{"id":736,"date":"2017-10-18T08:18:13","date_gmt":"2017-10-18T08:18:13","guid":{"rendered":"https:\/\/www.signiflow.co.uk\/2017\/10\/18\/sa-experts-stop-bitcoin-virus\/"},"modified":"2022-04-05T09:22:50","modified_gmt":"2022-04-05T09:22:50","slug":"sa-experts-stop-bitcoin-virus","status":"publish","type":"post","link":"https:\/\/www.signiflow.com\/media\/sa-experts-stop-bitcoin-virus","title":{"rendered":"SA experts stop bitcoin virus"},"content":{"rendered":"<p><em><strong>Bitcoin-mining virus stopped:<\/strong><\/em> White hat ethical hacker William Vermaak, from PBSA\u2019s digital arm pbDigital, and senior software developer Morne Wilken, detected malicious activity on one of their customer\u2019s servers last week. The two immediately analysed the source of the virus and uninfected the server.<\/p>\n<p>According to Vermaak, the virus had gone undetected by all available virus packages.<\/p>\n<p>\u201cWe submitted samples to ESET the next day and [the company] immediately responded from its virus lab in Denmark, confirming the virus was wild and that detection for the threat had been added to its latest definition updates.\u201d<\/p>\n<p>By the time of detection, the virus had already infected 0,04% of Windows computers in South Africa. Russia was hardest hit, with 0,5% of all Windows computers infected.<\/p>\n<p>Essentially a Bitcoin-mining virus, the Winlog Virus downloads a Bitcoin CPU miner on the victim\u2019s computer, and then mines Bitcoins for the virus originator.<\/p>\n<p>Vermaak says this type of virus is particularly evasive. \u201cIt tries to make itself resilient and configures various system schedules to start it again if it\u2019s stopped. The virus will also install itself on the system as a system service.<\/p>\n<p>\u201cThe virus infiltrates the System Registry and changes some keys to make itself run again if it\u2019s shut down. Shortcuts on the victims\u2019s Desktop are modified to run the virus and these then run the original program, in an attempt to mask it\u2019s presence. The virus also copies itself into various other files on the system \u2014 including Microsoft.exe \u2014 to try ensure resilience.\u201d<\/p>\n<p>Almost three months ago, Russian president Vladimir Putin\u2019s Internet advisor, Herman Klimenko, issued a dire public warning that 20% to 30% of all computers in Russia were infected with computer malware designed to turn devices into Bitcoin-mining machines.<\/p>\n<p>At the time, Klimenko told Moscow-based news broadcaster RBC that viruses that install bitcoin-mining software are the \u201cmost common and most dangerous\u201d type of computer malware in existence.<\/p>\n<p><em>Published by <a href=\"https:\/\/it-online.co.za\/2017\/10\/17\/sa-experts-stop-bitcoin-virus\/\">IT-Online<\/a> on 17 October 2017:<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bitcoin-mining virus stopped: White hat ethical hacker William Vermaak, from PBSA\u2019s digital arm pbDigital, and senior software developer Morne Wilken, detected malicious activity on one of their customer\u2019s servers last week. The two immediately analysed the source of the virus and uninfected the server. According to Vermaak, the virus had gone undetected by all available [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":10505,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[299,296],"tags":[337],"class_list":["post-736","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-south-africa","tag-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Two South African experts stop Bitcoin-mining virus in its tracks<\/title>\n<meta name=\"description\" content=\"A white hat hacker and software developer identified a potentially dangerous Bitcoin-mining virus and uninfected the compromised server.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.signiflow.com\/media\/sa-experts-stop-bitcoin-virus\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Two South African experts stop Bitcoin-mining virus in its tracks\" \/>\n<meta property=\"og:description\" content=\"A white hat hacker and software developer identified a potentially dangerous Bitcoin-mining virus and uninfected the compromised server.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.signiflow.com\/media\/sa-experts-stop-bitcoin-virus\/\" \/>\n<meta property=\"og:site_name\" content=\"SigniFlow \u00ae - News and Blog Media\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/SigniFlow\" \/>\n<meta property=\"article:published_time\" content=\"2017-10-18T08:18:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-04-05T09:22:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.signiflow.com\/media\/wp-content\/uploads\/sites\/2\/2017\/10\/3.