Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Skype Malware Uses Victims' Machines To Mine Bitcoins

Posted by timothy on from the hey-that's-not-yours-it's-mined dept.

An anonymous reader writes "A new piece of malware propagating across Skype has been discovered that tries to convince the recipient to click on a link. What makes this particular threat different is that it drops a Bitcoin miner application to make the malware author money. While malware has both spread on Skype and mined Bitcoins before, putting the two together could be an effective new strategy."

18 of 132 comments (clear)

  1. Re:Nerdcoin Apologists by dj245 · · Score: 2

    Dunno, but I've been waiting for this to happen. It's an obvious step for botnet owners.

    It would be an obvious step a couple years ago. Bitcoin mining with CPUs is so pointless that they removed the function from the software. Most computers likely to be infected likely won't have a powerful GPU, and GPU mining will become pointless pretty soon regardless.

    --
    Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
  2. What happens to those mined bitcoins? by Freddybear · · Score: 3, Interesting

    So when the user detects and presumably removes the malware, what happens to those mined bitcoins? Do they disappear? Are they still in the malefactor's account? Lastly, is there any chance of tracing and impounding the bitcoin account so that the bad guy doesn't profit?

    1. Re:What happens to those mined bitcoins? by EmperorArthur · · Score: 4, Informative

      From what I understand, the trick is each miner goes through a search space. If it doesn't find anything, it requests another search space from the control server. If it does, it tells the control server about it. The control server then tells the rest of the world that it found this new bitcoin. If you shut down a machine during a search the control server eventually sees this and has another machine look through the same search space. This is basic parallel programming using a scatter-gather approach with a little bit of management on the server side.

      As for the bitcoin itself. There's nothing anyone can do. There is no mechanism within the bitcoin system to declare a bitcoin to have been produced illegally. If the command and control server is shut down then the bitcoin wallet might very well be lost. In that case, the bitcoin is lost forever. See this CCC video about bitcoin loss, deflation, and why that's a bad thing. https://www.youtube.com/watch?feature=player_detailpage&v=-FaQNPCqG58#t=1137s As cool as bitcoin is, it has serious problems which will keep it from being used in day to day life. Hyped Example: http://www.newstatesman.com/economics/2013/04/bitcoin-hyperdeflation

      The idea behind this malware is kind of neat though. It's not stealing log in credentials, so it doesn't need to do browser interception and then have the hacker physically dealing with banks. It doesn't preform ddos attacks or send spam, so it doesn't use any network resources except for talking to the command and control server. If it's written correctly, it should run at low priority with a small memory footprint. It might be using 100% CPU, but on a desktop machine, the user would probably never even know its there.

      --
      So lets pretend that we've just completed writing this code, as opposed to having just completed sabotaging it -Altera
    2. Re:What happens to those mined bitcoins? by DanielRavenNest · · Score: 2

      Miners are looking for the lottery number (nonce) such that it plus a set of new bitcoin transactions and the hash of the previous block generates a new hash with a lot of leading zeros. The exact number the new hash has to be below is set by the total hashing power of the network. Thus the difficulty of the lottery is adjusted so that a new block is found every 10 minutes. If you win the lottery, you get to include 25 newly created bitcoins addressed to your own account, plus any transaction fees. At the moment this is worth $3500 or so per block.

      Any hash calculation which does not result in a new block gets nothing. It is a losing lottery ticket, and the unwilling botnet victim just wasted electricity. The botnet operator only makes anything if they discover a winning number and publishes the new block. The combined hashing power of the network is 5 times the 120 Petaflops of the Top500 list of supercomputers *combined*. So unless the botnet operator has an asounding number of bots, odds are he hasn't earned anything.

      The nature of the bitcoin network is there is no way to tell a botnet from a fast but legitimate mining rig *within the network*. If you submit a correctly formed block, it gets accepted by the other nodes in the network and added to the permanent transaction history (block chain). You might be able to match IP address of the botnet controller to the bitcoin node address, but I assume anyone smart enough to run a botnet knows how to use proxies to mask their location.

