Bitcoin plus malware
Abstract Introduction What is Bitcoin? How does it work? Social and technological change often creates new opportunities for positive change. Unfortunately, it also means more opportunities for crime. So, when a new system of currency gains acceptance and widespread adoption in a computer-mediated population, it is only a matter of time before malware authors attempt to exploit it.
As of halfway throughwe started seeing another bitcoin plus malware of financial profiteering being perpetrated by the malware authors; they started bitcoin plus malware Bitcoin.
Bitcoin-mining and -stealing functionality has been discovered in a number of the most notable and prevalent malware families, including Alureon, Sirefef and Kelihos. Notably, Bitcoin being open-source software means that Windows users are bitcoin plus malware the only target. A emerging on the scene in October The very nature of the way Bitcoin operates also has implications. Bitcoin mining is a legitimate bitcoin plus malware of the system, allowing Bitcoin clients to compete with other clients in performing complex calculations using the computer's processing power, aiding in the flow of transfers and thus generating bitcoins for the winning miner.
The potential for botmasters is clear: This paper examines the various malware families that target this currency, provides an analysis of how these families target bitcoins, and details the methods they use to steal and mine this increasingly popular digital currency. The paper will also give an insight into how malware authors and cybercriminals may exploit the Bitcoin system for their own financial gain, and details what the future holds for this form of exploitation.
Distributed or grid computing — a term used to describe multiple autonomous computer systems working together for a common cause — is not a new concept, and is a method used to solve usually quite complex problems or tasks that require extensive processing power.
The use of distributed systems is vast and traverses bitcoin plus malware fields, with many projects in existence that utilize this method. Of the many projects, there are those that any computer user can partake in; simply by installing client software on their system, they willingly volunteer their computer's processing power to help contribute to a particular cause. The Great Internet Mersenne Prime Search, also known as GIMPS [ 1 ], is an example of the first voluntary distributed computing project, in which participating computers contributed towards finding Mersenne prime numbers in the field of mathematics.
It was launched in SETI home [ 2 bitcoin plus malware is another well-known project, launched bitcoin plus malware Maythat utilizes the collective processing power of volunteered computers to analyse radio signals and help in the search for extraterrestrial life.
Leaping ahead ten years from the launch of SETI home, January saw the launch of an experimental decentralized virtual currency called Bitcoinwhich relies on computers connected through a peer-to-peer P2P network to work together in the creation and transfer of this currency throughout the network.
Bitcoin has gained popularity amongst computer users since its launch, appealing to many due to its non-reliance on a central authority to issue currency and track transactions, as well as its reward system, which encourages computer users to volunteer their computing power to aid in generating bitcoin plus malware and validating transactions. And it's exactly these features that have encouraged the adoption of Bitcoin by the dark forces of the online world as well, with cybercriminals and malware authors taking a keen interest in this new technology.
But before we delve into the agglomeration of nefarious activities surrounding Bitcoinwe need to have a bitcoin plus malware overview of what bitcoins are and how the Bitcoin system works.
Founded by Satoshi Nakamoto, Bitcoin bitcoin plus malware launched to the public on 11 Januaryand was described by its inventor on the cryptography mailing list where it was first announced as a 'new electronic cash system that uses a P2P network to prevent double-spending' [ 3 ]. The Bitcoin wiki site [ 4 ], which contains almost everything there is to know about the system, describes it as being 'designed around the idea of using cryptography to control the creation and transfer of money, rather than relying on central authorities.
The term ' Bitcoin ' upper case 'B' can be used to describe the system as a whole, as well as the software used by the system, while ' bitcoin ' lower case 'b' is the virtual currency that is created by this system.
A 'bitcoin' unit of currency is represented as a 'BTC' and can be traded for real-world currency through various exchanges. The Bitcoin client software that is run on computers bitcoin plus malware the P2P network is open source, as well as the bitcoin-mining software that exists to support the system. The premise behind Bitcoin is that users bitcoin plus malware the system can transfer bitcoins to each other without the need of a central authority, such as a financial bitcoin plus malware, to validate transactions and monitor double-spending.
This validation is instead performed by nodes participating in the Bitcoin P2P network, as by design, all transactions are broadcast to the network. Once a user installs a Bitcoin client on their machine, they can transfer bitcoins directly to another Bitcoin user. A Bitcoin address is 34 characters long and is newly generated by most Bitcoin clients each time a transaction occurs, so one user can have numerous addresses.
