Pierluigi Paganini
April 15, 2013
As can be imagined and anticipated the soar of Bicoin value has attracted the interest of cybercrime, recently we read of malware authors and botmasters that trying to exploit new and old channels to steal virtual currency or mine it using computational resources of the victims. Security experts from Kaspersky Lab found variant of malware spread via the popular Skype Voip, the intent of criminals was to spread a malware to build a botnet for Bitcoin mining.
The high price of virtual currency has once again made it convenient mining activity in spite of the increased necessary computational complexity, the crime industry has therefore stepped up its activities to find resources to produce at no cost the coin.
Criminals have focused their efforts to the creation of botnets specialized in the execution of Bitcoin miners, recently both malicious architectures such as ZeroAccess and Skynet had this capability, but security experts are convinced that an increasing number of malware will be equipped with mining module.
We said that criminals could steal bitcoins from the victim’s wallet, they could abuse of computational resources for victims but many experts sustain that they also could ride the speculative wave, for example the past events demonstrated that a series of successful attacks against Bitcoin exchange could decrease the trust in the virtual currency schema causing a temporary reduction of Bitcoin value that could be exploited by the cybercrime that could acquire coins at lower prices.
Researcher Claudio Guarnieri at Rapid7 wrote about botnet Skynet and “the influence he might have on virtual currency scheme”, the botmaster recently started launching UDP and SYN flooding DDoS attacks against the Bitcoin exchanges VirWox, BitFloor and Mt. Gox.
Following are DDoS commands issued by the operator in the very last days:
21:59 < suda> !udp 46.4.112.231 53 1000 1100 100 60 22:03 < suda> !udp 46.4.112.231 53 1000 1100 100 180 22:31 < suda> !syn bitfloor.com 443 100 60 03:36 < suda> !syn bitfloor.com 443 100 30 03:44 < suda> !syn bitfloor.com 443 100 5 03:52 < suda> !syn bitfloor.com 443 100 1 04:06 < suda> !syn bitfloor.com 443 1000 1 17:05 < suda> !syn mtgox.com 443 100 10 17:06 < suda> !syn mtgox.com 443 10 5 17:22 < suda> !syn bitfloor.com 443 1000 1
The concept is that cybercrime can influence currency value taking advantage from its fluctuations.
Continuing to discuss about botnet and malicious code, I remind you that Internet is full of news related to malware designed to steal Bitcoin, recently Webroot blog wrote an article on malicious codes attempt to make money on all sorts of digital transactions, the Webroot Threat Research Department has already detected many malicious campaigns targeting BitCoin users, last revelation is on a source code for a BitCoin Jacker that, once deployed, scan machines searching for BitCoin wallet files and soon found it transmits the data back to the attacker.
Singular that author of the software encourages its users to steal BitCoin wallet files and then post them on “public” repositories, the publication of wallet files could allow to third actors to decrypt their content cracking weak passwords (passwords containing words that are in the dictionary or passwords that do not contain a mixture of upper case and lower case letters, numbers and symbols) and monetize the activity
In some cases the same application could be compiled with a keylogger, such as Private Keylogger, to gather the passwords related to a stolen wallet file making them immediately usable.
As suggested by the past the best way to protect wallet files is to use strong encryption passwords and offline storage avoiding that a malware could compromise our system. There are various proposals to secure a digital wallet, one of them is the “hardware wallet”, these and many others are listed in the interesting Wiki page “Securing Your Wallet”.
Criminals are lining up to monetize the opportunity given by the virtual currency scheme, anonymity, theft, monetization and money laundering are all concepts well known to the cybercrime that will not cannot pass up the opportunity
Pierluigi Paganini
(Security Affairs – Bitcoin)
