Slashdot Mirror
New Skype Malware Uses Victims' Machines To Mine Bitcoins
An anonymous reader writes "A new piece of malware propagating across Skype has been discovered that tries to convince the recipient to click on a link. What makes this particular threat different is that it drops a Bitcoin miner application to make the malware author money. While malware has both spread on Skype and mined Bitcoins before, putting the two together could be an effective new strategy."
I wonder how they are going to spin this one. *munches popcorn*
I received a message from a random user last week with an image to click on to download an important security update for Skype. I can see how people would fall for it, since I have messages from unknown users blocked, and the message looked legit (only thing is, the message was a lossy JPG image). Yet somehow, the spammer was able to broadcast his message through Skype's message filtering.
Skype has been terrible the past two or three years. Receiving this message forced me to disable Skype at startup, which is unfortunate because now people have to call me on the phone to make sure I'm available for chat (which defeats the purpose -- we're already chatting on the phone!). Still looking for a replacement (preferably cross-platform), and even then, I have to convince my family and friends to migrate over. And no, I'm not fond of that little Google video chat thing that requires you to have a GMail and talk through a web-browser.
This seems a few years late. It's so ungodly difficult to mine now that average Joe's infected computer just isn't going to manage to mine anything. Sure you may get lucky and get this installed on a few super high end machines, but last I heard it's getting hard to even do it with high end gpu's. Now, had this happened at the beginning of bitcoin (and I'm sure it did), the author would have actually stood a chance to make some money here.
Central Ohio Home Theater Installation - The Theater People
Hideki!
So when the user detects and presumably removes the malware, what happens to those mined bitcoins? Do they disappear? Are they still in the malefactor's account? Lastly, is there any chance of tracing and impounding the bitcoin account so that the bad guy doesn't profit?
True, but more importantly, which OS does this exploit work on?
I'm worried.
hmm I don't think you get it.
Mining for bitcoin is the same process as maintaining the bitcoin network.
They are in effect being paid to run the bitcoin network.
Given the author of bitcoin is anonymous, it's unlikely he/she/it would be able to setup a foundation anonymously.
And even if they did, it would reduce bitcoin to nothing more than any of the numerous pre-existing failed e-currencies.
You can trust a open source piece of software run on millions of computers more than you can trust a foundation.
You can trust a open source piece of software run on millions of computers more than you can trust a foundation.
I have no idea how to compare trust of the two. But widely used open source have been proven before to have serious vulnerabilities overlooked for years and years - like fx Sendmail.
Had this been done with litecoin or namecoin, I could see some profit. Bitcoin? Sorry, difficulty rating is too high and just keeps going up.
On top of that, the type of people likely to click on this are also already likely exploited and running with limited system resources as-is.
Even the entire skype userbase couldn't stand up to the raw power behind half of the mining farms already out there.
What a stupid malware author.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
I wonder how they are going to spin this one. *munches popcorn*
Oh wait, you've just shown us....
To the people that are saying it's not worth it for malware or botnets to mine coins with CPUs... a single CPU does about 4 MH/s. If 250,000 computers all over the world are affected, that's 1 TH/s, which is about 67 BTC/day at the current difficulty. About $1,000/day, or $30,000/month. Scale appropriately for how many computers are affected.
Yes, it's a waste of time and electricity for an individual to mine Bitcoins with their CPU, but if you have access to 100,000+ machines doing it, and you're not paying for the electricity, it's obviously worth it.
This idea that you can 'mine' for bitcoins is what makes me not take it seriously. It seems so arbitrary and ridiculous.
;)
I know, right? Like those lumps of yellow metal or shiny hunks of clear carbon we mine from the Earth. Entirely arbitrary and ridiculous to assign any value to them.
If it makes more sense to you, it may help to stop thinking of it as "mining", and instead consider it as pay for doing the work necessary to add transactions to the blockchain.
To the people that are saying it's not worth it for malware or botnets to mine coins with CPUs... a single CPU does about 4 MH/s. If 250,000 computers all over the world are affected, that's 1 TH/s, which is about 67 BTC/day at the current difficulty. About $1,000/day, or $30,000/month. Scale appropriately for how many computers are affected. Yes, it's a waste of time and electricity for an individual to mine Bitcoins with their CPU, but if you have access to 100,000+ machines doing it, and you're not paying for the electricity, it's obviously worth it.