Bitcoin uses a public key cryptography system for transactions between users. Each Bitcoin user has a pair of public and private keys bitcoin plus malware is stored in a special file on their system bitcoin plus malware a Bitcoin wallet. So, up until this point, the transfer amount, one BTC, has still not been transferred to BY as it needs to be verified and permanently recorded in bitcoin plus malware network before it can be spent.
What happens next is the distributed computing aspect of the Bitcoin system:. The block chain, which is a record of all transactions that occurred in the system since the very first one initiated by Nakamoto — called the genesis block — is downloaded to bitcoin plus malware Bitcoin client's machine, to the client's Bitcoin data directory with the file name 'blk So once a transaction is accepted into the block chain it is visible to all in the network and is irreversible.
Because the transaction is in the block chain, redoing it would mean all miner nodes would have to redo its associated block, as well as all blocks that follow it, since each accepted block contains a hash of the previous one. Hence, this is the Bitcoin system's solution to the problem of double-spending.
But as mentioned by Nakamoto [ 6 ], as long as honest miner nodes have the majority of CPU power in the network, 'an attacker would have to redo the proof-of-work of the block and all blocks after it and then catch up with and surpass the work of the honest nodes. The Bitcoin wallet contains a public and private key pair, as mentioned previously, as well as an address created each time a transaction occurs.
Because a new address is bitcoin plus malware for each transaction, the wallet can contain many addresses and key pairs. So, a Bitcoin user having X number of bitcoins in their wallet really means they have in their wallet one or many Bitcoin addresses, and a corresponding private key that is needed to resend the bitcoins sent to that address.
This also means that anyone can spend bitcoin plus malware bitcoins sent to the Bitcoin user's address if they have access to their address and its corresponding private key. This is why the Bitcoin wallet file is a popular target for malware.
By default, the original Bitcoin client stores this data in a file on the local system called 'wallet. The location of this file is saved in the Bitcoin data directory, along with other data files used by the client.
Bitcoin plus malware on the OS, the default locations for the wallet. Default locations of the wallet. Note that Bitcoin users can also store their wallet data via other means, such as through websites that store their Bitcoin wallet by sending their bitcoins to a Bitcoin address generated by the website for instance instead of keeping their wallet data on their machine.
As previously mentioned, the role of the miner nodes connected to the Bitcoin network is to solve a computationally difficult problem tied with transactions before they are accepted into the block chain.
This computational problem is in fact a bit value, which in Bitcoin terminology is called the target for a block. The miner's task is to iteratively bitcoin plus malware the SHA cryptographic hash of data in the block's header data, which includes a four-byte value called a nonce that is incremented every time a hash is generated by bitcoin plus malware miner.
The aim of this iterative process is to generate a SHA hash value that is lower than the target value. Once this hash is generated by the miner, the block is broadcast to other miner nodes where they verify that the calculated SHA is in fact lower than the target, adding it to the block chain if it is so.
This process of a miner generating hashes to validate a block takes time and expends CPU effort, which comes at a cost, i. To provide incentive to those willing to volunteer their computers for this task, the network awards bitcoins 50 BTCs at the time of writing to the account of the miner that generated the correct hash to validate a block. This is why they are referred bitcoin plus malware as 'miners', since this is bitcoin plus malware way in which bitcoins come into virtual existence.
Additionally, the number of bitcoins created through this mining process bitcoin plus malware in fact controlled bitcoin plus malware the system. The difficulty [ 7 ] of the target that is set for each bitcoin plus malware being worked on is adjusted collectively by the network every 2, blocks so that, on average, six blocks are solved per hour. This difficulty can increase or decrease, depending on how quickly the last 2, blocks were generated by the miners. If the network finds that miner nodes generated the blocks too quickly, the difficulty is increased, 'to compensate for increasing hardware speed and varying interest in running nodes over time', as Nakamoto explained in his paper.
Also, the reward of 50 BTC given to the successful miner node will change over time; reducing by half every four years or approximatelyblocks to be exact, so that by approximately the Bitcoin system will stop generating bitcoins. After this point, transactions will still need to be verified, but a miner that solves a block will only be rewarded with bitcoins if the block contains transaction fees specified by transferors from their own wallets.
