Malware taking a bit(coin) more than we bargained for
Amir Fouda Microsoft
download slides (PDF)
Social and technological change often creates new opportunities for positive change. Unfortunately, it also means more
opportunities for crime. So, when a new system of currency gains acceptance and widespread adoption in a computer-mediated
population, it is only a matter of time before malware authors attempt to exploit it. As of half way through 2011, we
started seeing another means of financial profiteering being perpetrated by the malware authors; they started targeting
Bitcoin mining and stealing functionality has been discovered in a number of the most notable and prevalent malware families,
including Alureon, Sirefef and Kelihos. Notably, Bitcoin being open-sourced software means that Windows users are not the
only target. Cross-platform attacks have already been seen, with OS X threats such as MacOS_X/DevilRobber.A emerging on
the scene in October 2011.
The very nature of the way Bitcoin operates also has telling implications. Bitcoin mining is a legitimate part of the
system, allowing Bitcoin clients to compete with other clients in performing complex calculations using the computer's
processing power, aiding in the flow of transfers and thus generating Bitcoins for the winning miner. The potential for
botmasters is clear: the more computers and resources they can control in this distributed computing technique, the more
they are likely to profit.
This paper examines the various malware families that target this currency, provides an analysis of how these families
target Bitcoins, and details the methods they use to steal and mine this increasingly popular digital currency. This paper
will also give an insight into how malware authors and cybercriminals may exploit the Bitcoin system for their own
financial gain, and details what the future holds for this form of exploitation.