Skype has 280 million active (monthly) users. Let's say the upper limit for something really virulent is infecting 5% of user base (Mac Flashback infected 1% of Internet connected Macs). That is 14 million machines. Using you calculation, that would generate $56.000/day or $1.7 million/month (but at this scale it would change the difficulty, but still generate very very significant money).
WUT?
67 BTC/day == $1,000/day? In other words - $16/BTC?
I thought it was more like $140 or so?
Maybe just add another zero in there...
"To avoid this threat and others like it, don’t click on random links you receive on Skype. You’ll be doing yourself a favor, helping stop the spread of malware, and ensuring criminals get a smaller pay day." Or don't use Skype at all, problem solved. A dead giveaway that a product is no good is whether it's owned by Microsoft.
Do some reading honey. The mining is what Bitcoin does...
Dumb as it is, how did your parent comment come off as "Microsoft apologist"?
The only possible answer is that it didn't, and that you're engaging in the same type of intellectually lazy dishonesty as the person you think you're mocking.
In case you have not heard, Hotmail's PC chat application, Messenger, is two days from being sunset in favor of Skype. That will be causing a massive migration from users who ignored repeated upgrade emails from the MS team.
Just when I thought it was hard to convince my long-term guests that they should ignore the Messenger Icon, forcing themselves to learn the freshly installed Skype forced down our throats, I have to worry about their malware risks from a new vector of attack.
I very sparingly use the hotmail/live/OUTLOOK/identityCrisisNameDUJOUR account, and would have uninstalled it if I didn't have said friends from a land where people KNOW nothing else*. The loss of Hotmail integration, loss of social media-ish features, and bold GUI design choices to force you to try their $$$ calling plans really is making me consider shutting the doors on the account.
*We stay off FB. They know OF Yahoo Messenger which I never use. My GTalk is unknown to them and all this stinks of network effects.
But its needed. There's the greater fool running by the dozens into this virtual currency, which "can't" be manipulated. My ass. This is a prime example of just one of the many downfalls of it. I won't go into others to stay on topic. And to think this hasn't already been common practice... well - if you think that, you might want to check for a miner running on your system right now.
Okay, so how come none of that has happened yet even after multiple high-profile hacks and price crashes over the last several years? Each time something like that happens, plenty of people repeat every point you just made and insist that Bitcoin is going away this time for sure. But it only seems to get more popular over time. Please explain that.
And no, I don't own any Bitcoins or have any particular investment in its success (beyond academic interest), so please don't deflect the question with accusations of such.
cept those lumps of metal are physical items that can be used for more than money, bitcoin is imaginary and doesnt even act as a good currency let alone anything else
Someone might modify the malware to still generate Bitcoins, but to record the coins generated. Then watch the blockchain to see who spends them. Bitcoins aren't anonymous. Mt. Gox has on at least one occasion frozen an account due to possession of "tainted" coins.
Bitcoin isn't as distributed as many enthusiasts think. 80% of transactions go through Mt. Gox, a/k/a Magic, the Gathering Online Exchange.
maybe Bitcoin was commissioned by computer hardware providers that wanted to give the processor market a boost when the Credit Crunch was at its worst.
A 250,000 machine botnet is extremely large, that puts you up in the worlds largest active botnets. Building and maintaining such a thing is not easy at all. To mine off that, you need to run a pool server that those machines can all get work from (as the existing pools will all ban you), which is a rather complex scaling problem all by itself, and then you have the fact that it's all a time limited technique. ASIC hardware has, from what I understand, finally started to ship in significant numbers from the Avalon guy and people will be wiring them in and starting them up over the next few months, which will shortly make just 1 terahash/sec not very much at all.
All things considered, whilst botnet mining can make sense today (especially with gpu miners), the perps know that it won't last.