-Bitcoin-virus-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1338\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"SigniFlow\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@SigniFlow\" \/>\n<meta name=\"twitter:site\" content=\"@SigniFlow\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"SigniFlow\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/sa-experts-stop-bitcoin-virus\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/sa-experts-stop-bitcoin-virus\"},\"author\":{\"name\":\"SigniFlow\",\"@id\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/#\\\/schema\\\/person\\\/1096776cfdabd9ec7eb617c4454511d7\"},\"headline\":\"SA experts stop bitcoin virus\",\"datePublished\":\"2017-10-18T08:18:13+00:00\",\"dateModified\":\"2022-04-05T09:22:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/sa-experts-stop-bitcoin-virus\"},\"wordCount\":330,\"publisher\":{\"@id\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/sa-experts-stop-bitcoin-virus\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2017\\\/10\\\/3.-Bitcoin-virus-scaled.jpg\",\"keywords\":[\"News\"],\"articleSection\":[\"News\",\"South Africa\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/sa-experts-stop-bitcoin-virus\",\"url\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/sa-experts-stop-bitcoin-virus\\\/\",\"name\":\"Two South African experts stop Bitcoin-mining virus in its tracks\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/sa-experts-stop-bitcoin-virus\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/sa-experts-stop-bitcoin-virus\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2017\\\/10\\\/3.-Bitcoin-virus-scaled.jpg\",\"datePublished\":\"2017-10-18T08:18:13+00:00\",\"dateModified\":\"2022-04-05T09:22:50+00:00\",\"description\":\"A white hat hacker and software developer identified a potentially dangerous Bitcoin-mining virus and uninfected the compromised server.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/sa-experts-stop-bitcoin-virus\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.signiflow.com\\\/media\\\/sa-experts-stop-bitcoin-virus\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/sa-experts-stop-bitcoin-virus\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2017\\\/10\\\/3.-Bitcoin-virus-scaled.jpg\",\"contentUrl\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2017\\\/10\\\/3.-Bitcoin-virus-scaled.jpg\",\"width\":2560,\"height\":1338,\"caption\":\"Bitcoin virus\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/sa-experts-stop-bitcoin-virus\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SA experts stop bitcoin virus\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/#website\",\"url\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/\",\"name\":\"SigniFlow \u00ae - News and Blog Media\",\"description\":\"Electronic and Digital Signatures\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/#organization\",\"name\":\"SigniFlow \u00ae - News and Blog Media\",\"url\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2020\\\/12\\\/SIGNIFLOW-SML-LOGO-180.png\",\"contentUrl\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2020\\\/12\\\/SIGNIFLOW-SML-LOGO-180.png\",\"width\":180,\"height\":45,\"caption\":\"SigniFlow \u00ae - News and Blog Media\"},\"image\":{\"@id\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/SigniFlow\",\"https:\\\/\\\/x.com\\\/SigniFlow\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/signiflow\\\/\",\"https:\\\/\\\/www.youtube.com\\\/c\\\/SigniFlow\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/#\\\/schema\\\/person\\\/1096776cfdabd9ec7eb617c4454511d7\",\"name\":\"SigniFlow\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3fbf78f32014e0c0ddf0541005764bca9afc4eef24debb17467e8451f39bab7?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3fbf78f32014e0c0ddf0541005764bca9afc4eef24debb17467e8451f39bab7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3fbf78f32014e0c0ddf0541005764bca9afc4eef24debb17467e8451f39bab7?s=96&d=mm&r=g\",\"caption\":\"SigniFlow\"},\"url\":\"https:\\\/\\\/www.signiflow.com\\\/media\\\/author\\\/signiflow\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Two South African experts stop Bitcoin-mining virus in its tracks","description":"A white hat hacker and software developer identified a potentially dangerous Bitcoin-mining virus and uninfected the compromised server.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.signiflow.com\/media\/sa-experts-stop-bitcoin-virus\/","og_locale":"en_US","og_type":"article","og_title":"Two South African experts stop Bitcoin-mining virus in its tracks","og_description":"A white hat hacker and software developer identified a potentially dangerous Bitcoin-mining virus and uninfected the compromised server.","og_url":"https:\/\/www.signiflow.com\/media\/sa-experts-stop-bitcoin-virus\/","og_site_name":"SigniFlow \u00ae - News and Blog Media","article_publisher":"https:\/\/www.facebook.com\/SigniFlow","article_published_time":"2017-10-18T08:18:13+00:00","article_modified_time":"2022-04-05T09:22:50+00:00","og_image":[{"width":2560,"height":1338,"url":"https:\/\/www.signiflow.com\/media\/wp-content\/uploads\/sites\/2\/2017\/10\/3.