Vicious malware threatens to turn search engine into crypto-mining zombie botnet

Enterprise search engine Elasticsearch is under threat of being turned into a sophisticated cryptocurrency mining botnet to be used in distributed denial of service (DDoS) attacks.

Cybersecurity firm Trend Micro describes a new malware strain that launches multi-stage attacks on publicly accessible databases and servers that run old versions of Elasticsearch software.

“[…] Many of the malicious traffic or attacks that we see targeting Elasticsearch are relatively straightforward, and more often than not, profit-driven,” wrote Trend Micro.

“An attacker looks for unsecure or misconfigured servers or exploit old vulnerabilities, then drop the final payloads that typically consist of cryptocurrency-mining malware or even ransomware,” added the firm.

Not just a botnet, BillGates is here too

This malware is a little more evolved. First, it finds out-of-date servers, forcing them to download and execute a series of dangerous scripts with malicious search queries.

“The ways that the scripts are retrieved are notable,” said Trend Micro. “Using expendable domains, for instance, allows the attackers to swap URLs as soon as they are detected.”

Firstly, a script attempts to shut down any firewall running on the target machine. It then kills any competing or already-running cryptocurrency mining process, before downloading another script that’s likely hosted by an already-compromised website.

This secondary script generally prepares the host for delivery of the final payload by stopping firewalls, removing configuration files, and scrubbing traces of the initial infection.

Once this process is completed, the machine would be loaded with the BillGates/Setag malware, which is capable of hijacking systems, initiating DDoS attacks, and even linking up with other infected machines to form powerful botnets.

Is this preparation for bigger attack?

Ominously, Trend Micro researchers warned that any malware that evades detection and features multi-stage execution is a “red flag.”

“That the cybercriminals (or threat actors) behind this attack used URL encoding, staged where the scripts are retrieved, and compromised legitimate websites could mean they are just testing their hacking tools or readying their infrastructure before mounting actual attacks,” they said.

Those running Elasticsearch databases and servers are advised to patch their software immediately, as well as review guidelines on how to enable and configure security features.

Dutch hacker puts his kid’s LEGO train on the blockchain

Blockchains are everywhere, we get it. But did you know blockchain is now powering a little toy train?

Dutch hacker/dad Roeland P Lanparty has turned his son’s LEGO Duplo toy into a literal STEEM train. It’s been modified to be driven by streaming the STEEM cryptocurrency in real-time.

Even cooler, the number of transactions in each block has an effect on its speed. The bigger the size of the blocks , the faster it goes. If less people are using the blockchain, it will go slower.

But wait, it gets better. Lanparty is an active STEEM block producer, and he’s hacked the STEEM train to make a little “choo-choo” noise when he signs a block to celebrate receiving the reward.

In light of this revolutionary application of distributed ledger technology, we spoke with Lanparty to explore what inspired him to decentralize control of his child’s playtoy.

First we take the Bluetooth, then we get the power

“So, we gave our son a Duplo trainset recently. Later, when I was inspecting the package, I noticed it had Bluetooth – Bluetooth LE to be precise,” Lanparty told Hard Fork. “I was curious if I would be able to ‘reverse engineer’ the train’s commands and started to research.”

He found there were many other hacker dads out there, and luckily a kindred spirit had already released a custom Node-js library built specifically for the Duplo train.

Duplo trains come with an app to issue certain commands to the train via Bluetooth, like speeding up and slowing down. By replacing the official app with the modified library, Lanparty took control of the Bluetooth, aswell as the freedom to decide when, and in what capacity, the train would move.

“I started to experiment with what commands I could send, it was a matter of hooking up a data-source which could power these commands autonomously,” explained Lanparty. “For this part I chose the STEEM blockchain, as I already knew that codebase, and it’s easy to develop on it due to the availability of tools.”

STEEM also adds blocks to its chain way more often than Bitcoin – roughly every three seconds. This makes using its data as a power-source more appropriate, as it’s more of a steady flow than a periodic update.

As a result, the STEEM train will be continuously powered, as long as blocks keep getting added. It also allows Lanparty to modulate its speed depending on how many people use the blockchain.

The STEEM train that couldn’t slow down

The differences in speed are calculated using the “average transactions per block” of the blockchain.

“The first block received by the script sets the initial ‘average transactions per block.’ Sequential blocks modify that average,” said Roeland. “Then every block received by the script compares the ‘current transactions in this block’ with the average.”

The speed of the train depends on the percentage increase (or decrease) from block to block, multiplied by the default Duplo speed.

