BitCoin Harvesting Trojan, Detected

The recent craze on the Internet for the virtual currency BitCoin isn’t only among people who imagine they can make money from nowhere but also among online crooks who typically seek for grabbing anything that comes relatively easy. SecureList published this on June 28, 2011.

Described as one fresh P2P virtual currency in the nature of cash, BitCoin can be straight away swapped without users requiring a payment processing system or an apex bank. And since privacy advocates, drug dealers, fraudsters and hackers have an increased anonymity they’ve fast embraced BitCoin.

Notably, people who harvest BitCoin create special PCs having many video cards that aid in the harvesting; however, this isn’t necessary for hackers who already operate botnets bearing massive computing power.

Recently, on June 28, 2011, security analysts at Kaspersky Lab identified one fresh malware called Trojan.NSIS.Miner.a, which proliferated within Russia’s cyber-space. The Trojan had dual elements – bcm.exe which was a legitimate BitCoin Miner file, and malevolent software, which loaded ‘bcm’ even as the end-user remained unaware and which was incorporated into the infected system’s autorun registry. Consequently, the contaminated PC produced bitcoins that the Trojan’s owner collected. But certainly, the source code of the Trojan showed the server’s Internet Protocol address, which hosted the crook’s account.

A message appeared on the user’s system that say told him that his account was utilizing many IPs as also was suspected of being a botnet; therefore the account had been tentatively blocked. But incase the user thought it to be a mistake, he should contact the relevant system, the message added. So even prior to the accountholder beginning to reap the wealth, the automated mechanism doubted of something; as a result, his account got tentatively deactivated.

Here, the Trojan’s owner belonged to an apparent mining pool, wherein BitCoin harvesters worked jointly for the virtual wealth that was divided as per the total amount of computing power each harvester provided. Luckily, the so-called mining pool followed one rule against employing malicious bots as well as fast deactivated the cyber criminal’s account. Nevertheless, similar malicious programs may emerge later for exploiting pool systems that mightn’t be so advanced.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: