Related Links

  • Symantec
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • A dummie's guide to botnet rentals
    Botnets – swarms of infected PCs controlled by a command-and-control server(s) – are becoming big business for cybercriminals and now security researcher Brian Krebs has detailed how crimeware professionals are now renting out sub-swarms for cash.
  • Cutwail botnet generated 1.7 trillion spam messages
    Research on the Cutwail botnet by US and German academics claims to show that the swarm of infected users generated 1.7 trillion spam messages during its 15 month campaign.
  • Trusteer reports US and Russia now primary sources of Zeus servers
    Trusteer says that its research into the Zeus malware and botnet command and control (C&C) servers that control the swarms of infected internet users shows Russian and US top level domains are now the main home of C&C infestations.
  • $2m-a-year Koobface network downed after concerted international effort
    The command and control servers for a Koobface botnet swarm, which reportedly raked in $2 million a year for its operators, were closed down late Friday UK time, following a concerted effort by industry experts and law enforcement officials on both sides of the Atlantic.
  • Australian hacker pleads guilty to trojan that created 74 000 PC banking botnet swarm
    An Australian man has pleaded guilty to what appears to be Australia's first case of a bank trojan author/distributor being brought to book. The man – Anthony Harrison – has reportedly pleaded guilty to charges that he created a trojan that lifted banking credentials from around 3000 PCs, as well as creating a major botnet swarm.

Top 5 Stories


Researcher discovers distributed bitcoin cracking trojan malware

19 August 2011

A Symantec security researcher is reporting the discovery of a trojan that infects and adds users' computers to a processing swarm designed to brute force decrypt the bitcoin electronic currency system, generating as much as $150.00 per infected computer every month.

According to Poul Jensen, whilst distributed hacker networks that decrypt the bitcoin algorithms in the background on the infected computers that make up the swarm have been seen before, this trojan – Trojan.Badminer – harnesses a far larger number of computational cycles on the host machine, even adapting to the presence of a graphics card, to accelerate the decryption process.

“In terms of how bitcoins are being targeted by malware, we''ve seen past attempts by Trojan.Cointbitminer to mine bitcoins on compromised computers, using up precious CPU cycles in the process. We've even seen other malware groups take a more direct and perhaps easier route by stealing bitcoins instead”, he says in his latest security posting.

Badminer, on the other hand, he adds, contains processing functionality to deal with all eventualities, detecting the type of computer that it is running on and activating the appropriate machinery to dig through the hashes to reach the hidden treasures.

“If it determines the computer has a high-spec graphics card with a fast enough graphics processing unit (GPU), it uses the appropriate packages to leverage the immense processing power of the GPU to literally move through the mountains of hashes to reach the valuable bitcoins”, he explained, adding that is a low-specification PC is encountered, the malware will deploy the basic bitcoin mining tools, which will result in much slower throughput.

To perform the mining functions, the trojan contains both the RPC miner and Phoenix miner programs, with the latter enabled to take advantage of the extra power of the GPU for bitcoin mining. The difference in throughput can be compared, says Jensen, with traditional tunnel-based mining, versus blowing a hole in the side of a mountain and picking up the minerals after.

The Symantec researcher goes on to say that, since bitcoins are a virtual currency, they are only accepted by a limited number of outlets. To realise its true purchasing power you need to sell the coins in exchange for a hard currency.

The exchange rate, he observes, fluctuates but the current US dollar-to-bitcoin rate at the time of writing is $11.44 per bitcoin. Previously, bitcoins were changing hands at a rate of around $20.00 each, but they have now almost halved in price to their current level.

“To work out a possible return on investment for the mining effort, you also need to consider the difficulty factor. This value gives an idea of how difficult it currently is to solve the hashing problem and find the bitcoins. At the time of writing the difficulty factor is 1,690,906.20472”, he says.

“Based on these numbers, we can arrive at an earnings potential for some of the graphics cards that we have previously detailed. An AMD Radeon 6750 card is reportedly capable of 167.5 Mhash/s whereas a higher-end card like the AMD Radeon 6990 is capable of 758.82 Mhash/s”, he adds.

In an ideal situation, Jensen says that cybercriminals could expect to uncover 13.71 bitcoins with the high-end graphics card example, which in turn would be worth $156.84 per month.

“Not a huge amount of money in isolation, but when combined with hundreds or thousands of other compromised computers, all generating a few bitcoins each, the numbers begin to add up,” he notes.

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security



Anon says:

19 August 2011
"brute force decrypt the bitcoin electronic currency system"? Seriously?

Nothing is decrypted, you're hashing a block which verifies people's transactions, which proves you're doing useful work for the banking system.

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×