Bitcoin in the storm and cybercrime try to take advantage of it

April 15, 2013  By Pierluigi Paganini


As can be imagined and anticipated the soar of Bicoin value has attracted the interest of cybercrime, recently we read of malware authors and botmasters that trying to exploit new and old channels to steal virtual currency or mine it using computational resources of the victims. Security experts from Kaspersky Lab found variant of malware spread via the popular Skype Voip, the intent of criminals was to spread a malware to build a botnet for Bitcoin mining.

 

BitcoinPrice

 

The high price of virtual currency has once again made ​​it convenient mining activity in spite of the increased necessary computational complexity, the crime industry has therefore stepped up its activities to find resources to produce at no cost the coin.

Criminals have focused their efforts to the creation of botnets specialized in the execution of Bitcoin miners, recently both malicious architectures such as ZeroAccess and Skynet had this capability, but security experts are convinced that an increasing number of malware will be equipped with mining module.

We said that criminals could steal bitcoins from the victim’s wallet,  they could abuse of computational resources for victims but many experts sustain that they also could ride the speculative wave, for example the past events demonstrated that a series of successful attacks against Bitcoin exchange could decrease the trust in the virtual currency schema causing a temporary reduction of Bitcoin value that could be exploited by the cybercrime that could acquire coins at lower prices.

Researcher Claudio Guarnieri at Rapid7 wrote about botnet Skynet and “the influence he might have on virtual currency scheme”, the botmaster recently started launching UDP and SYN flooding DDoS attacks against the Bitcoin exchanges VirWox, BitFloor and Mt. Gox.

Following are DDoS commands issued by the operator in the very last days:

 21:59 < suda> !udp 46.4.112.231 53 1000 1100 100 60
22:03 < suda> !udp 46.4.112.231 53 1000 1100 100 180
22:31 < suda> !syn bitfloor.com 443 100 60
03:36 < suda> !syn bitfloor.com 443 100 30
03:44 < suda> !syn bitfloor.com 443 100 5
03:52 < suda> !syn bitfloor.com 443 100 1
04:06 < suda> !syn bitfloor.com 443 1000 1
17:05 < suda> !syn mtgox.com 443 100 10
17:06 < suda> !syn mtgox.com 443 10 5
17:22 < suda> !syn bitfloor.com 443 1000 1

 

The concept is that cybercrime can influence currency value taking advantage from its fluctuations.

Continuing to discuss about botnet and malicious code, I remind you that Internet is full of news related to malware designed to steal Bitcoin, recently Webroot blog wrote an article on malicious codes attempt to make money on all sorts of digital transactions, the Webroot Threat Research Department has already detected many malicious campaigns targeting BitCoin users, last revelation is on a source code for a BitCoin Jacker that, once deployed, scan machines searching for BitCoin wallet files and soon found it transmits the data back to the attacker.

Singular that author of the software encourages its users to steal BitCoin wallet files and then post them on  “public” repositories,  the publication of wallet files could allow to third actors to decrypt their content cracking weak passwords (passwords containing words that are in the dictionary or passwords that do not contain a mixture of upper case and lower case letters, numbers and symbols) and monetize the activity

BitcoinJAcker.JPG

In some cases the same application could be compiled with a keylogger, such as Private Keylogger, to gather the passwords related to a stolen wallet file making them immediately usable.

 BitcoinJAcker2.png

As suggested by the past the best way to protect wallet files is to use strong encryption passwords and offline storage avoiding that a malware could compromise our system.  There are various proposals to secure a digital wallet, one of them is the “hardware wallet”, these and many others are listed in the interesting  Wiki page “Securing Your Wallet”.

Criminals are lining up to monetize the opportunity given by the virtual currency scheme, anonymity, theft, monetization and money laundering are all concepts well known to the cybercrime that will not cannot pass up the opportunity

Pierluigi Paganini

(Security Affairs – Bitcoin)

 



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

Wordpress sites under massive brute-force attack

 Any owner of WordPress site is shaking causes of the threat that someone could steal its credentials, everybody would do well...