back to article Hey girl, what's that behind your Windows task bar? Looks like a hidden crypto-miner...

Miscreants have found a way to continue running cryptocurrency-crafting JavaScript on Windows PCs even after netizens browse away from the webpage hosting the code. Researcher Jerome Segura of Malwarebytes said on Wednesday his team discovered scumbags had written some custom code to keep Coinhive's freely available in-browser …

gerdesj
Silver badge

Because you can't be arsed

As it turns out: not everyone runs Windows. There are a few Unix styled boxes around, some are fruity but the rest are useful.

Charles 9
Silver badge

Re: Because you can't be arsed

But if you read the article, you'll note that the process itself is mostly platform-agnostic. It's just that the "secret" window may find it harder to hide in unfamiliar territory, but given that most systems possess some kind of taskbar or analogue, browser fingerprinting can potentially allow it to hide virtually anywhere. Failing that, it could try to find ways to position the window along an edge so only a very obscure line would be visible.

rmason
Silver badge

Re: Because you can't be arsed

@geresj

Unix systems never use browsers?

You live and learn.

Rich 11
Silver badge

Re: Because you can't be arsed

Or maybe it's just some Unix users who refuse to browse with anything other than Lynx.

phuzz
Silver badge

Re: Because you can't be arsed

Given that this coin mining software will need to be run across millions of devices to be worthwhile, why would anyone take time out to find a way to secretly run it on a unix box, when the same amount of time and effort could be spent getting it to run on Windows machines, thus reaching an audience probably at least 100 times larger?

Mage
Silver badge

Re: Because you can't be arsed

… to run NoScript properly configured.

No platform is immune from evil on the Internet. Worst is 3rd party domain javascript, esp. in adverts. BBC and CNN have served malware.

When will Advertisers and Webmasters / owners learn? Anything other than the same URL for everyone image and a link is evil.

Doctor Syntax
Silver badge

Re: Because you can't be arsed

"why would anyone take time out to find a way to secretly run it on a unix box"

It's written in Javascript so no effort at all is needed to make it run on a Unix box. The browser provides the platform. Pop-under windows are also a feature of the browser so what works on the browser on one OS is going to work on another.

Noscript is your friend.

d3vy
Silver badge

Re: Because you can't be arsed

"Given that this coin mining software will need to be run across millions of devices to be worthwhile"

Actually with the curent trading price of monero you could probably get a fairly decent return from anything above 500 machines.

Generally I believe coinhive say that the to make it profitable vs adverts you need around 2000 users spending 10-20 mins on your site (Its been a while since I read this so it might not be accurate still) so if you can trick users into running the script for a few HOURS then you will need far fewer people.

Anonymous Coward
Anonymous Coward

Re: Because you can't be arsed

Lynx? You're lucky... when I were a lad all we had was wget...

Alistair
Silver badge
Windows

Re: Because you can't be arsed

wget? Hrumph! had to use Kermit we did!

Kiwi
Silver badge

Re: Because you can't be arsed

Kermit? LUXURY!

Why, we had to use pen and paper, while walking BAREFOOT across the road to school, DOWNHILL both ways, on a mild summer's day!

Claptrap314
Bronze badge

Re: Because you can't be arsed

The last Firefox update rendered noscript unusable. Also a couple websites unviewable.

The Dogs Meevonks

Re: Because you can't be arsed

I found that out yesterday, thought I'd got some kind of infection that all of my security/protection had missed.

Nope... just the fact that NoScript 10.1.3 was the culprit... I returned to 10.1.2 and everything was fine again... after double checking and comparing to another system that doesn't get firefox updated as often.

Today after retesting this afternoon after a fresh boot... all is good again and 10.1.3 works once more... But I am having to relearn some sites... once of which was an internal one to my mediaserver.

JLV
Silver badge
Boffin

Re: Because you can't be arsed

NoScript is back on FF57 Quantum and has been for about a week.

Mine re-enabled itself somehow without me having to do anything. Looks legit enough though - same whitelists as before for each site.

Jonathan Schwatrz
Bronze badge
Happy

Re: Kiwi Re: Because you can't be arsed

But did you get sliced in two with a bread knife?

RegGuy1

Re: Because you can't be arsed

Kermit. Fucking hell, I've not used that in a looong time!

veti
Silver badge

Finally, a reason to move the task bar

Just 20 years after Microsoft gave us the capability, at last there's a reason to do it.

Unfortunately it would mean relearning 20 years' worth of muscle memory and habit - but hey, nothing's for free, right?

Teiwaz
Silver badge

Re: Finally, a reason to move the task bar

Traditional taskbar layout 'just doesn't look right' any orientation but horizontal (to me, anyway).

