back to article Hey girl, what's that behind your Windows task bar? Looks like a hidden crypto-miner...

Miscreants have found a way to continue running cryptocurrency-crafting JavaScript on Windows PCs even after netizens browse away from the webpage hosting the code. Researcher Jerome Segura of Malwarebytes said on Wednesday his team discovered scumbags had written some custom code to keep Coinhive's freely available in-browser …

Page:

  1. gerdesj Silver badge

    Because you can't be arsed

    As it turns out: not everyone runs Windows. There are a few Unix styled boxes around, some are fruity but the rest are useful.

    1. Charles 9 Silver badge

      Re: Because you can't be arsed

      But if you read the article, you'll note that the process itself is mostly platform-agnostic. It's just that the "secret" window may find it harder to hide in unfamiliar territory, but given that most systems possess some kind of taskbar or analogue, browser fingerprinting can potentially allow it to hide virtually anywhere. Failing that, it could try to find ways to position the window along an edge so only a very obscure line would be visible.

    2. rmason Silver badge

      Re: Because you can't be arsed

      @geresj

      Unix systems never use browsers?

      You live and learn.

      1. Rich 11 Silver badge

        Re: Because you can't be arsed

        Or maybe it's just some Unix users who refuse to browse with anything other than Lynx.

        1. Anonymous Coward
          Anonymous Coward

          Re: Because you can't be arsed

          Lynx? You're lucky... when I were a lad all we had was wget...

          1. Alistair Silver badge
            Windows

            Re: Because you can't be arsed

            wget? Hrumph! had to use Kermit we did!

            1. Kiwi Silver badge

              Re: Because you can't be arsed

              Kermit? LUXURY!

              Why, we had to use pen and paper, while walking BAREFOOT across the road to school, DOWNHILL both ways, on a mild summer's day!

              1. Jonathan Schwatrz
                Happy

                Re: Kiwi Re: Because you can't be arsed

                But did you get sliced in two with a bread knife?

            2. RegGuy1

              Re: Because you can't be arsed

              Kermit. Fucking hell, I've not used that in a looong time!

    3. phuzz Silver badge

      Re: Because you can't be arsed

      Given that this coin mining software will need to be run across millions of devices to be worthwhile, why would anyone take time out to find a way to secretly run it on a unix box, when the same amount of time and effort could be spent getting it to run on Windows machines, thus reaching an audience probably at least 100 times larger?

      1. Doctor Syntax Silver badge

        Re: Because you can't be arsed

        "why would anyone take time out to find a way to secretly run it on a unix box"

        It's written in Javascript so no effort at all is needed to make it run on a Unix box. The browser provides the platform. Pop-under windows are also a feature of the browser so what works on the browser on one OS is going to work on another.

        Noscript is your friend.

      2. d3vy Silver badge

        Re: Because you can't be arsed

        "Given that this coin mining software will need to be run across millions of devices to be worthwhile"

        Actually with the curent trading price of monero you could probably get a fairly decent return from anything above 500 machines.

        Generally I believe coinhive say that the to make it profitable vs adverts you need around 2000 users spending 10-20 mins on your site (Its been a while since I read this so it might not be accurate still) so if you can trick users into running the script for a few HOURS then you will need far fewer people.

    4. Mage Silver badge

      Re: Because you can't be arsed

      … to run NoScript properly configured.

      No platform is immune from evil on the Internet. Worst is 3rd party domain javascript, esp. in adverts. BBC and CNN have served malware.

      When will Advertisers and Webmasters / owners learn? Anything other than the same URL for everyone image and a link is evil.

      1. Claptrap314 Bronze badge

        Re: Because you can't be arsed

        The last Firefox update rendered noscript unusable. Also a couple websites unviewable.

        1. The Dogs Meevonks

          Re: Because you can't be arsed

          I found that out yesterday, thought I'd got some kind of infection that all of my security/protection had missed.

          Nope... just the fact that NoScript 10.1.3 was the culprit... I returned to 10.1.2 and everything was fine again... after double checking and comparing to another system that doesn't get firefox updated as often.

          Today after retesting this afternoon after a fresh boot... all is good again and 10.1.3 works once more... But I am having to relearn some sites... once of which was an internal one to my mediaserver.

        2. JLV Silver badge
          Boffin

          Re: Because you can't be arsed

          NoScript is back on FF57 Quantum and has been for about a week.

          Mine re-enabled itself somehow without me having to do anything. Looks legit enough though - same whitelists as before for each site.

  2. veti Silver badge

    Finally, a reason to move the task bar

    Just 20 years after Microsoft gave us the capability, at last there's a reason to do it.

    Unfortunately it would mean relearning 20 years' worth of muscle memory and habit - but hey, nothing's for free, right?

    1. Teiwaz Silver badge

      Re: Finally, a reason to move the task bar

      Traditional taskbar layout 'just doesn't look right' any orientation but horizontal (to me, anyway).