`A new piece of [Windows] malware propagating across Skype has been discovered that tries to convince the recipient to click on a link. What makes this particular threat different is that it drops a Bitcoin miner application to make the malware author money. While malware has both spread on Skype and mined Bitcoins before, putting the two together could be an effective new strategy.`
AccountKiller
Posting AC because of the shame... While on vacation, I passed by to visit one of my grandmothers, whose computer I built 4 years ago was acting up... (note her last computer had a lot of malware on it, and was sooo slow). I used a slim mATX case, and the ram I got wouldn't fit in two of the slots' space... so she had 2GB of ram. While there, she again had a lot of crap and was likely infected. I cleaned off as much as I could, disabled all the browser plugins, updated the AV. I still didn't trust it and was going to do a clean install of Ubuntu instead of windows, to keep her safer (she had half a dozen of the drive by "ur system is slow, scan now?" type crap)... In any case, I went to Best Buy to get a usb drive to put the installer on, and grabbed 4GB of DDR2 as well (way overpriced). I ran into issues getting Ubuntu's install to even recognize the drive for partitioning, funny that it could read the hdd... I decided to leave Windows in place and with the extra ram it ran a lot better...
I was only there for one night, and just didn't have the time. It's really a shameful thing to me. It probably would have taken some time to make sure her eReader would be working anyhow.. I did de-DRM her eBooks, and back up her stuff... but just really wish I had another day to get it all done.
"(as the existing pools will all ban you),"
What basis do you have for this?
Tulips got real popular at one time, too. Bitcoin is now trading at $140+/per unit, and the curve is very sharply up. In fact anyone who knows anything about markets will tell you, it's not sustainable. When Bitcoin is at a few thousand dollars a unit - next week or so at this rate - and people start getting REALLY greedy, that's when the fun will begin. Demand has to be based at least partly on something other than human greed. But yeah go take out a second mortgage and put it all in bitcoin. You could be rich within a couple weeks. Or more likely, you'll have to pay off a second mortgage the hard way...
Seven puppies were harmed during the making of this post.
Better yet spread them on massive game networks that way you know they have a better GPU. Lol
They've been doing it a long time. That's why the ZeroAccess guys run their own pool (or tried to at least).
The new mid-level BFL mining chip can perform 60,000MH/s at 80 watts. My i5-2400K can do 14MH/s, my Nvidia GTS450 can do about 40MH/s, and my Radeon 5830 would have been able to do about 220MH/s under ideal circumstances and maxed out. So, this is so far into the not worth it category, it's comical.
no need to worry as long as you have HOSTS.
You didn't explain anything, you just repeated your assertion that it's all going to come crashing down Real Soon Now, Just You Wait. And your requisite tulip reference does not account for how that bubble expanded and popped in a matter of months . If Bitcoin were truly analogous to tulip-mania, it would have collapsed and faded away entirely by 2011 or so.
So I'll ask again: Please explain why Bitcoin has become more popular over time in spite of high-profile events that prompted predictions like the one you made, and why your prediction is more credible than its predecessors.
You should read up on the Bitcoin protocol/architecture. "Mining" isn't arbitrary, it's how the system verifies transactions and prevents double spending - you need mining for the whole system to work.
The fact that new coins can be gain from mining is not arbitrary either: first, it encourages people to mine, and therefore strengthens the network. Second, a big part of the Bitcoin appeal is that nobody can just inflate away the value of the coins one owns.
You may disagree with it, but it's definitively not arbitrary.
Dilbert RSS feed
The virtual currency that is "safe", despite numerous examples of exchange hacks and theft.
What one has in an exchange isn't bitcoins, it's credit which they promise to exchange for bitcoins. It's bank money.
Wouldn't it make sense to hold off on your purchase if tomorrow your current bitcoin wallet can get you more?
It depends; the utility of having the item now may be greater than the gain by waiting. Otherwise, nobody would ever by phones, computers, cars, etc, since by waiting people could always get something better. Yet, these markets have a very high amount of sales.
Note: I don't own any Bitcoins; I think for now they're nothing but a speculator's toy. But I'm not writing them off just yet.
Dilbert RSS feed
I can't "explain" an event that hasn't happened yet, except point out similarities to past events that this one so far is matching pretty well. But I'll just let this graph stand as an example of the past few days. Zoom out a little, say to the "D3" three day chart. If I was a retailer selling a $10 item and accepting bitcoin, I would currently have to be adjusting the price every minute. Does this make sense for a currency? Absolutely not. Better yet, when more money piles into bitcoin and prices elevate higher, a minor 0.1% fluctuation in bitcoin price could, as a vendor, represent my profit margin.