And I've been using 'Linux soley (home system anyway) for 18 years.

It's the clock and the system tray that don't look right mostly...

bazza
Silver badge

Re: Finally, a reason to move the task bar

Yet the same trick works on Linux and everything else too. It's the HTML/Javascript standards that allow this, and they're everything to do with Browsers, not operating systems.

Teiwaz
Silver badge

Re: Finally, a reason to move the task bar

Yet the same trick works on Linux and everything else too.

+ Although proly not on a Tiling Wm.....

...well, not unless you've set your browser to Float all the time.

+ Many 'Linux Desktops these days have unmovable panels that nothing can hide under (Gnome, Unity).

+Then there are the hard-asses that have gone desktop comando (no pants, erm, panels whatsoever)....

Charles 9
Silver badge

Re: Finally, a reason to move the task bar

Even without a taskbar, it may be possible to "shade" the window by putting it right on the edge so you'd have to spot a very thin line in order to know the window's there. Actually, a taskbar will be of help here since it can make you aware a browser window's still open.

bombastic bob
Silver badge
Devil

Re: Finally, a reason to move the task bar

"Actually, a taskbar will be of help here since it can make you aware a browser window's still open."

a good point. There may be a way to have it display "iconless" though. I haven't tried. But if it's a top level window, it will most likely be in any task bar that has icon windows listed in it.

I run Mate with the upper panel having the CPU monitor in it. If I see unusual CPU activity, I typically kill that application and re-start it. Usually it's Firefox, due to garbage collection and being left open on 7 virtual desktops with 20 or 30 tabs for days or weeks on end. Sometimes it's something else. but if you see consistently high CPU usage, it's often a problem with the application. And if it's bitcoin mining, THAT would put a stop to it REALLY QUICK.

That, and running 'NoScript'.

Nick Ryan
Silver badge

Re: Finally, a reason to move the task bar

The original "task bar" (start menu) in Windows was designed to be at the top of the screen however I understand that Microsoft Legal stepped in as this could have caused them some serious problems if manufacturers of other OSes complained. There may also have been design considerations where menus were stacked together, as in the OS shell menu and an application menu however as the task bar was designed to be very different to an application windows's title bar I don't really see this as an issue.

It was almost certainly a last minute change and as a result of this, and doubtless and bit of obstinancy, it was possible from the outset to put the menu back in the designed location, the top of the screen, even if the default was set to the bottom.

When you think about the original Windows start menu being located at the top of the screen it makes considerable more sense as the first thing on the start menu really shouldn't be shut down as this was entirely the reverse of common sense and all existing menus. The All Programs folder would have been at the top and Shutdown/Exit at the bottom which also made a lot more sense.

Doctor Syntax
Silver badge

Re: Finally, a reason to move the task bar

Just set the task bar to autohide.

Mage
Silver badge

Re: Finally, a reason to move the task bar

Top of screen makes most sense. I have my programs menu and running applications panel there on autohide and autowidth. Less easily triggered visible as it's near title bars. I have autohide panels on the three other edges:

Left: Local look up stuff / management (Calibre, Control panel, Filemanager)

Right: Remote stuff (FTP/SFTP, Browsers, email, Shh, chat etc)

Botttom: Like applications, it has status (CPU, Keyboard state, Network state, USB manager, Bluetooth etc).

Easy to do on Mint + Mate and save for all users. Windows has become horrible with its pinning and unreadable flat icons and poor customisation, like back to Windows 1.0 and 2.0. The 3.11 was better, you could even make a desktop window like a pinned taskbar menu!

Anonymous Coward
Facepalm

Re: Finally, a reason to move the task bar

Or Microsoft could fix their mess and not allow windows to be hidden behind the taskbar.

Spanners
Silver badge
Happy

Re: Finally, a reason to move the task bar

As we are getting wider/narrower screens all the time, the best place for me is at the side in some of the waste space that I now have. I prefer it on the ,left for the same reasom that I prefer to drive there - I'm mostly right handed. YMMV on that.

d3vy
Silver badge

Re: Finally, a reason to move the task bar

"Just 20 years after Microsoft gave us the capability, at last there's a reason to do it.

Unfortunately it would mean relearning 20 years' worth of muscle memory and habit - but hey, nothing's for free, right?"

I have mine set to auto hide anyway * , no changes to muscle memory needed as when the mouse moves down its there.

* I dont like the clutter!

404
Silver badge
Joke

Re: Finally, a reason to move the task bar

My taskbars have been up top for many years now because... you know... gravity. Machines run faster ;)

ThomH
Silver badge

Re: Finally, a reason to move the task bar

The apocryphal version I heard was that there were no Windows 3.1 apps that had an issue with screens being different sizes, there were some that had issues with the origin of the user-interactable area not being (0, 0), and the coordinate system was a shared and exposed resource with no coherent way to offer different versions to different apps.