      And I've been using 'Linux soley (home system anyway) for 18 years.

      It's the clock and the system tray that don't look right mostly...

      1. bazza Silver badge

        Re: Finally, a reason to move the task bar

        Yet the same trick works on Linux and everything else too. It's the HTML/Javascript standards that allow this, and they're everything to do with Browsers, not operating systems.

        1. Teiwaz Silver badge

          Re: Finally, a reason to move the task bar

          Yet the same trick works on Linux and everything else too.

          + Although proly not on a Tiling Wm.....

          ...well, not unless you've set your browser to Float all the time.

          + Many 'Linux Desktops these days have unmovable panels that nothing can hide under (Gnome, Unity).

          +Then there are the hard-asses that have gone desktop comando (no pants, erm, panels whatsoever)....

          1. Charles 9 Silver badge

            Re: Finally, a reason to move the task bar

            Even without a taskbar, it may be possible to "shade" the window by putting it right on the edge so you'd have to spot a very thin line in order to know the window's there. Actually, a taskbar will be of help here since it can make you aware a browser window's still open.

            1. bombastic bob Silver badge
              Devil

              Re: Finally, a reason to move the task bar

              "Actually, a taskbar will be of help here since it can make you aware a browser window's still open."

              a good point. There may be a way to have it display "iconless" though. I haven't tried. But if it's a top level window, it will most likely be in any task bar that has icon windows listed in it.

              I run Mate with the upper panel having the CPU monitor in it. If I see unusual CPU activity, I typically kill that application and re-start it. Usually it's Firefox, due to garbage collection and being left open on 7 virtual desktops with 20 or 30 tabs for days or weeks on end. Sometimes it's something else. but if you see consistently high CPU usage, it's often a problem with the application. And if it's bitcoin mining, THAT would put a stop to it REALLY QUICK.

              That, and running 'NoScript'.

    2. Nick Ryan Silver badge

      Re: Finally, a reason to move the task bar

      The original "task bar" (start menu) in Windows was designed to be at the top of the screen however I understand that Microsoft Legal stepped in as this could have caused them some serious problems if manufacturers of other OSes complained. There may also have been design considerations where menus were stacked together, as in the OS shell menu and an application menu however as the task bar was designed to be very different to an application windows's title bar I don't really see this as an issue.

      It was almost certainly a last minute change and as a result of this, and doubtless and bit of obstinancy, it was possible from the outset to put the menu back in the designed location, the top of the screen, even if the default was set to the bottom.

      When you think about the original Windows start menu being located at the top of the screen it makes considerable more sense as the first thing on the start menu really shouldn't be shut down as this was entirely the reverse of common sense and all existing menus. The All Programs folder would have been at the top and Shutdown/Exit at the bottom which also made a lot more sense.

      1. Mage Silver badge

        Re: Finally, a reason to move the task bar

        Top of screen makes most sense. I have my programs menu and running applications panel there on autohide and autowidth. Less easily triggered visible as it's near title bars. I have autohide panels on the three other edges:

        Left: Local look up stuff / management (Calibre, Control panel, Filemanager)

        Right: Remote stuff (FTP/SFTP, Browsers, email, Shh, chat etc)

        Botttom: Like applications, it has status (CPU, Keyboard state, Network state, USB manager, Bluetooth etc).

        Easy to do on Mint + Mate and save for all users. Windows has become horrible with its pinning and unreadable flat icons and poor customisation, like back to Windows 1.0 and 2.0. The 3.11 was better, you could even make a desktop window like a pinned taskbar menu!

    3. Doctor Syntax Silver badge

      Re: Finally, a reason to move the task bar

      Just set the task bar to autohide.

    4. Anonymous Coward
      Facepalm

      Re: Finally, a reason to move the task bar

      Or Microsoft could fix their mess and not allow windows to be hidden behind the taskbar.

      1. Dinsdale247

        Re: Finally, a reason to move the task bar

        They already tried that. It was called Windows 8 and you all complained.

    5. Spanners Silver badge
      Happy

      Re: Finally, a reason to move the task bar

      As we are getting wider/narrower screens all the time, the best place for me is at the side in some of the waste space that I now have. I prefer it on the ,left for the same reasom that I prefer to drive there - I'm mostly right handed. YMMV on that.

      1. Orv Silver badge

        Re: Finally, a reason to move the task bar

        I have the dock on the left on my Mac and my Chromebook. Never felt like the Windows taskbar functioned very well in that position, though.

    6. d3vy Silver badge

      Re: Finally, a reason to move the task bar

      "Just 20 years after Microsoft gave us the capability, at last there's a reason to do it.

      Unfortunately it would mean relearning 20 years' worth of muscle memory and habit - but hey, nothing's for free, right?"

      I have mine set to auto hide anyway * , no changes to muscle memory needed as when the mouse moves down its there.

      * I dont like the clutter!

