WinstarNssmMiner Mining Malware Crashes Windows

Digital currency mining is the new trend in cybercrime, and WinstarNssmMiner is another example of a coinminer targeting Windows systems in a Monero mining effort.WinstarNssmMiner

 

Malware was recently detected by the security company 360 Total Security, and as researchers point out, it lists more than 500.000 victims in just three days.

The highly aggressive coinminer spreads through specially designed campaigns and uses all e.g of Windows systems for Monero mining. It even uses several protection techniques to bypass antivirus solutions and to ensure that the processes it launches are not obstructed.

Specifically, once it enters a system, WinstarNssmMiner monitors the activity of installed antivirus protection software, and in the event that a virus scan is performed it temporarily suspends its malicious activity.

When he judges that he is , το κακόβουλο λογισμικό δημιουργεί δύο διαφορετικές διεργασίες συστήματος με την ονομασία svchost.exe ( το svchost.exe ή Service Host είναι μια τυπική διεργασία των Windows), σε μια προσπάθεια να μην γίνει αντιληπτό. Το ένα process ξεκινά διαδικασίες εξόρυξης κρυπτονομισμάτων, ενώ το άλλο παρακολουθεί τις λύσεις antivirus διακόπτοντας κάθε δραστηριότητα όταν εκτελείται κάποιο scan για ιούς.

WinstarNssmMiner has one more surprise in store for them of Windows, as in case its action is discovered and an attempt is made to terminate svchost.exe, the κρασάρει τα Windows, οδηγώντας σε BSOD. Αυτό συμβαίνει γιατί το κακόβουλο πρόγραμμα ορίζει το svchost.exe ως CriticalProcess, με αποτέλεσμα τα Windows να τερματίζουν τον υπολογιστή κατά τον τερματισμό της κακόβουλης διεργασίας.

According to researchers, malware is now spreading to more systems around the world, and the easiest way to keep it safe is to use up-to-date antivirus solutions but also specialized web mining protection applications.

___________________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

antivirusBSODI'm sureminingsvchost

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).