Cause of the botnet ( in response to " pajeet " exploit )
-
When you want blago's opinion on that you need to tag him ( @Blago ) !
From the first glance it looks like this guy made the old wplotgenerator out of the XPlotter. Wplotgenerator used the Stagger, which were simplified like sequential chunks of plots.
It just doesn't make any sense why this should be better or give better results.
-
@Marc exactly.
-
@jant90 said in Cause of the botnet ( in response to " pajeet " exploit ):
BUT the theory is that you will receive lower deadlines because of the relative position of the nonce within the plot files.
And that's the part that is complete and utter BS. The miner doesn't care where abouts in a file a scoop came from; the scoop is going to have the same content, and the miner is going to do exactly the same calculations if it's the last scoop in a 1GB file or buried somewhere in a multi terabyte file. The scoop has a value, that is mathematically processed to create a DL with no regard to file position. Scoop Y in Nonce X is always going to be Scoop Y in Nonce X and will always have the same DL.
-
-
@Blago LOL - quoting me at BN could get you banned ..... ;-)
-
@Blago @haitch But they are saying that nonces with index over 9,223,372,036,854,775,807 hit more blocks?
Or are they starting to count down from 9,223,372,036,854,775,807 ?
I didn't get it...0faucet.burstcoin.pt | burstcoin.pt | I just help for pleasure but if you want donate some coins: BURST-JYHR-SPXP-YT22-5F4KM
one_reply_to_this_post
-
@gpedro it's complete and utter BS. SnakeOil.A scam. Mathematically impossible. The people spouting this crap are doing so from the place where crap comes from .....
-
@Blago Have you looked at the code? It's possible that it may be infected too? you know as trojan horse or something?
@haitch I think so too but I wanted to try and understand what they are saying...
0faucet.burstcoin.pt | burstcoin.pt | I just help for pleasure but if you want donate some coins: BURST-JYHR-SPXP-YT22-5F4KM
2 Replies
-
The code looks fine, but the exe he's distributing as a release could be malware.
-
@gpedro i'd check the code - he add only 2 strings - loop, using "goto" https://github.com/SamuelNZ/SPlotter/blob/master/SPlotter.cpp#L312
(scool-boy programming style)
-
@Blago what about the actual exe? Did you check that? I can stand up a vm to profile the exe in an isoled environment, I guess.
-
@illuminatus virustotal - exe clear
-
@illuminatus That would be cool...
@Blago I guessed so too xD
-
@Blago right - but a virus scanner ( I assume you used that) would rely on a known signature of the file(s) - how do we know that running it doesn't install something else?
-
@illuminatus same way you know there is not a mugger down the alley in front of you. Little bit of faith and a little bit of caution...
Blago said the code was clean just added two lines if you don't trust the exe the author built you can build your own off the source. But IMHO if the author's exe was infected with a botnet spreading virus or trojan then his github account would get reported and dropped or flagged.
-
@Lunas considering the time from when he posted the code and this guy started the "bot" dont think they are same guy....
not sure he could have gotten 15 K + pcs infected that quickly cause wouldnt they still have to be plotted to get it to work?
-
@falconCoin it is not that hard to make a bat script i know you can make a auto number gen script or even a count to 819,200 add 819200+1 and loop. If he had lets say a bank network at his disposal. And was one of the IT guys he could from his 1 terminal place an automatic script to send a file to each pc in the network each file sent would be generated by a script and to run the plotter and miner and sent. Once on pc it would execute whatever and either download the 200tb burst file or run the plotter and at the same time it could run the miner set as a background service on startup using only 1 core 90% of the time nobody would even know it was there... it would use the terminals cpu and hdd.
To give you an idea most banks have terminals that are full pc with a 500gb+ hdd and an i5 or an i7 processor with 1-2 gig of ram and typically running a variation of windows server edition. A large school campus would have similar setups and yes the IT dept could launch on each and every machine a script to do this and it could even advance the starting nounce so it would not overlap...
The fact is however he did it the math of him bringing a network of 15,400 bots is viable and the evidence is sound. If he set the plotter to run in the background at low speed or after hours at full speed it would only take a few hours for a modestly powered i5 to make a 200gb plot...
Infact i wouldn't be surprised if his botnet only grew bigger or if it disappears for periods of time to prevent his discovery by his employers or the faculty.
-
He's not running it where he works, that's for sure. 15k unique IP's isn't any specific location. It's just a botnet he has remote control over.
I doubt he's seen or knows a single computer that's infected with it personally, so it's doubtful that any of those "drone" IP addresses would trace back to anything physically connected to him.
Even a large University or school or anything only has a hundred unique IP addressed at most, there isn't a need for more unless you're running a data center or server farm.
-
@captinkid bank networks can traverse multiple countries as can call centers but the fact remains he is a person or persons who has either infected or has access to a widely distributed network of at least 15,400 computers.
-
From the wide range of IP address types hinted at (Universities, different countries, etc) it's not a single organization.
Logically a large organization could do this for themselves, but a few hundred dollars a day wouldn't make sense for them, as they make more money in other ways. It's a drop in the bucket.
And any large organization with an IT guy who does this would have other IT people find out about it VERY quickly. If you're talking a business with 15k unique IP addresses, they should have IT staff in the hundreds. Someone would notice something.
The simplest answer is that it's a botnet, any other possibilities are far too low of a chance to be possible.
I was thinking maybe this is an outsourcing company using their clients computers, but again the few thousand a day to risk millions in contracts would be idiotic, and it'd be shut down very quickly.
