• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Botnets   »   Bitcoin Mining Botnet Found with DDoS Capabilities

Bitcoin Mining Botnet Found with DDoS Capabilities

  • Posted on:September 4, 2011 at 1:56 am
  • Posted in:Botnets, Malware
  • Author:
    Karl Dominguez (Threat Response Engineer)
4

Trend Micro recently came across a botnet that turns an infected system into an involuntary Bitcoin miner. Bitcoin is a digital currency that uses peer-to-peer (P2P) networks to track and verify transactions. Bitcoins are generated by a free Bitcoin miner application.

The malware, detected as BKDR_BTMINE.MNR, installs the mining software in systems. It uses the system’s resources to solve Bitcoin blocks in order to generate more Bitcoins.

A Bitcoin “block” is a complex cryptographic problem. Solving a block currently pays out 50 Bitcoins and blocks are created every time a Bitcoin transaction is made. The process of solving these blocks is called “mining.” The only way to solve a block is by brute forcing, which eats up system resources. To speed up the computation of a block, mining pools are created. The equation is split up into pieces and is solved by multiple systems. The incentive is based on how much a miner contributes to the solution.

Here, BKDR_BTMINE.MNR installs three different mining software that run whatever the system’s processing speed allows. To help speed up processing, the malware downloads necessary drivers for the infected system’s GPU and CPU. If blocks are solved, attackers gain ownership of the generated Bitcoins.

We also found another malware detected as BKDR_BTMINE.DDOS, which is a component of BKDR_BTMINE.MNR. BKDR_BTMINE.DDOS can perform distributed denial of service (DDoS) attacks on targeted entities. The malware can also obtain a list of targeted websites from remote sites. The DDoS component may be used to attack competing Bitcoin miners and can limit their processing power. The malware also tries to communicate with a long list of IP addresses. A list of more than 2,000 IP addresses is hardcoded in the malware and is constantly updated upon execution.

Right now, Bitcoins are worth more than US$8 each. With the value of Bitcoins constantly rising, the number of malware related to Bitcoin mining will inevitably increase as well. Because Bitcoins make use of P2P sharing, the charges incurred are a lot lower compared with transferring money through banks or clearinghouses. In addition, Bitcoin transactions are anonymous and can be used anywhere without limits. Bitcoin usage is gaining popularity in Web transactions because of these advantages, which also raise some security issues. To stay safe, encrypt all wallets as soon as you leave your system. Use a strong, unique password for wallet encryption.

Trend Micro protects product users from this attack via the Smart Protection Network by blocking all related files and URLs.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: bitcoinBotnetsddos capabilitiesMalwaremining

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.