Scammers Try Hosting Their Malware on a Binance Network – Slashdot

0

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!




The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
it finds innovative ways to be even more terrible.

the attackers began storing their malicious files as cryptocurrency transactions in the Binance Smart Chain

the attackers began storing their malicious files as cryptocurrency transactions in the Binance Smart Chain
All those megawatt-hours wasted on that…
It’s the gift that keeps on giving.
Like any good STD.
That is not really new or innovative. The idea has been around for a long time. Using a “smart” contract makes it a bit more sophisticated, but essentially the idea of using the blockchain to host some illegal content is as old as the idea of a public distributed blockchain. I remember discussing this with other security folks a long time ago and we all agreed it was only a matter of time.
Seems like it’s hard to delete stuff from the ledger once it’s out there. So what if somebody encoded illegal stuff like kiddie porn or pirated movies/music into the blockchain inside of tiny but nevertheless legitimate transactions? How do you get all of the nodes to agree to scrub older transactions?

The people who are actually in charge of the blockchain would remove it. One of the dirty little secrets of blockchains and crypto is that they are not actually decentralized.

The people who are actually in charge of the blockchain would remove it. One of the dirty little secrets of blockchains and crypto is that they are not actually decentralized.
Have you looked at the source bitcoin code? I have (admittedly only scanning much of it) and I haven’t seen a mechanism for actually removing past entries. Even if there was, it doesn’t seem like it would work without seriously breaking things. If you send a transaction for some btc, and then subsequently move that btc again to yet another wallet, if you delete the first transaction then you end up with a situation where different nodes disagree about how much is in that second wallet, which breaks other th

So what if somebody encoded illegal stuff like kiddie porn or pirated movies/music into the blockchain inside of tiny but nevertheless legitimate transactions? How do you get all of the nodes to agree to scrub older transactions?

The people who are actually in charge of the blockchain would remove it.

So what if somebody encoded illegal stuff like kiddie porn or pirated movies/music into the blockchain inside of tiny but nevertheless legitimate transactions? How do you get all of the nodes to agree to scrub older transactions?

So what if somebody encoded illegal stuff like kiddie porn or pirated movies/music into the blockchain inside of tiny but nevertheless legitimate transactions? How do you get all of the nodes to agree to scrub older transactions?
The people who are actually in charge of the blockchain would remove it.
Cp was encoded on the Bitcoin Satoshi Vision (BSV) ledger https://www.bbc.com/news/techn… [bbc.com] I can’t find any information suggested it’s been removed (they did remove an automatic browsing feature on their homepage so it wouldn’t be displayed there).
I’m not 100% sure, but I think they only embedded URLs to CP. I don’t think there was actual CP material in the blockchain itself (but again, I may be mistaken about this).

I’m not 100% sure, but I think they only embedded URLs to CP. I don’t think there was actual CP material in the blockchain itself (but again, I may be mistaken about this).

I’m not 100% sure, but I think they only embedded URLs to CP. I don’t think there was actual CP material in the blockchain itself (but again, I may be mistaken about this).
That was another case concerning the bitcoin (BTC) ledger. This was Bitcoin Satoshi Vision (BSV) where people could upload avatars to the homepage and write a message both which was encoded on the blockchain and was displayed on the homepage, so someone uploaded a cp avatar.
I could foresee some possible mechanisms of using embedding much larger amounts of data on to the blockchain.
One way would be using a (reversed) linked-list style data structure. Essentially you chunk the file to be within the size constraints of the protocol, then post the first chunk, then post the next chunk starting with a pointer to the hash ID of the previous blockchain transaction, repeating until the entire file has been sent. Then you indicate the location of the file in the blockchain with nothing
Sounds workable to me. If i remember correctly BSV has a 100k message limit per transaction (BTC 100 char). I have no idea if there are protocols with an even higher limit.
You clearly have no idea how the blockchain works. You can’t “remove” or “undo” a transaction without rolling back all transactions which happened since, and precisely no one would clobber a legit transaction to remove something illegal as that would instantly annihilate any value of the blockchain itself.
The risk of a 51% attack comes from the ability to certify your own transactions. You can certify a change, but you can’t certify faking previous transactions. I.e. Someone can say your wallet with address
” the malicious scripts stitched into hacked WordPress sites will create a new smart contract on the BSC Blockchain, starting with a unique, attacker-controlled blockchain address and a set of instructions that defines the contract’s functions and structure. When that contract is queried by a compromised website, it will return an obfuscated and malicious payload.”
I’m frequently amazed at the ingenuity of scammers, and honestly, this is pretty fucking clever.
I believe that this is part of the features of these types of tools, to deliver payloads to computers to process, for all kinds of contract reasons.
That’s pretty cool.
But how do you tell a malicious payload from a normal contract payload? That falls into the area that Apple and Google currently struggle with.

But how do you tell a malicious payload from a normal contract payload?

But how do you tell a malicious payload from a normal contract payload?
Essentially impossible. Especially as you can do things like put encrypted content in one place and the key in another. The only real malware defense is to not run it. Everything else is half-measures that are more “hopeful engineering” than actual solutions.
At least to me. Attacks placing illegal content on public blockchains have been discussed for a long time, both for sabotaging the blockchain and for making that stuff available publicly. This is just a variant where the blockchain is used as a “bulletproof” hosting provider for malware.
You can look at this as a trial-run on securing QFS or whatever networked banking platform.
The ultimate threat scenario is an .exe hidden in the message stream. Crypto only gets security so far due to its limiting factor – secret bit size. SO whatever implications are derived on-chain directly apply in QFS world.
A hiccup for cashless even though quantum wants you to buy the narrative its too good, too fast and immune to a such an attack.
There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.
California Supervolcano: Caltech’s ‘Chilling’ Discovery In Long Valley Caldera
What Happens When Major Online Platforms Lower Traffic to News Sites?
Been Transferred Lately?

source

Leave a Reply

Your email address will not be published. Required fields are marked *