So the start bar went at the bottom because there were too many significant apps that either assumed the top left was (0, 0) when maximised or had a bad habit of spawning new windows at (0, 0), no coherent way to lie to them about the coordinate system, and too many edge cases in every attempted kludge.

But unless and until I read it on something like Raymond Chen's excellent The Old New Thing, I'll continue to take that alleged version of events with a pinch of salt.

Simon Harris
Silver badge

Re: Finally, a reason to move the task bar

"* I dont like the clutter!"

Maybe I'm just greedy, but I auto-hide it because I want that extra 40 lines of pixels all for myself!

Orv
Silver badge

Re: Finally, a reason to move the task bar

I have the dock on the left on my Mac and my Chromebook. Never felt like the Windows taskbar functioned very well in that position, though.

Dinsdale247

Re: Finally, a reason to move the task bar

They already tried that. It was called Windows 8 and you all complained.

Anonymous Coward
Anonymous Coward

'If malvertising wasn’t bad enough as is'

Speculators made millionaires of a lot of wannacry extortionists and hacker scumbags etc this month. Who knows, maybe they'll give up their craft???

Doctor Syntax
Silver badge

Re: 'If malvertising wasn’t bad enough as is'

"Speculators made millionaires of a lot of wannacry extortionists and hacker scumbags etc this month."

Until that bubble bursts.

Anonymous Coward
Anonymous Coward

'Until that bubble bursts.'

The malware-writing cyber-crims have cashed out early as millionaires... (Ahead of regulation + money-laundering checks)..

Anonymous Coward
Anonymous Coward

I'm old school

Like chess-by-mail, I do the internet by correspondence.

I am currently waiting for a ping letter...

Teiwaz
Silver badge

Re: I'm old school

I'm old school

Like chess-by-mail, I do the internet by correspondence.

I am currently waiting for a ping letter...

Read that as Cheese by mail

...If it sounds like a good idea, I've got dibs...*

'How are we on tilsit, red leicester, Venezualan beavers cheese'...

* Yes, the website will be playing bouzouki music

redpawn
Silver badge

Re: I'm old school

With Spectrum internet they do a good job of simulating this.

Kiwi
Silver badge
Unhappy

Re: I'm old school

Like chess-by-mail, I do the internet by correspondence.

I am currently waiting for a ping letter...

Most of the time lately my current feed is like that, but with an electric typewriter attached.

Frumious Bandersnatch
Silver badge

continuations...

Hello, lambda calculus ...

(I wonder will this curry favour with the readers?)

bombastic bob
Silver badge
Joke

Re: continuations...

"I wonder will this curry favour with the readers?"

lambda curry, and the enjoyable smells afterwards (give it an hour or so if it's properly spiced)

Forget It
Coat

Firefox remedy via addon (WE)

https://poperblocker.com/firefox/

Anonymous Coward
Anonymous Coward

NoScript helps here, but be careful. Some of these popups are actually gates, meaning blocking them means you can't proceed.

Also, I'm not too pleased with the script requirements for that homepage. For a site that touts protecting privacy, they don't adhere to privacy-protecting KISS principles.

Anonymous Coward
Anonymous Coward

We pay nothing for no-script and it's bloody invaluable. Let them hawk some stupid pc performance boost Ads if they want, got to make a living somehow...

Charles 9
Silver badge

Not talking NoScript. They actually keep things simple. It's the Poper Blocker homepage I'm complaining about. And by my philosophy, if you can't get by without begging, you're in the wrong line of business.

Mage
Silver badge

popups are actually gates,

"Some of these popups are actually gates, meaning blocking them means you can't proceed."

GOOD!

Idiots. I've not found a problem whitelisting SOME javascript domains on sites I visit regularly.

Doctor Syntax
Silver badge

"We pay nothing for no-script"

Be a good A/C and give them a donation now and again.

lglethal
Silver badge
Go

Anyone got a replacement for NoScript? The new Version for Firefox 57 is atrocious and totally user unfriendly. Until they get it back to the ease of use of the old one, I need to find something else...

Anonymous Coward
Anonymous Coward

@ lglethal

You could trade off the new features of 57 for an older version where extensions still work properly.

It's a trade off in using old version (where all your plugins happily work) vs. not having latest version & so not all security related patches. An awkward call, I prefer older version as I have more control over the browser (& when a must have security patch appears I'll switch to a Firefox fork that supports old style extensions but has security patches). I'm loyal to my "must have" extension functionality rather than any particular browser

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018