Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Skype Malware Uses Victims' Machines To Mine Bitcoins

Posted by timothy on from the hey-that's-not-yours-it's-mined dept.

An anonymous reader writes "A new piece of malware propagating across Skype has been discovered that tries to convince the recipient to click on a link. What makes this particular threat different is that it drops a Bitcoin miner application to make the malware author money. While malware has both spread on Skype and mined Bitcoins before, putting the two together could be an effective new strategy."

2 of 132 comments (clear)

  1. Re:What happens to those mined bitcoins? by EmperorArthur · · Score: 4, Informative

    From what I understand, the trick is each miner goes through a search space. If it doesn't find anything, it requests another search space from the control server. If it does, it tells the control server about it. The control server then tells the rest of the world that it found this new bitcoin. If you shut down a machine during a search the control server eventually sees this and has another machine look through the same search space. This is basic parallel programming using a scatter-gather approach with a little bit of management on the server side.

    As for the bitcoin itself. There's nothing anyone can do. There is no mechanism within the bitcoin system to declare a bitcoin to have been produced illegally. If the command and control server is shut down then the bitcoin wallet might very well be lost. In that case, the bitcoin is lost forever. See this CCC video about bitcoin loss, deflation, and why that's a bad thing. https://www.youtube.com/watch?feature=player_detailpage&v=-FaQNPCqG58#t=1137s As cool as bitcoin is, it has serious problems which will keep it from being used in day to day life. Hyped Example: http://www.newstatesman.com/economics/2013/04/bitcoin-hyperdeflation

    The idea behind this malware is kind of neat though. It's not stealing log in credentials, so it doesn't need to do browser interception and then have the hacker physically dealing with banks. It doesn't preform ddos attacks or send spam, so it doesn't use any network resources except for talking to the command and control server. If it's written correctly, it should run at low priority with a small memory footprint. It might be using 100% CPU, but on a desktop machine, the user would probably never even know its there.

    --
    So lets pretend that we've just completed writing this code, as opposed to having just completed sabotaging it -Altera
  2. CPU Bitcoin Mining still makes sense for Botnets by mathimus1863 · · Score: 5, Interesting

    To the people that are saying it's not worth it for malware or botnets to mine coins with CPUs... a single CPU does about 4 MH/s. If 250,000 computers all over the world are affected, that's 1 TH/s, which is about 67 BTC/day at the current difficulty. About $1,000/day, or $30,000/month. Scale appropriately for how many computers are affected.

    Yes, it's a waste of time and electricity for an individual to mine Bitcoins with their CPU, but if you have access to 100,000+ machines doing it, and you're not paying for the electricity, it's obviously worth it.