Warning of malicious code
Center Center for Vietnam Computer Emergency Rescue (VNCERT) of the Ministry of Information and Communications has just issued a warning about malicious code exploiting Coinhive hidden on websites that can cause many losses for computer users.
According to VNCERT, this unit has recorded a lot of safety incidents about malicious code exploiting Coinhive virtual money hidden on websites.
When users access the site, the Coinhive code library will automatically run on the user's computer as an extension or directly in the browser to 'dig' , Monero . by using unauthorized resources. user intact (CPU, hard drive, memory .) and sent to the hacker's e-wallet.
In case of discovering vulnerabilities, immediately implement corrective measures.(Illustration).
To ensure information security, VNCERT provides emergency measures to prevent this malicious code.
For website administrators: Checking and reviewing the source code to detect the inserted code. Identifiers include keywords in the source code 'coinhive.com', 'coinhive', 'coin-hive', 'coinhive.min.js', 'authedmine.com', "authedmine.min.js".
If it detects that the website has been inserted with exploit codes as mentioned above, it is necessary to check and check the vulnerability on the server, the vulnerability on the website, check the leaked accounts have the right to change the source code, to engrave The vulnerability is exploited.
For network administrators, it is necessary to implement measures to prevent the unauthorized running of "Coinhive" code on the computer as follows: Perform monitoring and disassembly on computers on the network that appear connect to domain names: afminer.com, coin-have.com, coinerra.com, coinhive.com, coinnebula.com, crypto-loot.com, hashforcash.us, jescoin.com, ppoi.org, authedmine .com; Use a firewall to block connections to the following addresses: afminer.com, coin-have.com, coinerra.com, coinhive.com, coinnebula.com, crypto-loot.com, hashforcash.us, jescoin.com , ppoi.org, authedmine.com;
Also need to scan, check the system to find and remove the code snippets included in the "Add-on" extension software; of web browser; Recommend users to install extensions: 'No Coin Chrome' or 'minerBlock' for Chrome; Install 'NoScripts' for Firefox.
Users can check the computer's CPU usage with applications such as the Windows Task Manager and Resource Monitor. If the computer shows signs of slowdown and checks that the performance of the browser or extensions is high, the computer may be infected with Coinhive. Need urgent notice for network administrator to handle.
Checking and scanning existing vulnerabilities on the system to detect in time the appearance of malicious code should be done regularly. In case of detection of vulnerabilities, immediately implement corrective measures, update additional patches and remove malicious programs that have been inserted by hackers.
Coinhive is a dangerous type of malicious code , VNCERT Center requires leaders of units to seriously implement the coordination order. Report the status of infection and processing results (if any) to the National Coordinating Agency (VNCERT Center) before November 30, 2017.
- The malicious code attached to the DNA infects the computer itself
- The US website contains 63% of the malicious code
- 'Merry Christmas to our heroes' - malicious code installation email
- Online video is used to spread malicious code
- Use malicious code against Internet crime
- Video: WannaCry's terrifying spread rate
- 2007 - boom year of malicious code
- Trojan warning fake to sell products
- Overview of Wannacry virus - The world's most dangerous malicious code
- Appear malicious code to attack Windows Help error
- Hackers use the Olympics to spread malicious code
- Hackers kidnap Windows Update to spread malicious code