-Bitcoin-virus-scaled.jpg","type":"image\/jpeg"}],"author":"SigniFlow","twitter_card":"summary_large_image","twitter_creator":"@SigniFlow","twitter_site":"@SigniFlow","twitter_misc":{"Written by":"SigniFlow","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.signiflow.com\/media\/sa-experts-stop-bitcoin-virus\/#article","isPartOf":{"@id":"https:\/\/www.signiflow.com\/media\/sa-experts-stop-bitcoin-virus"},"author":{"name":"SigniFlow","@id":"https:\/\/www.signiflow.com\/media\/#\/schema\/person\/1096776cfdabd9ec7eb617c4454511d7"},"headline":"SA experts stop bitcoin virus","datePublished":"2017-10-18T08:18:13+00:00","dateModified":"2022-04-05T09:22:50+00:00","mainEntityOfPage":{"@id":"https:\/\/www.signiflow.com\/media\/sa-experts-stop-bitcoin-virus"},"wordCount":330,"publisher":{"@id":"https:\/\/www.signiflow.com\/media\/#organization"},"image":{"@id":"https:\/\/www.signiflow.com\/media\/sa-experts-stop-bitcoin-virus\/#primaryimage"},"thumbnailUrl":"https:\/\/www.signiflow.com\/media\/wp-content\/uploads\/sites\/2\/2017\/10\/3.-Bitcoin-virus-scaled.jpg","keywords":["News"],"articleSection":["News","South Africa"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.signiflow.com\/media\/sa-experts-stop-bitcoin-virus","url":"https:\/\/www.signiflow.com\/media\/sa-experts-stop-bitcoin-virus\/","name":"Two South African experts stop Bitcoin-mining virus in its tracks","isPartOf":{"@id":"https:\/\/www.signiflow.com\/media\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.signiflow.com\/media\/sa-experts-stop-bitcoin-virus\/#primaryimage"},"image":{"@id":"https:\/\/www.signiflow.com\/media\/sa-experts-stop-bitcoin-virus\/#primaryimage"},"thumbnailUrl":"https:\/\/www.signiflow.com\/media\/wp-content\/uploads\/sites\/2\/2017\/10\/3.-Bitcoin-virus-scaled.jpg","datePublished":"2017-10-18T08:18:13+00:00","dateModified":"2022-04-05T09:22:50+00:00","description":"A white hat hacker and software developer identified a potentially dangerous Bitcoin-mining virus and uninfected the compromised server.","breadcrumb":{"@id":"https:\/\/www.signiflow.com\/media\/sa-experts-stop-bitcoin-virus\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.signiflow.com\/media\/sa-experts-stop-bitcoin-virus\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.signiflow.com\/media\/sa-experts-stop-bitcoin-virus\/#primaryimage","url":"https:\/\/www.signiflow.com\/media\/wp-content\/uploads\/sites\/2\/2017\/10\/3.-Bitcoin-virus-scaled.jpg","contentUrl":"https:\/\/www.signiflow.com\/media\/wp-content\/uploads\/sites\/2\/2017\/10\/3.-Bitcoin-virus-scaled.jpg","width":2560,"height":1338,"caption":"Bitcoin virus"},{"@type":"BreadcrumbList","@id":"https:\/\/www.signiflow.com\/media\/sa-experts-stop-bitcoin-virus\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.signiflow.com\/media\/"},{"@type":"ListItem","position":2,"name":"SA experts stop bitcoin virus"}]},{"@type":"WebSite","@id":"https:\/\/www.signiflow.com\/media\/#website","url":"https:\/\/www.signiflow.com\/media\/","name":"SigniFlow \u00ae - News and Blog Media","description":"Electronic and Digital Signatures","publisher":{"@id":"https:\/\/www.signiflow.com\/media\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.signiflow.com\/media\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.signiflow.com\/media\/#organization","name":"SigniFlow \u00ae - News and Blog Media","url":"https:\/\/www.signiflow.com\/media\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.signiflow.com\/media\/#\/schema\/logo\/image\/","url":"https:\/\/www.signiflow.com\/media\/wp-content\/uploads\/sites\/2\/2020\/12\/SIGNIFLOW-SML-LOGO-180.png","contentUrl":"https:\/\/www.signiflow.com\/media\/wp-content\/uploads\/sites\/2\/2020\/12\/SIGNIFLOW-SML-LOGO-180.png","width":180,"height":45,"caption":"SigniFlow \u00ae - News and Blog Media"},"image":{"@id":"https:\/\/www.signiflow.com\/media\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/SigniFlow","https:\/\/x.com\/SigniFlow","https:\/\/www.linkedin.com\/company\/signiflow\/","https:\/\/www.youtube.com\/c\/SigniFlow"]},{"@type":"Person","@id":"https:\/\/www.signiflow.com\/media\/#\/schema\/person\/1096776cfdabd9ec7eb617c4454511d7","name":"SigniFlow","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d3fbf78f32014e0c0ddf0541005764bca9afc4eef24debb17467e8451f39bab7?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3fbf78f32014e0c0ddf0541005764bca9afc4eef24debb17467e8451f39bab7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3fbf78f32014e0c0ddf0541005764bca9afc4eef24debb17467e8451f39bab7?s=96&d=mm&r=g","caption":"SigniFlow"},"url":"https:\/\/www.signiflow.com\/media\/author\/signiflow"}]}},"_links":{"self":[{"href":"https:\/\/www.signiflow.com\/media\/wp-json\/wp\/v2\/posts\/736","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.signiflow.com\/media\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.signiflow.com\/media\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.signiflow.com\/media\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.signiflow.com\/media\/wp-json\/wp\/v2\/comments?post=736"}],"version-history":[{"count":0,"href":"https:\/\/www.signiflow.com\/media\/wp-json\/wp\/v2\/posts\/736\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.signiflow.com\/media\/wp-json\/wp\/v2\/media\/10505"}],"wp:attachment":[{"href":"https:\/\/www.signiflow.com\/media\/wp-json\/wp\/v2\/media?parent=736"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.signiflow.com\/media\/wp-json\/wp\/v2\/categories?post=736"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.signiflow.com\/media\/wp-json\/wp\/v2\/tags?post=736"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}