Ad network uses advanced malware technique to conceal CPU-draining mining ads
Tuesday February 27, 2018. 12:45 PM , from Ars Technica
Enlarge (credit: Lisa Brewster / Flickr)
The rise of drive-by cryptocurrency mining on a growing number of websites has led to a renewed demand for ad-blocking software. Web users are seeking new ways to ward off hidden code that saddles computers with resource-draining coin mining. Now some miners are employing a trick first popularized by botnet software that bypasses ad blocking.
Domain-name algorithms are a software-derived means for creating a nearly unlimited number of unique domain names on a regular basis. DGAs, as they're usually called, came to light in 2008 following the release of the highly viral Conficker worm. To prevent whitehats from seizing the domain names Conficker used to receive command and control instructions, the malware generated hundreds of new, unique domains each day that infected computers would check for updates. In the event that old domains were sinkholed, Conficker needed to reach only one of the new addresses for it to remain under its creator's control. The burden of registering more than 90,000 new domain names every year has proved so great to whitehats that Conficker continues to operate even now.
Read 7 remaining paragraphs | Comments
Jun, Sat 23 - 19:36 CEST