Bitcoin Mining Botnet Found with DDoS Capabilities

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,379
Trend Micro said:
Trend Micro recently came across a botnet that turns an infected system into an involuntary Bitcoin miner. BKDR_BTMINE.MNR installs the mining software onto affected systems. It uses the system’s resources to solve Bitcoin blocks in order to generate more Bitcoins.

A Bitcoin “block” is a complex cryptographic problem. Solving a block pays out 50 Bitcoins and blocks are created every time a Bitcoin transaction is made. The process of solving these blocks is called “mining”. The only way to solve a block is by brute-forcing, which eats up system resources. To speed up the computation of a block, mining pools are created. The equation is split up into pieces and is solved by multiple systems. The incentive is based on how much a miner contributes to the solution.

Here, BKDR_BTMINE.MNR installs three different mining software and runs whatever the system’s processing speed can allow. To help speed up the processing, the malware downloads necessary drivers for the GPU and CPU of the affected system. If blocks are solved, attackers gain ownership of the generated Bitcoins.

We also found another malware detected as BKDR_BTMINE.DDOS, which is a component of BKDR_BTMINE.MNR. BKDR_BTMINE.DDOS can perform distributed denial of service (DDoS) attacks on targeted entities. The malware can also obtain a list of targeted websites from remote sites. The DDoS component may be used to attack competing Bitcoin miners and limit their processing power. The malware also tries to communicate with a long list of IP addresses. A list of more than 2,000 IP addresses is hardcoded in the malware and is constantly updated upon execution.

Read more...
 
I

illumination

Jack said:
We also found another malware detected as BKDR_BTMINE.DDOS, which is a component of BKDR_BTMINE.MNR. BKDR_BTMINE.DDOS can perform distributed denial of service (DDoS) attacks on targeted entities. The malware can also obtain a list of targeted websites from remote sites. The DDoS component may be used to attack competing Bitcoin miners and limit their processing power. The malware also tries to communicate with a long list of IP addresses. A list of more than 2,000 IP addresses is hardcoded in the malware and is constantly updated upon execution.

That is a nasty sophisticated little piece of malware!
 
D

Deleted member 178

malwares now becomes more and more sophisticated... should i say "pieces of art" ? :D
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top