You cannot build a medium of exchange that lacks one of the basic components of accepted mediums of exchange: stability. A chicken is a chicken is a chicken. An ounce of gold is an ounce of gold. A US dollar, while not stable, degrades relatively slowly over time. Bitcoin? Let's not speculate. Look at the chart. Absolutely unusable as it stands, other than a medium of speculation. The long term prognosis is even worse if more greed and more money piles into the system. But hey, whatever man.
Seven puppies were harmed during the making of this post.
Not to mention that at least some of those machines might have GPUs
This is the first I have ever heard of a virus that is effectively stealing compute power is this the first documented case or have there been many before?
"They've been doing it a long time."
What basis do you have for this?
Personally I think it'd be easier to talk to a Catholic about the illogic of transubstantiation, but you go right ahead.
Il n'y a pas de Planet B.
My 6 year old computer with a slightly upgraded processor (Athlon X2 5200+) is ~ 3MH/s as a reference point.
"The more pity, that fools may not speak wisely what wise men do foolishly" - Touchstone,Shakespeare's "As You Like It"
I'm not asking you to explain a future event. I'm asking you to explain past and current ones. Bitcoin has had multiple high-profile thefts and prices crashes that, according to the reasoning you outlined in your OP, should have resulted in Bitcoin being completely abandoned in short order. But it didn't happen. I'm asking you to explain why not, and why your prediction is valid in light of that.
But you haven't done that. The only past event you've compared Bitcoin to was the Dutch tulip bubble, and I already showed you a dissimilarity that invalidates that particular comparison.
And yet, there are retailers who do accept Bitcoin, and that number is growing, not shrinking. And unless you have evidence to the contrary, I think it is safe to assume that those retailers don't adjust their prices "every minute", even with that understood as a hyperbolic figure. Please explain that.
Again, I'm not invested in Bitcoin in any way. It could disappear from the face of the earth tomorrow, and I wouldn't give a damn. But I can't help but notice that predictions of its imminent doom like yours have been thrown at it since its inception, and that each and every one of those predictions has been wrong.
Okay, so how come none of that has happened yet even after multiple high-profile hacks and price crashes over the last several years? Each time something like that happens, plenty of people repeat every point you just made and insist that Bitcoin is going away this time for sure. But it only seems to get more popular over time.
I remember that arguement in the late 90's. "Netscape missed its earnings target, but it's getting more popular so buy buy!" or "The whole industry is overvalued, but that's not a problem because it's a new economy. Just look at how stock prices are going up"
D6 63 0D 70 89 81 BB 8E 7B 7C 5F 5D 54 EA AB 73
I agree. I like bitcoins, but the reason why their price is skyrocketing is not that people are finding them useful as a currency. It is because they expect the price to increase even more in the future. I.e. this is a bubble driven entierly by speculation, just like the Tulip bubble (which is just the first of many such bubbles in history). By idling in #bitcoin on freenet, I've also seen that people were excited about bitcoins as a means of investment, not because of the stuff they could directly use it for, confirming the speculation interpretation.
You haven't even looked at the graph, have you? Yeah there are vendors that do accept BitCoin. Say you want to buy, er, a "t-shirt" on silk road. Your 1 Bitcoin t-shirt last week still costs 1 Bitcoin today. Except 1 Bitcoin was $30 last week, now it's $150+ (as of this morning). Still going to buy that t-shirt? Didn't think so. So the vendor has to drop his price to 0.20 Bitcoin today for the same tshirt, or he isn't going to sell any. Just stop being so damned dense and look at the graph. You cannot have a medium of exchange that is changing in value 500% a couple weeks.
Seven puppies were harmed during the making of this post.
This is a new revenue stream developed by Microsoft.
Mining is a HUGE waste of electricity.
For tagging purposes: Not Another Bitcoin Article (NABA)
Assuming that Kaspersky are not complete and utter idiots, and that the Win32 element of the name means what it normally means, I have no further interest in the story.
Bye.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"