According to Poul Jensen, whilst distributed hacker networks that decrypt the bitcoin algorithms in the background on the infected computers that make up the swarm have been seen before, this trojan – Trojan.Badminer – harnesses a far larger number of computational cycles on the host machine, even adapting to the presence of a graphics card, to accelerate the decryption process.
“In terms of how bitcoins are being targeted by malware, we''ve seen past attempts by Trojan.Cointbitminer to mine bitcoins on compromised computers, using up precious CPU cycles in the process. We've even seen other malware groups take a more direct and perhaps easier route by stealing bitcoins instead”, he says in his latest security posting.
Badminer, on the other hand, he adds, contains processing functionality to deal with all eventualities, detecting the type of computer that it is running on and activating the appropriate machinery to dig through the hashes to reach the hidden treasures.
“If it determines the computer has a high-spec graphics card with a fast enough graphics processing unit (GPU), it uses the appropriate packages to leverage the immense processing power of the GPU to literally move through the mountains of hashes to reach the valuable bitcoins”, he explained, adding that is a low-specification PC is encountered, the malware will deploy the basic bitcoin mining tools, which will result in much slower throughput.
To perform the mining functions, the trojan contains both the RPC miner and Phoenix miner programs, with the latter enabled to take advantage of the extra power of the GPU for bitcoin mining. The difference in throughput can be compared, says Jensen, with traditional tunnel-based mining, versus blowing a hole in the side of a mountain and picking up the minerals after.
The Symantec researcher goes on to say that, since bitcoins are a virtual currency, they are only accepted by a limited number of outlets. To realise its true purchasing power you need to sell the coins in exchange for a hard currency.
The exchange rate, he observes, fluctuates but the current US dollar-to-bitcoin rate at the time of writing is $11.44 per bitcoin. Previously, bitcoins were changing hands at a rate of around $20.00 each, but they have now almost halved in price to their current level.
“To work out a possible return on investment for the mining effort, you also need to consider the difficulty factor. This value gives an idea of how difficult it currently is to solve the hashing problem and find the bitcoins. At the time of writing the difficulty factor is 1,690,906.20472”, he says.
“Based on these numbers, we can arrive at an earnings potential for some of the graphics cards that we have previously detailed. An AMD Radeon 6750 card is reportedly capable of 167.5 Mhash/s whereas a higher-end card like the AMD Radeon 6990 is capable of 758.82 Mhash/s”, he adds.
In an ideal situation, Jensen says that cybercriminals could expect to uncover 13.71 bitcoins with the high-end graphics card example, which in turn would be worth $156.84 per month.
“Not a huge amount of money in isolation, but when combined with hundreds or thousands of other compromised computers, all generating a few bitcoins each, the numbers begin to add up,” he notes.