There were some people asking for a simple solution to automate the process of restarting a miner software every few hours in order to be sure that it is working fine under Windows OS.The below Batch file code example offers a simple and easy way to do that and it uses sandor’s fork of cpuminer for Gridseed Scrypt ASICs as an example.You need to set the parameters based on the miner and command line you use as well as the time after which the miner process will be killed (default 4 hours), then the script will wait for 10 seconds and start the miner again.There is also a counter to show you the number of restarts that have been executed since you’ve started the Batch script.@echo off echo ------------------------------------------------------------------- echo Simple script to restart your miner software after a period of time echo ------------------------------------------------------------------- echo: set executable=minerd.exe set commandline=--freq=1150 --gc3355=\\.\COM1 --url=stratum+tcp://eu2.multipool.us:7777 --userpass=yourworker.1:password set runforseconds=14400 set restartinseconds=10 set /a counter=0 :start start "Miner Window" %executable% %commandline% echo: echo The software will run for %runforseconds% seconds timeout %runforseconds% taskkill /f /im %executable% echo: echo Restarting the software in %restartinseconds% seconds (%counter%) timeout %restartinseconds% set /a counter+=1 echo: echo: goto start In order to use the code above you just have to copy it and save as a .BAT file as well as to modify some of the variables as per your needs and requirements and then run it.

Do note that you will get two program windows, one that will have the Batch script running and another for the miner software.You should not close the windows with the script running as this will stop the execution of the script immediately and the miner software will not be restarted anymore.ethereum radeonPosted on April 24, 2017 Azure Security Center helps customers deal with myriads of threats using advanced analytics backed by global threat intelligence.bitcoin millionaire storiesIn addition, a team of security researchers often work directly with customers to gain insight into security incidents affecting Microsoft Azure customers, with the goal of constantly improving Security Center detection and alerting capabilities.bitcoin informatie

In the previous blog post "How Azure Security Center helps reveal a Cyberattack", security researchers detailed the stages of one real-world attack campaign that began with a brute force attack detected by Security Center and the steps taken to investigate and remediate the attack.In this post, we’ll focus on an Azure Security Center detection that led researchers to discover a ring of mining activity, which made use of a well-known bitcoin mining algorithm named Cryptonight.hmrc bitcoin taxBefore we get into the details, let’s quickly explain some terms that you’ll see throughout this blog.bitcoin for cash toronto“Bitcoin Miners” are a special class of software that use mining algorithms to generate or “mine” bitcoins, which are a form of digital currency.bitcoin vienna

Mining software is often flagged as malicious because it hijacks system hardware resources like the Central Processing Unit (CPU) or Graphics Processing Unit (GPU) as well as network bandwidth of an affected host.Cryptonight is one such mining algorithm which relies specifically on the host’s CPU.web browser based bitcoin minerIn our investigations, we’ve seen bitcoin miners installed through a variety of techniques including malicious downloads, emails with malicious links, attachments downloaded by already-installed malware, peer to peer file sharing networks, and through cracked installers/bundlers.litecoin web minerOur initial investigation started when Azure Security Center detected suspicious process execution and created an alert like the one below.bitcoin ppc

The alert provided details such as date and time of the detected activity, affected resources, subscription information, and included a link to a detailed report about hacker tools like the one detected in this case.We began a deeper investigation, which revealed the initial compromise was through a suspicious download that got detected as “HackTool: Win32/Keygen".We suspect one of the administrators on the box was trying to download tools that are usually used to patch or "crack" some software keys.Malware is frequently installed along with these tools allowing attackers a backdoor and access to the box.Two days later we observed the same activity with different file names.In the screenshot below, sst.bat has now replaced kit.bat and mstdc.exe has replaced servies.exe .This same cycle of batch file and process execution was observed periodically.These .bat scripts appear to be used for making connections to the crypto net pool (XCN or Shark coin) and launched by a scheduled task that restarts these connections approximately every hour.

Additional Observation: The downloaded executables used for connecting to the bitcoin service and generating the bitcoins are renamed from the original, 32.exe or 64.exe, to “mstdc.exe” and “servies.exe” respectively.These executable’s naming schemes are based on an old technique used by attackers trying to hide malicious binaries in plain sight.The technique attempts to make files look like legitimate benign-sounding Windows filenames.As we did our timeline log analysis, we noted other activity including wscript.exe using the “VBScript.Encode” to execute ‘test.zip’.On extraction, it revealed ‘iissstt.dat’ file that was communicating with an IP address in Korea.The ‘mofcomp.exe’ command appears to be registering the file iisstt.dat with WMI.The mofcomp.exe compiler parses a file containing MOF statements and adds the classes and class instances defined in the file to the WMI repository.The initial compromise was the result of malware installation through cracked installers/bundlers which resulted in complete compromise of the machine.

With that, our recommendation was first to rebuild the machine if possible.However, with the understanding that this sometimes cannot be done immediately, we recommend implementing the following remediation steps: 1.Password Policies: Reset passwords for all users of the affected host and ensure password policies meet best practices.Defender Scan: Run a full antimalware scan using Microsoft Antimalware or another solution, which can flag potential malware.Software Update Consideration: Ensure the OS and applications are being kept up to date.Azure Security Center can help you identify virtual machines that are missing critical and security OS updates.OS Vulnerabilities & Version: Align your OS configurations with the recommended rules for the most hardened version of the OS.For example, do not allow passwords to be saved.Update the operating system (OS) version for your Cloud Service to the most recent version available for your OS family.Azure Security Center can help you identify OS configurations that do not align with these recommendations as well as Cloud Services running outdates OS version.