Friday, 20 October 2017 08:11

Spotting a miner using your PC's power is easy, says IT expert

By

Visiting a Web page that quietly uses the visitor's computing power to mine digital currencies through a script on the page in question will result in a sudden degradation of the PC's performance, a senior infosec official says.

Jon Cooper, senior incident response and forensic consultant at cyber security firm SecureWorks, was responding to queries from iTWire in the wake of reports that many sites are quietly placing scripts in pages and using the computing power from visitors' computers to mine for currencies like bitcoin.

A recent report from security firm Palo Alto Networks pointed out that miners like Coinhive were being increasingly placed on websites.

"Recently, browser coin mining has taken off, for a lot of different reasons. Although the computing power (per instance) is much less than dedicated hardware, being able to exploit many users on various sites more than make up for it," the company's researchers Yuchen Zhou, Wei Xu, Jun Wang and Wayne Xin wrote.

Cooper, who has worked for the Australian Federal Police cyber crime operations team, said miners primarily required CPU usage and a sudden and maintained spike in CPU usage created a drain on a computer.

"As a result, responsiveness of applications is impacted, generally to a point that is noticeable; effectively a user will feel as though something is wrong with their computer. When the user closes the browser, the system functionality returns to a nominal state," he explained.

linux top

On Linux systems, the top command lists CPU usage apart from lots of other information.

Some websites used such miners in a legitimate fashion by advertising it somewhere on the site.

"A user may be prompted to allow a 'script' to run while visiting the site, or provided a notification pop-up. Most users will simply click 'ok' to retrieve the content they wish to view, unknowingly authorising the use of such services," Cooper said.

"Obviously, it is pertinent to actually read what you are allowing when a website requests to do something other than showing you the content you requested."

He said more malicious approaches may not include a notification to the user, or attempt to circumvent notifications. These could be a little harder to detect. "However, using correctly configured security controls can force a website to inform the end user that a script is required to run."

For those who wished to adopt a safety first approach, he said, "browsers such as Chrome and Firefox had third-party extension repositories that allow the installation of plugins which allow users to notify or block the use of malicious scripts (as well as non-malicious scripts). These had demonstrated a high level of success in blocking browser based crypto-coin mining (Firefox: NoScript, Chrome: ScriptSafe)".

resource monitor

The Windows Resource Monitor.

Apart from this, Cooper said identifying if something was using excessive CPU cycles could be done using applications installed on standard installations of Microsoft Windows, macOS and Linux.

"Each operating system has the inbuilt ability to report on system statistics, including CPU usage. In Windows, you can use the inbuilt 'Resource Monitor' (Start Bar/Cortana, Resource Monitor) to view the current CPU usage.

"An idle corporate system will likely use in the vicinity of 25%-35% of the CPU (Window OS, host agents, Outlook, Skype etc.). A sign that something is using the CPU excessively is when the usage is in excess of 50%, when nothing that is knowingly resource intensive running (games, photo/video editing etc).

"Inside Resource Monitor, you can view how much CPU usage each process is consuming. If for instance, Firefox is using 30% or more of the CPU load (and staying in that vicinity), it is a strong indication something is occurring that shouldn't be. CPU spikes will occur when you load a page. However, once the page has finished loading the content you requested, that should drop dramatically."

He said a very simple way to test if a user suspected that a website was covertly mining bitcoins or other crypto-coins without his/her knowledge was by closing the browser, opening Resource Monitor and viewing the CPU usage for a minute or two.

"If you then open the browser and load a website such as Google, you will have an idea of what a baseline reading for your system CPU usage is while your browser is open. If you then browse back to the page you were on and the CPU usage by your browser rises significantly and doesn't drop, even though the page is loaded, then there is a strong chance there is something occurring which shouldn't be - it is important to note that any website which plays embedded videos will place load on the CPU attributed to the browser, though as the system buffers the video it should drop, though it may not drop to zero," Cooper explained.

On the Mac, the inbuilt tool "Activity Monitor" (located in the Utilities folder), had the same functionality as Resource Monitor, while in Linux running "top" from the command line or "System Monitor" in the desktop variants of Ubuntu had the same functionality.

"Other signs include physical aspects of the system changing. Cooling fans spinning up to a highly audible level and increases in the physical temperature of a system is a sign of heavy CPU load," Cooper said. "Heat can be extremely obvious when we take examples such as alloy body laptops into account. In those instances, it is worth identifying what is placing the load on the system using the aforementioned technique."

Screenshots: Linux top command taken from the writer's PC; Windows Resource Monitor courtesy Microsoft

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments