So from what it seems, the malware included a bitcoin miner that perhaps is to report found blocks / sub-hashes (? is that a term; i.e. if it works in a mining pool) to a server, perhaps this site in question.
On Sat, Jun 23, 2012 at 4:06 PM, David H. Lipman <dlip...@verizon.net>wrote: > From: "grarpamp" <grarp...@gmail.com> > > Anbody have any information on; vwfws4obovm2cydl.onion ? >>> >> >> You must have obtained the address from somewhere. >> So what did the ad copy or context associated with it say? >> > > 1. It was harvested from malware which dropped a file; hostname.tmp > which contained the name; vwfws4obovm2cydl.onion > > 2. It contained a script file named; poclbm120222.cl > // -ck modified kernel taken from Phoenix taken from poclbm, with > aspects of > // phatk and others. > // Modified version copyright 2011-2012 Con Kolivas > > // This file is taken and modified from the public-domain poclbm > project, and > // we have therefore decided to keep it public-domain in Phoenix. > > 3. It contained the file; private_key.tmp which contains certificate > keys > > 4. It contained the DLLs; pthreadGC2.dll, libpdcurses.dll, libcurl-4.dll > > > > > -- > Dave > Multi-AV Scanning Tool - > http://multi-av.thespykiller.**co.uk<http://multi-av.thespykiller.co.uk> > http://www.pctipp.ch/**downloads/dl/35905.asp<http://www.pctipp.ch/downloads/dl/35905.asp> > > ______________________________**_________________ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/**cgi-bin/mailman/listinfo/tor-**talk<https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk> > _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
