NZBGet & SABnzbd Malware Alert

  • April 15, 2021
  • 5 min. reading time

At this point, you might have heard of the new “virus” plaguing Usenet users. This NZBGet and SABnzbd malware can install itself onto your computer and start using local resources, slowing down all your activity. Fortunately, there are ways to prevent this from happening.

What Does this SABnzbd Malware Do?

Before we get into how to prevent this, you should know what it is and the wider implications. 

The reason that this NZBGet and SABnzbd malware exists is Bitcoin.

Bitcoin Mining

If you’re unfamiliar with the concept, Bitcoin is a “crypto currency,” meaning that it’s money not tied to a government. There are several of these circulating. Since anybody can make one, there has to be a way of limiting the amount in circulation to avoid inflation. This is where “Bitcoin mining” comes into play.

A Bitcoin miner earns new Bitcoins by verifying other people’s purchases. Since there’s no physical money or banks to do the verification work, it’s possible to make a copy of your Bitcoins and spend them several times. Miners make sure this doesn’t happen. Every time they verify 1 MB of transactions, they’re eligible to earn 1 Bitcoin.

However, to keep too many people from verifying the same data, only the first person to do that and guess a particular number (it’s a little more complicated, but not by much) gets the Bitcoin. So miners spend enormous amounts of money on high-end computers that can not only check the transactions, but also figure out the magic number first.

How This Is Related

Some unscrupulous Bitcoin miners don’t want to spend money on high end systems or can’t get the parts. They need very powerful GPUs (Graphics Processing Units) to do the math quickly enough, and it’s been almost impossible to buy a new video card for quite a while because Bitcoin miners keep scooping them up.

Instead of building their own system, these nefarious miners use other people’s computers. This SABnzbd malware installs a Bitcoin Mining program on your computer that uses your system resources to do the math. Spread over thousands or even millions of people around the world, that can be a very powerful (and lucrative) setup for the person running it.

And the victims suffer from achingly slow computers, working to make money for somebody else.

How Do I Keep This Off My Computer?

There are a couple of things you can do to keep your computer free of this NZBGet & SABnzbd malware.

If you’re using NZBGet or SABnzbd, malware like this can only affect you if you don’t use a username and password to protect your newsreader. The biggest issue is that SABnzbd and NZBGet are exposed to the Internet, allowing malicious actors access. A username and password will help keep them out. You can check this the following ways.

SABnzbd

  1. Open your SABnzbd newsreader and click the “gear” icon in the top right of the screen.
  2. Select the “General” tab and check the “Advanced Settings” box.
  3. Scroll down to the “Security” section.
  4. Create a Username and Password in the SABnzbd Username and SABnzbd Password fields. This will require you to log into your newsreader, but will prevent this malware from affecting your system.
  5. Scroll to the bottom of the page and save your changes.

NZBGet

  1. Open NZBGet and click on “Settings” at the top of your screen.
  2. On the left-side menu, choose “SECURITY”
  3. If you feel comfortable, you can change your ControlIP to the local IP address of the computer that you want to use the newsreader on. This could cause issues, however.
  4. The easier way to secure your computer is to make sure that ControlUsername and ControlPassword are both filled out. These will allow you to access NZBGet remotely, but securely.

If you are using the Newshosting Newsreader, you’re not vulnerable to this particular exploit.

How Do I See If I Have This?

The simplest way to see if you have this NZBGet & SABnzbd malware is to check your Usenet download history. If you have downloaded and processed any NZBs that you don’t recognize with titles that begin “nzbdwin,” you probably have the virus.

In that case, the best thing to do is to run your local antivirus software. It is a known program and most antivirus applications already have it listed in their databases.

Another simple solution if you have recovery points set up on your computer is to see what day the malware was installed and revert your system to a state before that point.

While this is not difficult to get rid of, it’s very, very easy to get if you don’t take precautions. Convenience and cybersecurity are inversely proportional. If you must access your newsreader remotely, at the very least make sure you’re using a complex, difficult to guess username and password.

Don’t be the victim of Bitcoin miners stealing your resources. Stop this NZBGet & SABnzbd malware in its tracks.

Get More Retention and Speed Than Any Other Usenet Provider