Nakamoto set it up this way to control the bitcoin plus malware currency generated in the network, so that by no more than 21 million bitcoins in total will be in circulation.
At the time of writing,[ 8 ] blocks have been solved, meaning approximately 9. The real-world value bitcoin plus malware a bitcoin BTC has fluctuated since the system's bitcoin plus malware, influenced by supply and demand, its increasing popularity over the years, attention from the media and criminal elements, as well as a number of security incidents. As mentioned previously, bitcoins can be exchanged for real-world currencies, and a number of Bitcoin exchange websites exist that facilitate these exchanges.
The first one established was the Bitcoin Market [ 9 ] on 6 Februaryand over the years more exchanges have surfaced, with the Bitcoin wiki [ 10 ] listing about 66 exchanges.
The value bitcoin plus malware the bitcoin currency can vary depending on the exchange used, bitcoin plus malware the most widely used exchange, Mt. Gox [ 11 ], provides a good indication of its bitcoin plus malware since the exchange was launched on 18 July As we shall see later, only a week after this peak, we saw the first trojan in the bitcoin plus malware targeting Bitcoin users.
Bitcoin users that choose to mine for bitcoins must run special mining software on their systems to accomplish this task. Due to the brute force needed to generate hashes, mining software requires extensive processing power to aid in its calculations, using the system's CPU, GPU or FPGA to help increase the hash rate.
Basically, bitcoin miners communicate with a Bitcoin client configured as a server, which in turn interacts with the Bitcoin network to retrieve blocks to work on.
The miner retrieves work i. Upon successfully solving a block, the Bitcoin network would then assign a special transaction contained in each block called a coinbase transactionwhich bitcoin plus malware the reward, to the address of the Bitcoin bitcoin plus malware. Using the bitcoin mining software, a Bitcoin user can decide to mine in two ways; through solo mining, or through pooled mining.
The bitcoin miner, which bitcoin plus malware run on the local machine or a remote one, is then configured to send getwork bitcoin plus malware to the server.
To throw more muscle at the hash calculations, many Bitcoin users also set up mining rigs with high specification systems dedicated bitcoin plus malware mining.
Pooled mining differs from solo mining in that bitcoin miners send getwork requests, this time to a remote server — called a mining pool server — configured to allocate work to many miners connected to the pool, sharing the bitcoin reward among those who contributed to solving a block. The pool server requires miners to create an account and most charge a fee a percentage of the rewarded BTCs for their service.
Due to the increase in miner nodes and thus the increase in difficulty of solving blocks, many find that, depending on their processing power, it can take anything from days to years if bitcoin plus malware to solve a block while solo mining. This is why pooled mining is popular, since a pool's combined processing power means blocks are hashed and solved at a bitcoin plus malware rate, and participants receive a steady stream of bitcoins for their contribution.
There are many mining pool servers online, and as we shall see later, use of these mining pools is common among malware writers. Installing mining software on a system is not the only way of mining for bitcoins. By creating an account with the site, the user can:.
As we shall see in the following sections, this service has bitcoin plus malware been abused bitcoin plus malware malware bitcoin plus malware and those with less-than-honourable intentions. The way in which the whole Bitcoin system bitcoin plus malware has appeal to computer users and the general population. Advocates of the Bitcoin system list numerous advantages to using it, including:. Such advantages, as well as media attention, have seen an increase in bitcoin plus malware number of Bitcoin users.
For example, a post made on the popular Slashdot forum [ 14 ] on 11 July about the release of Bitcoin v0. But the fact that many businesses, including online stores and retailers, are now accepting bitcoins also plays a factor in its increased usage.
Some online retailers, providing bitcoin plus malware such as clothing, home accessories, electronics, books, music, consumables, the list goes on, see bitcoins as a legitimate payment method.
So the rising interest from media and business, and increasing trust in the Bitcoin system has seen it become a legitimate currency that has a multitude of supporters behind it. These supporters, however, are not always backing the system for honest reasons. Abuse of the Bitcoin system can come in many different flavours, ranging from individuals over-zealous in their bitcoin-mining endeavours, to security breaches resulting in the loss of thousands of bitcoins, and criminal elements using the currency to fund their underground activities.