Pirate Website Uses Visitors Browers to Mine Virtual Coins and Servers Leak Memory


It's another week in Threatwatch.

Equifax fallout dominated the week, including another push by U.S. lawmakers to create a nationwide data breach standard, and then there was the anti-virus software that had embedded malware. But there’s always more in Threatwatch, Nextgov’s regularly updated index of cyber events. Here’s what else you may have missed:

Pirate Bay Taps Visitors’ Computers To Mine Cryptocurrency

The Pirate Bay, a notorious torrent website, tried a new way to monetize its site: using its visitors’ processing power to mine virtual coins.

The Pirate Bay allows users to swap media files, like movies or music, and has run into legal trouble many times for assisting copyright infringement. Visitors on Sept. 16 reported an uptick in their CPU use. Some digging revealed it was an in-browser currency miner for Monero coins that automatically started when visiting certain pages, Engadget reported.

The website operators told TorrentFreak it was testing a currency miner for Monero coins, and later posted on a blog that it was a limited-time-only test to determine if it could replace its ad revenue.

Apache Bug Could Leak Data

A security researcher found a vulnerability that could result in a memory leak of servers running Apache software—but only in shared environments and in some rare configurations, according to reports.

Researcher Hanno Bock released a report Sept. 18 on Optionsbleed, a vulnerability in the Apache HTTP Server Project that allows servers to send back data after a malformed request, according to Naked Security. That returned data could be the users—or whatever is laying around on the server.

The vulnerability isn’t widespread, affecting about 466 out of 1 million sites, according to tests.