Cause of the botnet ( in response to " pajeet " exploit )


  • Mod

    @gpedro i'd check the code - he add only 2 strings - loop, using "goto" https://github.com/SamuelNZ/SPlotter/blob/master/SPlotter.cpp#L312
    (scool-boy programming style)



  • @Blago what about the actual exe? Did you check that? I can stand up a vm to profile the exe in an isoled environment, I guess.


  • Mod

    @illuminatus virustotal - exe clear



  • @illuminatus That would be cool...
    @Blago I guessed so too xD



  • @Blago right - but a virus scanner ( I assume you used that) would rely on a known signature of the file(s) - how do we know that running it doesn't install something else?



  • @illuminatus same way you know there is not a mugger down the alley in front of you. Little bit of faith and a little bit of caution...

    Blago said the code was clean just added two lines if you don't trust the exe the author built you can build your own off the source. But IMHO if the author's exe was infected with a botnet spreading virus or trojan then his github account would get reported and dropped or flagged.



  • @Lunas considering the time from when he posted the code and this guy started the "bot" dont think they are same guy....

    not sure he could have gotten 15 K + pcs infected that quickly cause wouldnt they still have to be plotted to get it to work?



  • @falconCoin it is not that hard to make a bat script i know you can make a auto number gen script or even a count to 819,200 add 819200+1 and loop. If he had lets say a bank network at his disposal. And was one of the IT guys he could from his 1 terminal place an automatic script to send a file to each pc in the network each file sent would be generated by a script and to run the plotter and miner and sent. Once on pc it would execute whatever and either download the 200tb burst file or run the plotter and at the same time it could run the miner set as a background service on startup using only 1 core 90% of the time nobody would even know it was there... it would use the terminals cpu and hdd.

    To give you an idea most banks have terminals that are full pc with a 500gb+ hdd and an i5 or an i7 processor with 1-2 gig of ram and typically running a variation of windows server edition. A large school campus would have similar setups and yes the IT dept could launch on each and every machine a script to do this and it could even advance the starting nounce so it would not overlap...

    The fact is however he did it the math of him bringing a network of 15,400 bots is viable and the evidence is sound. If he set the plotter to run in the background at low speed or after hours at full speed it would only take a few hours for a modestly powered i5 to make a 200gb plot...

    Infact i wouldn't be surprised if his botnet only grew bigger or if it disappears for periods of time to prevent his discovery by his employers or the faculty.



  • @Lunas

    He's not running it where he works, that's for sure. 15k unique IP's isn't any specific location. It's just a botnet he has remote control over.

    I doubt he's seen or knows a single computer that's infected with it personally, so it's doubtful that any of those "drone" IP addresses would trace back to anything physically connected to him.

    Even a large University or school or anything only has a hundred unique IP addressed at most, there isn't a need for more unless you're running a data center or server farm.



  • @captinkid bank networks can traverse multiple countries as can call centers but the fact remains he is a person or persons who has either infected or has access to a widely distributed network of at least 15,400 computers.



  • From the wide range of IP address types hinted at (Universities, different countries, etc) it's not a single organization.

    Logically a large organization could do this for themselves, but a few hundred dollars a day wouldn't make sense for them, as they make more money in other ways. It's a drop in the bucket.

    And any large organization with an IT guy who does this would have other IT people find out about it VERY quickly. If you're talking a business with 15k unique IP addresses, they should have IT staff in the hundreds. Someone would notice something.

    The simplest answer is that it's a botnet, any other possibilities are far too low of a chance to be possible.

    I was thinking maybe this is an outsourcing company using their clients computers, but again the few thousand a day to risk millions in contracts would be idiotic, and it'd be shut down very quickly.



  • @captinkid if the size of plots was smaller and more of them say 1-4gb i would say cell phone app



  • @Lunas That could very well be too! But it'd have to be a fairly popular app to work that way, and a lot of cell phones don't have that much storage space free.

    Also the problem that a more popular app would have more people running security checks on it, so the bigger it got the more likely you'd get caught.

    I could just imagine people complaining about their slow cell phones with low battery life though. Since they already do that with their botnet infected PCs



  • @haitch you're absolutely right thank you. That's just what I wanted to clear up (since, like I said, I don't understand the math/algorithm at all).



  • @haitch said in Cause of the botnet ( in response to " pajeet " exploit ):

    @gpedro it's complete and utter BS. SnakeOil.A scam. Mathematically impossible. The people spouting this crap are doing so from the place where crap comes from .....

    I think you guys need to view this from the perspective of us without an advanced understanding of what to many would be a basic understanding of something, in this case math... many, including myself, just aren't educated enough in the field to understanding whats transpiring in the algorithms, so folks need to "see" something they can't understand, otherwise the portion of the brain that says, "well that sounds logical for some reason, I just don't know why" will take over and put us all into the position I see today...

    so when I'm confronted with something like that, its generally time for a visual experiment to demonstrate whats happening, rather than just telling someone its happening and to trust they are the ones who are right, because when others tell us something, we usually defer to what our brain thinks sounds logical, and in this case, we all want to believe there is a better faster way of something something because greed is clouding our warning signs its a botnot...

