bobbonomo 2 Posted February 14, 2018 Report Share Posted February 14, 2018 Is Coin Mining javascript in a website considered malware to EMSIsoft? If not why not. If yes then you missed this version which Norton caught. On this machine with EMSI, the URL did raise the CPU level. I killed JS and the CPU went down. Norton is on another machine. The JS code which starts the process is at the bottom of the page just before end body and html tags. Category: Intrusion Prevention Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacker URL 2018-02-14 11:29:49,High,An intrusion attempt was blocked.,Blocked,No Action Required,Web Attack: JSCoinminer Download 8,No Action Required,No Action Required, https: // www. top-password. com / firefox-password-recovery.html Network traffic was detected that matches the signature of a known attack. Quote Link to post Share on other sites
Elise 276 Posted February 14, 2018 Report Share Posted February 14, 2018 Hello, Yes, we do consider mining by websites malicious, I can confirm what you reported and the URL will be added to our Surf Protection database. Quote Link to post Share on other sites
bobbonomo 2 Posted February 14, 2018 Author Report Share Posted February 14, 2018 I thought so. Now the obvious question is why did I have to report it? You are not alone. I submitted the site mentioned above to virustotal.com Jan. 29, 2018 and it was green lights everywhere. I never got around to EMSIsoft to discuss it. I realise it is hard to catch by just analysing the code on the web page. Looks just like regular javascript code. It's the call to the js library on dynamic-dns.net which does the damage. This guy here: https: // greenindex .dynamic-dns.net / jqueryeasyui.js Quote Link to post Share on other sites
GT500 854 Posted February 15, 2018 Report Share Posted February 15, 2018 4 hours ago, bobbonomo said: Now the obvious question is why did I have to report it? New JavaScript mining sites pop up quite frequently, so we might not always see them right away. If you do happen to stumble on more sites like this, then please feel free to report them, and our malware analysts will be happy to take a look at them. Quote Link to post Share on other sites
bobbonomo 2 Posted February 15, 2018 Author Report Share Posted February 15, 2018 I'm really hoping not to find any more. 1 Quote Link to post Share on other sites
bobbonomo 2 Posted April 17, 2018 Author Report Share Posted April 17, 2018 OK here is one: www. cdcovers. cc I checked the source. You know who would be in a position to catch all these? Google and Bing. They read all the sites in the world. If I can see coinhive.js so can they. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.