      1. 404 Silver badge
        Joke

        Re: Finally, a reason to move the task bar

        My taskbars have been up top for many years now because... you know... gravity. Machines run faster ;)

        1. ThomH Silver badge

          Re: Finally, a reason to move the task bar

          The apocryphal version I heard was that there were no Windows 3.1 apps that had an issue with screens being different sizes, there were some that had issues with the origin of the user-interactable area not being (0, 0), and the coordinate system was a shared and exposed resource with no coherent way to offer different versions to different apps.

          So the start bar went at the bottom because there were too many significant apps that either assumed the top left was (0, 0) when maximised or had a bad habit of spawning new windows at (0, 0), no coherent way to lie to them about the coordinate system, and too many edge cases in every attempted kludge.

          But unless and until I read it on something like Raymond Chen's excellent The Old New Thing, I'll continue to take that alleged version of events with a pinch of salt.

      2. Simon Harris Silver badge

        Re: Finally, a reason to move the task bar

        "* I dont like the clutter!"

        Maybe I'm just greedy, but I auto-hide it because I want that extra 40 lines of pixels all for myself!

  3. Anonymous Coward
    Anonymous Coward

    'If malvertising wasn’t bad enough as is'

    Speculators made millionaires of a lot of wannacry extortionists and hacker scumbags etc this month. Who knows, maybe they'll give up their craft???

    1. Doctor Syntax Silver badge

      Re: 'If malvertising wasn’t bad enough as is'

      "Speculators made millionaires of a lot of wannacry extortionists and hacker scumbags etc this month."

      Until that bubble bursts.

      1. Anonymous Coward
        Anonymous Coward

        'Until that bubble bursts.'

        The malware-writing cyber-crims have cashed out early as millionaires... (Ahead of regulation + money-laundering checks)..

  4. Anonymous Coward
    Anonymous Coward

    I'm old school

    Like chess-by-mail, I do the internet by correspondence.

    I am currently waiting for a ping letter...

    1. Teiwaz Silver badge

      Re: I'm old school

      I'm old school

      Like chess-by-mail, I do the internet by correspondence.

      I am currently waiting for a ping letter...

      Read that as Cheese by mail

      ...If it sounds like a good idea, I've got dibs...*

      'How are we on tilsit, red leicester, Venezualan beavers cheese'...

      * Yes, the website will be playing bouzouki music

    2. redpawn Silver badge

      Re: I'm old school

      With Spectrum internet they do a good job of simulating this.

    3. Kiwi Silver badge
      Unhappy

      Re: I'm old school

      Like chess-by-mail, I do the internet by correspondence.

      I am currently waiting for a ping letter...

      Most of the time lately my current feed is like that, but with an electric typewriter attached.

  5. Frumious Bandersnatch Silver badge

    continuations...

    Hello, lambda calculus ...

    (I wonder will this curry favour with the readers?)

    1. bombastic bob Silver badge
      Joke

      Re: continuations...

      "I wonder will this curry favour with the readers?"

      lambda curry, and the enjoyable smells afterwards (give it an hour or so if it's properly spiced)

  6. Forget It
    Coat

    Firefox remedy via addon (WE)

    https://poperblocker.com/firefox/

    1. Anonymous Coward
      Anonymous Coward

      NoScript helps here, but be careful. Some of these popups are actually gates, meaning blocking them means you can't proceed.

      Also, I'm not too pleased with the script requirements for that homepage. For a site that touts protecting privacy, they don't adhere to privacy-protecting KISS principles.

      1. Anonymous Coward
        Anonymous Coward

        We pay nothing for no-script and it's bloody invaluable. Let them hawk some stupid pc performance boost Ads if they want, got to make a living somehow...

        1. Charles 9 Silver badge

          Not talking NoScript. They actually keep things simple. It's the Poper Blocker homepage I'm complaining about. And by my philosophy, if you can't get by without begging, you're in the wrong line of business.

          1. David 132 Silver badge
            Coat

            Charles 9 It's the Poper Blocker homepage I'm complaining about.

            Go easy on it, being able to block Popes is useful, they're always pontificating about things.

            Oh, wait, I might have mis-read.

        2. Doctor Syntax Silver badge

          "We pay nothing for no-script"

          Be a good A/C and give them a donation now and again.

          1. lglethal Silver badge
            Go

            Anyone got a replacement for NoScript? The new Version for Firefox 57 is atrocious and totally user unfriendly. Until they get it back to the ease of use of the old one, I need to find something else...

            1. Anonymous Coward
              Anonymous Coward

              @ lglethal

              You could trade off the new features of 57 for an older version where extensions still work properly.

              It's a trade off in using old version (where all your plugins happily work) vs. not having latest version & so not all security related patches. An awkward call, I prefer older version as I have more control over the browser (& when a must have security patch appears I'll switch to a Firefox fork that supports old style extensions but has security patches). I'm loyal to my "must have" extension functionality rather than any particular browser

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019