But, due to limits imposed by the train’s manufacturers, if that number goes either too high or too low, the train would actually stop. This forced Roeland to impose upper and lower limits to the train’s speed.

So, while its speed is certainly affected by blockchain traffic, a random empty block won’t stop the train from chugging along.

“If there is a block which modifies the speed below 50 percent, I cap it at 50 percent. Anything higher than 100 percent is capped at 100 percent – however, the train will just not go faster than 100. You can’t ‘overclock’ it,” noted Lanparty.

This also means it’s technically impossible for the STEEM train to crash and burn a melty, plasticy death if the blockchain was suddenly flooded with transactions.

“No, there would not be an absolute number of dangerous transactions for the train, as the script normalises from the first block it receives onwards,” reported Lanparty. “That said, I found that the Duplo speed is instructed from 0-100 percent. Speeds lower than 50 percent really give the train a weird sound as if it might be burning.”

That STEEM train goes great with your squirting whale

This isn’t the first zany blockchain project from Lanparty. Hard Fork reported on his previous creation – a giant, remote-controlled whale that squirts for STEEM donations.

The idea is to allow users to pledge between one and 100 STEEM ($0.38 – $38) to make a whale squirt over the internet. Genius.

“Yes, the SteemWhale is definitely around, albeit being winter here in the Netherlands, it’s currently in hibernation,” Lanparty confirmed. “The SteemWhale fountain is a whole lot bigger project: with all the pressurised canisters, salt water, occasional floods.”

When quizzed about which of these projects was hardest to put together, Lanparty said: “Definitely the whale, as it not only involved connecting it to the blockchain, but also building foolproof onsite connectivity, and the hardware for triggering sprays.”

But even though it’s more maintenance intensive, the SteemWhale should be back in the spring as planned, in all its glory.

Check below for a video of the STEEM train, and behold the power of blockchain technology.

And for those keen on trying to hack LEGO Duplo trains on their own – Lanparty uploaded the script that switches its power source to the STEEM blockchain – just copy paste and run it.

(Edit: This post has been updated to properly describe the process of validating transactions on the STEEM blockchain, which uses a consensus method called Delegated Proof-of-Stake (DPoS). This is different to Bitcoin’s Proof-of-Work (PoW). Validators on DPoS blockchains are called “block producers,” while PoW blockchains like Bitcoin refer to them as “miners.”)

Nobody knows when Bitcoin Satoshi Vision’s hard fork for 2GB blocks starts [UPDATED]

Fledging blockchain Bitcoin Satoshi Vision (BSV) is ready for a “ hard fork ” upgrade to increase the size limit of its blocks from 128MB to 2GB — but there’s confusion over when it’s actually supposed to occur.

According to BitMEX Research (the analytic arm of cryptocurrency exchange BitMEX), BSV miners and nodes are likely confused over when the upgrade will initiate, as two different start times have been mistakenly provided.

This is a problem. BSV nodes enforce the rules of the protocol, and must reject any BSV blocks that don’t match. If the miners don’t know the rules, they could start submitting invalid blocks , which drains network efficiency and security.

BSV is itself a “hard fork” of a hard fork of Bitcoin, meaning it began as a carbon copy of Bitcoin Cash and has since been tweaked slightly to change certain parameters.

One of those settings is its block size limit, which determines the maximum amount of data (read: transactions) that can be added to any one block.

Bitcoin‘s block size limit is 1MB (which can be stretched to around 4MB), but BSV proponents believe that fitting more transactions into any one block will help keep their network efficient should activity ever increase.

So, it goes that BSV should increase its block size limit from 128MB to 2GB. This belief comes despite evidence showing the BSV network has already repeatedly struggled with large blocks.

Even sillier, the average BSV block is currently just 400KB, a helluva lot less than 2 Gigamegs .

So, what’s happening with BSV?

For now, nobody really knows what’s going on. It’s unclear whether the fork was meant to be initiated at 14:00 UTC or an hour later.

BitMEX Research is currently tracking the status of the network, you can follow them here .

“ We are trying to develop automated monitoring, detection and warning systems for consensus related issues, such as splits and invalid blocks,” said BitMEX Research. “[BSV] is a useful training ground for this. All the technology we develop will be applied to Bitcoin.”

Update 08:59 UTC, July 25: A block over 128MB in size has since been added to the longest BSV blockchain, signalling a “successful” hard fork.

Unfortunately, one mining pool mined a BSV block that used the original protocol, which meant it added a block to a chain that’s effectively “dead” — a total waste of resources.

Hunter Jones

Hunter Jones

Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *