Hacker News new | past | comments | ask | show | jobs | submit login

I’m still not entirely convinced that virus scanners do anything useful at all besides hog resources.



Malware Bytes helps identify, stop and remove malware Crypto Miners!

In my social circle, the kids Gaming PCs getting infected is very common.

Recently one of my boxes got hacked via a QBitTorrent exploit, and I didnt have Malware detection running, other than the built in W11 system.

I installed Malwarebytes and it detected and correctly removed the malware crypto miner.

FYI they exploited QBT via the web interface, which had default settings, but wasn't exposed via port forwarding to the web. It might have been via UPNP, which was enabled. No idea - but it's a common exploit used to DL a torrent then run a post DL script .bat file to DL and run a crypto miner.

I'd literally had QBT running on Windows for a couple of weeks, having switched from a dockerized setup on a Mac Mini. How Windows allows the running of a .bat file to DL an .exe that can run a crypto miner is just a bonkers lack of security!

Naturally I had to nuke the box from space anyway :-)


>How Windows allows the running of a .bat file to DL an .exe that can run a crypto miner is just a bonkers lack of security!

Is it any different from Linux allowing the running of a .sh file to DL an ELF executable that can run a crypto miner?


Yeah, all these cool kids showing off their shell skills with their new js frameworks distributed like ‘curl https://djdhdhdb/dish.sh | sh’


I think a big difference here is Linux distros don't include an active anti-virus while Windows does.


The "active" Windows anti-virus is quiet inactive when it comes to viruses.


> How Windows allows...

It's either that or iOS-type walled garden, which one you prefer?

By the way, Windows even has the lock-down switch, it's just off by (a sane) default.

Also, blaming OS for not protecting from random app exploits isn't fair.


> No idea - but it's a common exploit used to DL a torrent then run a post DL script .bat file to DL and run a crypto miner.

Who or what triggers the execution of that script? If it is QBT, it almost sounds like malicious intent from the side of its developers.


Perhaps this is what they were talking about: https://www.cvedetails.com/cve/CVE-2019-13640/

> In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed.


You dont have to answer, curious - how old are you?

(you speak with a fluidity I did in my gaming heyday - but I am over the global heap at this point.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: