kinds of Trojan horses that most web sites specializing in Trojan horse collection have to arrange them in alphabetical order, with dozens or even more than 100 Trojans under each letter. Let's take a look at the two most popular Trojans: back origin and subseven
■ back origin
in 1998, cult of the dead cow developed back origin. This program soon became popular in the field of Trojan horse. It not only has a programmable API, but also has many other new functions, which makes many regular remote control software look pale. Back orifice2000 (bo2k) is issued according to GNU GPL (general public license), hoping to attract a group of regular users, so as to compete with the old remote control software such as PcAnyWhere
however, many users are unlikely to accept it in a short time e to its default covert operation mode and obvious intention of attack. The attacker can use the server configuration tool of bo2k to configure many server parameters, including TCP or UDP, port number, encryption type, secret activation (it runs better on Windows 9x, but is inferior on Windows NT), password, plug-in, etc
back origin has many impressive features, such as keystroke event logging, http file browsing, registry editing, audio and video capture, password stealing, TCP / IP port redirection, message sending, remote restart, remote locking, packet encryption, file compression, etc. Back orifices comes with a software development kit (SDK), which allows you to extend its functions through plug-ins
Default Bo_ The peep.dll plug-in allows attackers to remotely control the keyboard and mouse of the machine. As far as practical application is concerned, back orifices are very sensitive to wrong input commands. Inexperienced novices may make it crash frequently, but experienced veterans will make it tame and tough<
■ subseven
subseven may be even more popular than back origin. This trojan has always been in the forefront of infection statistics of major anti-virus software manufacturers. Subseven can be used as key logger, packet sniffer, port redirection, registry modification, microphone and camera recording. Figure 2 shows some of subseven's client commands and server configuration options
subseven has many functions that embarrass victims: attackers can remotely exchange mouse buttons to turn caps lock off / on
Hot content