[en] and the first PUP.Miner appear…

Found on this website [en] and the first PUP.Miner appear…  but there are probably more websites…
flash-player-france.com has address 50.23.247.162

Domain Name: FLASH-PLAYER-FRANCE.COM
Registrar: GANDI SAS
Whois Server: whois.gandi.net
Referral URL: http://www.gandi.net
Name Server: NS1.SOFTLAYER.COM
Name Server: NS2.SOFTLAYER.COM
Status: clientTransferProhibited
Updated Date: 10-jul-2014
Creation Date: 31-aug-2010
Expiration Date: 31-aug-2015

PUP_BitCoinMiner

An installer : https://www.virustotal.com/fr/file/958383469fe921b9246f1659513d1833acb16cb810a1ce38382b081e65add0a2/analysis/

PUP_BitCoinMiner3

Some software propositions – the second propositions take my attention because it is proposing to mining.
This installer made some ping at mm.chitika.net (66.77.30.200)

Domain Name: CHITIKA.NET
Registrar: TUCOWS DOMAINS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Name Server: NS1.P07.DYNECT.NET
Name Server: NS2.P07.DYNECT.NET
Name Server: NS3.P07.DYNECT.NET
Name Server: NS4.P07.DYNECT.NET
Status: ok
Updated Date: 02-oct-2012
Creation Date: 29-jan-2001
Expiration Date: 29-jan-2020

Domain Name: CHITIKA.NET
Registry Domain ID: 55380534_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2012-10-02 12:59:18
Creation Date: 2001-01-29 02:45:01
Registrar Registration Expiration Date: 2020-01-29 02:45:01
Registrar: TUCOWS, INC.
Registrar IANA ID: 69
Registrar Abuse Contact Email: domainabuse@tucows.com
Registrar Abuse Contact Phone: +1.4165350123
Reseller: Web Results, Inc.
Reseller: michael@webresultsinc.com
Reseller: 9545690201
Reseller: http://www.webresultsinc.com

PUP_BitCoinMiner2
the terms & conditions lead to earnmoneymining.com :
PUP_BitCoinMiner4
start webpages and search settings hijack, as usual with PUP :PUP_BitCoinMiner5

and the miner is running : « C:\Documents and Settings\Mak\Application Data\EarnMoneyMining\pooler2-cpuminer-heavy-32\minerd.exe » –url=stratum+tcp://hvcpool.1gh.com:5333 –userpass=HTPkV7yVkvsrjirb2TCWAq9BP7MF6N4Pjs:128 –threads=1 –algo=heavy –vote 512

PUP_BitCoinMiner6

So yeah, BitCoin miner push with PUP way, not surprising by this, the border between PUP and « real » malware is more and more thin.
Malvertising, anti-vm, proxy, DNS Hijack.. more and more difficult to remove.

Comment lire d'autres tutoriels de malekal.com ?

Si le site vous a aidé, svp, débloquez les bloqueurs de publicités, n'hésitez pas non plus à partager l'article ou le site sur les réseaux sociaux.

Pour pouvoir lire plus d'articles et tutoriels, utilisez le menu en haut du site. Plein d'articles et tutos utiles vous attendent !

Besoin d'aide ?

Posez votre question ou soumettez votre problème sur le forum malekal.com pour obtenir une aide efficace : Aller sur le forum malekal.com
(Visited 9 times, 1 visits today)

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *