神刀安全网

Bash on Windows: a hidden bitcoin goldmine?

Bash on Windows is available as an insider preview, nothing generally available and nothing final (so this behaviour hopefully will still change). Processes started in Bash do not show up in the Windows Task Manager and can be used to hide CPU intensive workers, like bitcoin miners.

I ran the sysbench tool inside Bash (which is just a apt-get install sysbench away) to stresstest the CPU.

$ sysbench --test=cpu --cpu-max-prime=40000 run

That looks like this:

Bash on Windows: a hidden bitcoin goldmine?

The result: my test VM went to 100% CPU usage, but there is no (easy?) way to see that from within Windows.

The typical task manager reports 100% CPU usage, but can’t show the cause of it.

Bash on Windows: a hidden bitcoin goldmine?

The task history, which can normally show which processes used how much CPU, memory or bandwidth, stays blank.

Bash on Windows: a hidden bitcoin goldmine?

And the performance tab clearly shows a CPU increase as soon as the benchmark is started.

Bash on Windows: a hidden bitcoin goldmine?

To me, this shows an odd duality with the "Bash on Windows" story. I know it’s beta/alpha and things will probably change, but I can’t help but wonder: if this behaviour remains, Bash will become a perfect place to hide your Bitcoin miners or malware.

You can see your server or desktop is consuming 100% CPU, but finding the source can prove to be very tricky for Windows sysadmins with little Linux knowledge.

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » Bash on Windows: a hidden bitcoin goldmine?

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
分享按钮