Malware taking a bit(coin) more than we bargained for

Amir Fouda Microsoft

Social and technological change often creates new opportunities for positive change. Unfortunately, it also means more opportunities for crime. So, when a new system of currency gains acceptance and widespread adoption in a computer-mediated population, it is only a matter of time before malware authors attempt to exploit it. As of half way through 2011, we started seeing another means of financial profiteering being perpetrated by the malware authors; they started targeting Bitcoins.

Bitcoin mining and stealing functionality has been discovered in a number of the most notable and prevalent malware families, including Alureon, Sirefef and Kelihos. Notably, Bitcoin being open-sourced software means that Windows users are not the only target. Cross-platform attacks have already been seen, with OS X threats such as MacOS_X/DevilRobber.A emerging on the scene in October 2011.

The very nature of the way Bitcoin operates also has telling implications. Bitcoin mining is a legitimate part of the system, allowing Bitcoin clients to compete with other clients in performing complex calculations using the computer's processing power, aiding in the flow of transfers and thus generating Bitcoins for the winning miner. The potential for botmasters is clear: the more computers and resources they can control in this distributed computing technique, the more they are likely to profit.

This paper examines the various malware families that target this currency, provides an analysis of how these families target Bitcoins, and details the methods they use to steal and mine this increasingly popular digital currency. This paper will also give an insight into how malware authors and cybercriminals may exploit the Bitcoin system for their own financial gain, and details what the future holds for this form of exploitation.

 del.icio.us  digg this! digg this

Quick Links

Poll
Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 24 comments

Jobs Recruit Sidebar

VB2014
VB2014 VB2014 will take place 24 - 26 September 2014 at the Westin Seattle hotel, Seattle, WA, USA.

Virus Bulletin currently has 231,350 registered users.