      By design, transactions are irreversible, and accounts cannot be impounded by anyone, because accounts exist in a distributed form on multiple copies of the block chain (every node has a full copy). As a user, you have a private key to sign new transactions, which proves you own the account. The most you could do is seize the private key if you can find the perpetrator, and then take their balance from them. If they had already spent their balance on sex, drugs, and rock-n-roll, though, the money is gone, because *transactions are irreversible*.

      Although this allows evil botnet operators to function, the tamper-resistance of bitcoin also prevents governments from seizing accounts or taxing them without first finding the owners. This is not easy, because although the transaction history is public, owner names are not part of the history, just account numbers and how many bitcoins to transfer.

    3. Re:What happens to those mined bitcoins? by IamTheRealMike · · Score: 3, Insightful

      As cool as bitcoin is, it has serious problems which will keep it from being used in day to day life.

      Bitcoin does indeed have problems that make it hard to use in daily life, but "deflation" is not one of them. BitPay has reported that when the value of a Bitcoin rises their transaction rate goes up not down, as macro-economists would predict. Perhaps because holders of coins feel rich and start to splash out. This should not surprise us. The consumer electronics industry has been in a permanent state of economy-destroying inflation since pretty much forever yet even better and cheaper smartphones/mp3 players/etc continue to fly off the shelves. And in case you'd like observations more rigorous, there is no empirical evidence of a link between deflation and depression.

      Anyway, obviously the goal is that nobody loses Bitcoins through carelessness - there are many strategies to help people back up their keys, and over time they will become widely implemented and used.

    4. Re:What happens to those mined bitcoins? by Jeremi · · Score: 2

      It might be using 100% CPU, but on a desktop machine, the user would probably never even know its there.

      Is there a way to keep your program's CPU usage from showing up in Task Manager (etc)? If so, then the only other thing you'd need is a way to keep the computer's fans at their nominal levels so that the extra noise wouldn't tip the user off, and you're golden (at least until the computer catches fire).

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
    5. Re:What happens to those mined bitcoins? by EmperorArthur · · Score: 2

      For 99% of users it doesn't matter. Computers are the magic black boxes that either work or they don't.

      While it might be fun to write a program that disables all thermal protections and stops the fans, it's quite a different challenge than a simple bitcoin miner.

      I have enough trouble trying to set things using the officially provided drivers. Controlling hardware on an unknown machine... Anyone who could do that shouldn't have any trouble making quite a bit of money.

      --
      So lets pretend that we've just completed writing this code, as opposed to having just completed sabotaging it -Altera
  3. Re:Nerdcoin Apologists by dj245 · · Score: 2

    Bitcoin mining with CPUs is pointless .

    Only if you're paying for the electricity yourself.

    If somebody else is paying ... hey, why not?

    There are better and more lucrative things to do with botnets. If you have a botnet and can't think of anything better to do with it, you can lease it out or sell it. The tiny amount of money bitcoin on commodity hardware would bring in pales in comparison to selling bank accounts, sending spam, renting out attacks, etc. Keep in mind that as a zombie computer becomes more "obvious"- computer is slower, fan runs at 100% all the time, etc, the more likely that the malware will be noticed and removed.

    --
    Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
  4. CPU Bitcoin Mining still makes sense for Botnets by mathimus1863 · · Score: 5, Interesting

    To the people that are saying it's not worth it for malware or botnets to mine coins with CPUs... a single CPU does about 4 MH/s. If 250,000 computers all over the world are affected, that's 1 TH/s, which is about 67 BTC/day at the current difficulty. About $1,000/day, or $30,000/month. Scale appropriately for how many computers are affected.

    Yes, it's a waste of time and electricity for an individual to mine Bitcoins with their CPU, but if you have access to 100,000+ machines doing it, and you're not paying for the electricity, it's obviously worth it.

