Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Bitcoin Botnet

Cryptomining Botnet Alters CPU Settings To Boost Mining Performance (tomshardware.com) 21

Posted by BeauHD from the prioritized-performance dept.
Uptycs Threat Research Team has discovered malware that not only hijacks vulnerable *nix-based servers and uses them to mine cryptocurrency but actually modifies their CPU configurations in a bid to increase mining performance at the cost of performance in other applications. Tom's Hardware reports: Perpetrators use a Golang-based worm to exploit known vulnerabilities like CVE-2020-14882 (Oracle WebLogic) and CVE-2017-11610 (Supervisord) to gain access to Linux systems, reports The Record. Once they hijack a machine, they use model-specific registers (MSR) to disable the hardware prefetcher, a unit that fetches data and instructions from the memory into the L2 cache before they are needed.

Prefetching has been used for years and can boost performance in various tasks. However, disabling it can increase mining performance in XMRig, the mining software the perpetrators use, by 15%. But disabling the hardware prefetcher lowers performance in legitimate applications. In turn, server operators either have to buy additional machines to meet their performance requirements or increase power limits for existing hardware. In either case, they increase power consumption and spend additional money. The botnet has been reportedly used since at least December 2020 and targeted vulnerabilities in MySQL, Tomcat, Oracle WebLogic, and Jenkins.
This discussion has been archived. No new comments can be posted.

Cryptomining Botnet Alters CPU Settings To Boost Mining Performance More

Cryptomining Botnet Alters CPU Settings To Boost Mining Performance

Comments Filter:

  • CrimeCoin (Score:2, Insightful)

    by Anonymous Coward

    Crypto's primary purpose is crime.

    • CrimeCoin = USD (Score:2, Funny)

      by Anonymous Coward
      The first function of the USD is racketeering: https://wtfhappenedin1971.com/ [wtfhappenedin1971.com]

      • Pyrite Pete's failed prediction (Score:1)

        by Anonymous Coward

        On Monday April 26, 2021 @02:16AM UTC, Pyrite Pete [urbandictionary.com] had said:

        That was back when bitcoin had already fallen, and down to about $47K at the time. It should've been back up to "twice its value" no later than June 26 2021 - nearly two months ago. It is now sitting at only about $47K.

        Now that's what I call a prediction #FAIL!

    • Re: (Score:1)

      by Anonymous Coward

      You could say the same about precious metal, gemstones and fiat money. And it has been that way for thousands of years.

  • So, surreptitious crypto-miner software writers have enough incentive to perform some fairly sophisticated software performance analysis.

    Or, have they ripped off some code from an OS miner which does this with the permission and instruction of the system's administrator? Without, of course, citing their sources or giving credit where credit is due.

    I don't have a problem with explicit mining software - if someone figures they can make a profit off it, that's a big fat SHRUG from me. Mining malware, on the

  • Crypto is the worst of everything. (Score:3, Insightful)

    by AATheorist ( 8044698 ) on Friday August 13, 2021 @04:45PM (#61689789)
    Why anyone would wish their money to be easier to steal is beyond me. The cult of crypto will blather on with their debate about.... nothing at all really.

    • Re: (Score:2)

      by Z80a ( 971949 )

      Getting money with crypto is "automatic".
      Run program, get money.
      You don't depend on having a healthy market to get a job or having to actually work or..

  • Dafuq? (Score:1)

    by Anonymous Coward

    But disabling the hardware prefetcher lowers performance in legitimate applications.

    So your server's been pwned, and your main concern is "potentially reduced performance"... ooookay.

    In turn, server operators either have to buy additional machines to meet their performance requirements or increase power limits for existing hardware.

    ... or... you know... NUKE THE COMPROMISED BOX. YOU GODDAMN FUCKING MORONS.

    • In turn, server operators either have to buy additional machines to meet their performance requirements or increase power limits for existing hardware.

      ... or... you know... NUKE THE COMPROMISED BOX. YOU GODDAMN FUCKING MORONS.

      Hey now, that's commie talk! In America, the custom is not to fix a problem, but to paper over it with $100 bills until no one can see it anymore.

    • Exactly, came here to say this

  • Additional machines? (Score:3)

    by thegarbz ( 1787294 ) on Friday August 13, 2021 @05:59PM (#61690041)

    I suspect server operators would need to buy additional machines because their CPU cores are pegged at 100% mining crypto, not because the hardware prefetcher is disabled and causing applications to have a minor performance drop.

Slashdot Top Deals

Time is the most valuable thing a man can spend. -- Theophrastus

Close