    I think what folks need, is a demonstration the program makes no difference... aka, plot one drive with one program, another drive with another program, then have a miner run on both same plot numbers and sizes, and see what deadlines they return, which with my limited understanding, should be roughly identical... problem is, I don't want to install that software on my machine because the little hairs on the back of my neck are standing up, and I generally listen to them, especially when I hear someone needed 15,000 ip's to "prove" he's right... the 25 years I spent running my BBS tell me exactly what that is, but the greed side of me still wants to believe, thats why I defer my choice making to those little hairs on the back of my neck standing up... but I suspect many don't want to listen to them, we never do, thats what gets us into trouble...

    but I think if someone performs this test (and provides pictures with a very basic explanation of what they are doing, remember folks are very visual) to demonstrate, the plots being identical in every aspect except file size, makes no difference, I think the people will continue to ignore the little hairs on the back of their neck warning them... but I think if people are shown something didn't work, when it was supposed to work, and the deadlines are exactly the same no matter file size, then this rumor will grow and continue to spread...


  • admin

    @Darkbane a real test of the program is not necessary, the math explains it.

    When you plot a file, the scoops and nonces are determined by a particular equation. That equation does not take into account where the scoop is in a file. So scoop X of Nonce Y will have the same numeric value if it's the last scoop in a 1GB plot, or buried in a multi terabyte file.

    When you mine, those scoop values are transformed into deadlines via a specific algorithm, again not taking the scoop position into consideration.

    Since we know from the mining process the scoop values are going to be identical, and those scoops are transformed by an algorithm that doesn't give a flying f**k where abouts the scoop was in the file, those scoops will be transformed into identical deadlines.

    This idea is just plain wrong, and having a single large plot is always going to be more efficient than lots of small ones. Using this plotter will make you mining time worse, not better.



  • @haitch said in Cause of the botnet ( in response to " pajeet " exploit ):

    @Darkbane a real test of the program is not necessary, the math explains it.

    When you plot a file, the scoops and nonces are determined by a particular equation. That equation does not take into account where the scoop is in a file. So scoop X of Nonce Y will have the same numeric value if it's the last scoop in a 1GB plot, or buried in a multi terabyte file.

    When you mine, those scoop values are transformed into deadlines via a specific algorithm, again not taking the scoop position into consideration.

    Since we know from the mining process the scoop values are going to be identical, and those scoops are transformed by an algorithm that doesn't give a flying f**k where abouts the scoop was in the file, those scoops will be transformed into identical deadlines.

    This idea is just plain wrong, and having a single large plot is always going to be more efficient than lots of small ones. Using this plotter will make you mining time worse, not better.

    and I agree with you, but what I am saying is, people who do NOT understanding the basic things going on, will NEVER understand, because their judgement is being clouded by greed that something is "better" and someone is pitching the snake oil in a very convincing way... this is why a "visual proof it doesn't work" is required so people can visually see, program A vs program B, and then read using the same miner and that the result is no different... thats what I am saying... in order to squash the rumors for those who don't understand the algorithm a visual demonstrating is required to calm their minds...

    the test is just to show how the "magic trick" works, and that no magic actually happened... while you can explain to me how the magic trick works, some people just need to visually see it, because MANY, especially males, are "visual learners" meaning they need to see something demonstrated rather than be told or read it, they need to see it in practice to be easier or more understood... I'm just trying to practice some simple psychology for those who desperately want to believe the snake oil salesmen selling the cure for cancer, when its just a regular bottle of tonic water that has no special curing abilities...

    I accept this doesn't work, because of my experience with botnets in the past, but people who are new to burstcoin or cryptocurrencies in general, don't even know how burst or any of this works, they just know if they do something on their computer, it does something, they don't know why or how, it just does... and someone telling them something different, makes them try to search for the answer with greed rather than logic... hence why, a test with a visual demonstration, will appease and calm down their minds, and demonstrate for their eyes, this will not make any difference...

    do you understand my whole purpose of this? its not to convince myself it doesn't work, its to show folks a visual demonstration of it not working, since rumors will keep spreading until someone show "pics or it didn't happen" to them... until people see things, they often won't believe things... hey did I ever tell you about the time I caught a fish thisssssss big, with this special fishing lure, its magic, would you like to buy a pack and catch fish just like me? (in this case, the botnet guy posted a picture showing his impressive results, people now want to believe with their small HDD's they too could be him, that must be countered with another picture to create the doubt they should have had in the first place)

    P.S. I don't mean to sound abrasive, I'm just trying to show the psychology of why people are buying into the whole notion it works, and what it will take to steer them awake from the snake oil... so that the mask is taken off the villain and he can be seen for what he is, rather than people viewing him as the medicine man with the cure they need to compete... its just like all the scams bitcoin and others have had, the sooner someone shows visual proof, the sooner it dies off and we're on to the next scam or botnet...


  • admin

    @Darkbane ok, I'll create a visual proof. Will take a little time though.



  • @haitch said in Cause of the botnet ( in response to " pajeet " exploit ):

    @Darkbane ok, I'll create a visual proof. Will take a little time though.

    I really do think a visual comparison and demonstration will really help squash the rumors... who doesn't want to have 3.9TB and get the results of 3900TB right?



  • mind blown.


Log in to reply
 

Looks like your connection to Burst - Efficient HDD Mining was lost, please wait while we try to reconnect.