  5. Re:Mining for bitcoin, undermines bitcoin by pla · · Score: 3, Insightful

    This idea that you can 'mine' for bitcoins is what makes me not take it seriously. It seems so arbitrary and ridiculous.

    I know, right? Like those lumps of yellow metal or shiny hunks of clear carbon we mine from the Earth. Entirely arbitrary and ridiculous to assign any value to them. ;)

    If it makes more sense to you, it may help to stop thinking of it as "mining", and instead consider it as pay for doing the work necessary to add transactions to the blockchain.

  6. Re:Nerdcoin Apologists by Joce640k · · Score: 3, Insightful

    Keep in mind that as a zombie computer becomes more "obvious"- computer is slower, fan runs at 100% all the time, etc, the more likely that the malware will be noticed and removed.

    Typical geek thinking.

    So what if it gets removed? If it ran for a week on 100,000 machines with somebody else paying for the electricity then it was totally worth it.

    --
    No sig today...
  7. Re:Nerdcoin Apologists by Zadaz · · Score: 2

    If you have a botnet and can't think of anything better to do with it, you can lease it out or sell it.

    Except dealing with any third-parties increases your risk. Which one of them has loose lips, poor security, is a snitch or an undercover officer? Even criminals don't want to hang out with other criminals more than they have to.

    Keep in mind that as a zombie computer becomes more "obvious"- computer is slower, fan runs at 100% all the time, etc, the more likely that the malware will be noticed and removed.

    I don't think you're around the typical computer user much, or their computers. You describe at least 60% of the non-technical people's computers that I know. They shrug it off. Computers suck and they'll never understand why. Eventually it will straight up die and they'll have another frustrating and expensive experience with Geek Squad. Rinse, repeat.

  8. Re:Nerdcoin Apologists by mattventura · · Score: 2

    No, because the opportunity cost is what matters. If I had 100,000 machines for a week, then instead of slowly mining bitcoins I could instead rent the botnet to spammers, DDoSers, etc and make more money.

  9. Re:Mining for bitcoin, undermines bitcoin by icebraining · · Score: 3, Informative

    You should read up on the Bitcoin protocol/architecture. "Mining" isn't arbitrary, it's how the system verifies transactions and prevents double spending - you need mining for the whole system to work.

    The fact that new coins can be gain from mining is not arbitrary either: first, it encourages people to mine, and therefore strengthens the network. Second, a big part of the Bitcoin appeal is that nobody can just inflate away the value of the coins one owns.

    You may disagree with it, but it's definitively not arbitrary.

    --
    Dilbert RSS feed
  10. Re:Nerdcoin Apologists by MrL0G1C · · Score: 2

    Butterflylabs offer ASIC miners

    They offer them, but they don't ever seem to ship them, and if they did ship all of the orders, the difficulty rate would go 4 to 16 times harder because of the sudden massive increase in mining.

    --
    Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
  11. Re:Nerdcoin Apologists by camperdave · · Score: 2

    There are better and more lucrative things to do with botnets.

    The two are not mutually exclusive.

    --
    When our name is on the back of your car, we're behind you all the way!
  12. Re:Turning in my nerd card. by Zontar+The+Mindless · · Score: 2

    THINGS NOT TO DO BEFORE MORNING COFFEE ( updated ):

    1. ...
    2. ...
    3. ...
    4. Operate heavy equipment.
    5. Juggle Greek prefixes without exercising the utmost care.

    Thanks.

    --
    Il n'y a pas de Planet B.
  13. Re:Nerdcoin Apologists by Jedi+Alec · · Score: 2

    The average /. poster knows more about anything than anyone. That's why everytime there's a scientific article there's people popping out of the woodwork going: "Aha! Bet they didn't think of that, did they?".

    Preferably without actually reading the article that adresses that very point ;-)

    --

    People replying to my sig annoy me. That's why I change it all the time.