Question

– Malware – Your cybersecurity team is finally getting a break after dealing with an outbreak of the new malware W32/CoinMiner hit the corporate network, impacting productivity over the holiday weekend. It was determined this was caused by one of the sales folks who clicked on a “get rich quick” link. The attackers were able to use your company’s computing resources to generate a cryptocurrency mining pool, negatively impacting server performance. As your team is headed home for some much needed rest, your manager pulls you aside.

" I’d really appreciate it if you could do a little research into this whole CoinMiner mess and write up the Security Incident Report for us. Be sure to add in any relevant technical details you can about the file paths or registry keys it may touch as well. Need that report by Tuesday! Have good night!” Complete a 1-2 page assessment of the W32/CoinMiner malware. Be sure to include the specific technical details on the file paths, registry keys, etc. The intent here is that you demonstrate your ability to effectively research and analyze new malware and report up to higher what you have learned.

Answer 1

W32/CoinMiner is a Trojan software. It affects the system resources without letting any user know and mining digital currency. It can cause graphics card and CPU issues. It makes use of the system to generate more numbers of bitcoins and make the system run slower. It can also sometimes enter the system by being bundled inside another set of software.

It drops malicious software in the system and makes the system generate different types of files. There are some library files as well that prevent the proper functioning of the system.

The registry key gets affected in this case just like any other software installation. The processing power of the system is also affected.

It can edit the registry of operating systems incorrectly and make modifications that are irreversible.

It also affects the user accounts because the modifications are reflected in them as well. It is done through registry change. The registry tools and folder options are also disabled. The safe mode is also deleted.

The concept has inspired many others to use coin mining and make money easily. The mining deals with transaction processing in the system with digital currency. Digital ledge records all the newly arrived transactions. This creates a blockchain. When it is not done with permission of the system owner, it is considered illegal.

W32/CoinMiner also does the same without letting the user know or taking permission. The file that is infected doesn't show any signs until number of files get affected. The file that gets affected looks like user-executable version and original file doesn't run. Even when deleted, it is reinfected with the same file.

To avoid being detected, the domains are directed to different addresses and then back to the user's system.