Threat Assessment: Moondashcoin

in #dashcoin7 years ago

After thinking I was being burned and people were using my computers to mine, I realized I had no idea how they did it, and wanted to know more. This post, and the others that follow, will be a record of my research into the sites I used.

To safely check these sites, I made a Windows 7 virtual machine in Virtual Box. Below are screenshots of my VM setup:

VM system.PNG

VM processor.PNG

So yeah, 2GB RAM, 1 CPU core, standard stuff. I put the VM behind NAT, and disabled shared host folders and clipboard. Better safe than sorry, right? After updating windows, Firefox, and installing Microsoft Security Essentials, I made a clone of the VM that I can call upon in case my test environment gets corrupted beyond the point of repair.

So what is Moondashcoin? According to their whois lookup at whois.net, they were registered by GoDaddy in November of 2015. They list a PO Box in Victoria, AU, as their main point of contact. They also have a phone number that I don't care to call because I'm not that interested in incurring a massive phone bill to call the other side of the planet. Their contact info is rather sparse, likely because of a desire to hide the people behind this operation. This is the one moon site that is different than the others when it comes to contact information. Sure, everything is sparse on details, but where the other sites have contact info that points to an email domain that is the same as the URL, moondashcoin points to a passivebitcoin.com email address for the registrant, admin, and tech. It's a small detail, but fascinating that it's different.

moondashcoin website.JPG

Their site is...well, it's everything you'd expect in a site that gives out "free" money. There are banner ads everywhere. The layout is different compared to the other moon sites, which has me wondering if this was the prototype that led to the design of the other sites. Also conspicuously missing are the little popup ads in the corner. It makes me wonder if this site has been ignored for a while, or if it's something completely different.

moondashcoin resource usage.JPG

I let the site sit idle for about 45 minutes and watched my system performance. It's actually not that bad, in all honesty. I was expecting worse, especially after all the crud I've thrown this thing through during my assessments. The next thing for me to check was the scripts that the site runs. Firefox's debug mode is fanstastic for this, and that's precisely what I used. I checked each of the sources in the debugger window, and I found some interesting results.

The scripting on Moondashcoin is completely different compared to the other three moon faucets. Where the others had countdown timers, a plugin container, and audio notifications, moondashcoin has three scripts: core, faucet, and site. They look like they're written by someone else. Some of the code is clean, other parts are very messy. I can't tell if it was piecemealed together by a group of amateur coders, or if someone grabbed a bunch of free code samples and mashed it all together.

Of interest are the advertisers. Gone is coinzilla and cointraffic, and in its place, we have this adnxs.com and a rubiconproject.com. The latter is apparently a pretty big company, being founded in 2007 and based out of Los Angeles. Seems to be a legitimate advertising company. The former, however, is part of the app nexus advertising platform. Malwaretips.com flags this as a potentially unwanted program, and one that should be removed. It's not a virus, per se, but it's annoying enough that many people will want it removed. Sounds like they've had some shady business dealings in the past, which leads to this reputation.

Everything else is pretty standard. Google syndication, facebook, twitter, standard stuff. There was a doubleverify.com, which I believe is tied into the solvemedia captcha option for claiming your free dashcoin. But beyond that, nothing really worth being super worked up over.

If I had to choose two of the faucet sites to work with, I'd choose the dashcoin and the litecoin sites. They're the least obtrusive, and least likely to cause harm to your computer. I would still keep them sandboxed in a VM, don't let them out, and don't think they're completely harmless. If you do decide to take the plunge and try it out, I'd appreciate your assistance in using my affiliate link:

http://moondash.co.in/?ref=ca5147ad5adc

As always, stay safe, use your head, and for the love of god, use protection!

Sort:  

Congratulations @ddrfr33k! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of comments received

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

where you get your VM machine? thanks.

I'm using Oracle VM Virtual Box.

https://www.virtualbox.org

It's free for personal use, which is fantastic. As for the OS, I used to be a Microsoft Developer Network Academic Alliance (MSDNAA) admin for a local community college. As part of my adminstratorship, I was granted licenses for pretty much everything MS had to offer. So I had a Win7 x86 disc left over from that. Haven't worked there in 3 years, though.

If you want a Windows VM, buy an OEM disc from some place like Micro Center. They go for about $100, but for any IT professional, they're worth having.

thanks need to look into it myself. I have no IT experience what so ever but learning.

Virtual machines are fantastic, especially if you want to test something and see how it works.

Virtual machines are fantastic, especially if you want to test something and see how it works.

Coin Marketplace

STEEM 0.26
TRX 0.20
JST 0.038
BTC 95553.33
ETH 3596.23
USDT 1.00
SBD 3.79