[en] and the first PUP.Miner appear…

Found on this website [en] and the first PUP.Miner appear...  but there are probably more websites...
flash-player-france.com has address 50.23.247.162

Domain Name: FLASH-PLAYER-FRANCE.COM
Registrar: GANDI SAS
Whois Server: whois.gandi.net
Referral URL: http://www.gandi.net
Name Server: NS1.SOFTLAYER.COM
Name Server: NS2.SOFTLAYER.COM
Status: clientTransferProhibited
Updated Date: 10-jul-2014
Creation Date: 31-aug-2010
Expiration Date: 31-aug-2015

PUP_BitCoinMiner

An installer : https://www.virustotal.com/fr/file/958383469fe921b9246f1659513d1833acb16cb810a1ce38382b081e65add0a2/analysis/

PUP_BitCoinMiner3

Some software propositions - the second propositions take my attention because it is proposing to mining.
This installer made some ping at mm.chitika.net (66.77.30.200)

Domain Name: CHITIKA.NET
Registrar: TUCOWS DOMAINS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Name Server: NS1.P07.DYNECT.NET
Name Server: NS2.P07.DYNECT.NET
Name Server: NS3.P07.DYNECT.NET
Name Server: NS4.P07.DYNECT.NET
Status: ok
Updated Date: 02-oct-2012
Creation Date: 29-jan-2001
Expiration Date: 29-jan-2020

Domain Name: CHITIKA.NET
Registry Domain ID: 55380534_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2012-10-02 12:59:18
Creation Date: 2001-01-29 02:45:01
Registrar Registration Expiration Date: 2020-01-29 02:45:01
Registrar: TUCOWS, INC.
Registrar IANA ID: 69
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.4165350123
Reseller: Web Results, Inc.
Reseller: [email protected]
Reseller: 9545690201
Reseller: http://www.webresultsinc.com

PUP_BitCoinMiner2
the terms & conditions lead to earnmoneymining.com :
PUP_BitCoinMiner4
start webpages and search settings hijack, as usual with PUP :PUP_BitCoinMiner5

and the miner is running : "C:\Documents and Settings\Mak\Application Data\EarnMoneyMining\pooler2-cpuminer-heavy-32\minerd.exe" --url=stratum+tcp://hvcpool.1gh.com:5333 --userpass=HTPkV7yVkvsrjirb2TCWAq9BP7MF6N4Pjs:128 --threads=1 --algo=heavy --vote 512

PUP_BitCoinMiner6

So yeah, BitCoin miner push with PUP way, not surprising by this, the border between PUP and "real" malware is more and more thin.
Malvertising, anti-vm, proxy, DNS Hijack.. more and more difficult to remove.

Cet article est sous licence Creative Commons BY-NC-SA.
Vous êtes autorisé à partager et modifier cet article, à condition de créditer le site ainsi que la licence, d'utiliser la même licence si vous modifiez l'oeuvre et de ne pas en faire d'utilisation commerciale.

Trouver la solution sur le forum d'aide

Vous êtes arrivé au terme de l'article [en] and the first PUP.Miner appear… mais vous n'avez pas trouvé la solution à votre problème...

Suivez ces articles du forum pour trouver une réponse :
Sinon créez votre propre demande pour obtenir de l'aide gratuite.
Plus de détails : Comment obtenir de l'aide sur le forum