Feeds

back to article New malware ferrets out and steals Bitcoins

You know your virtual currency has hit the big leagues when criminals develop trojans that infect computers for the sole purpose of stealing it. Bitcoin, the open-source project launched two years ago, reached that turning point Thursday. That's when researchers from Symantec discovered Infostealer.Coinbit, a piece of Windows …

COMMENTS

This topic is closed for new posts.
Boffin

Encrypting the wallet

"If you use Bitcoins, you have the option to encrypt your wallet" - that's a bit misleading. The present version of the officieal Bitcoin client does not have the option to encrypt the wallet. Silly, isn't it? For a developer of a crypto currency to keep the wallet unencrypted... All you can do is create an encrypted disk partition and tell the software to keep the wallet file there - which is rather inconvenient.

BTW, how do you call a pickpocket who steals your Bitcoin wallet? A "bitpocket"?

3
1
Silver badge

Nah.

A pickpacket.

6
0
Coat

Sticky note

Just wrote the password on a sticky note and put it on the side of the monitor. Trojan can't read that!

4
0
Joke

Re: Sticky note

Do you have a decent resolution webcam? And a mirror in your room somewhere convenient?

2
0
Pint

Finally a non-sensationalist article.

Thank you theregister, for not using this to bash the currency, and instead realizing that this is a problem that all online payment processors have to deal with.

1
2
Silver badge

Not quite

Online payment processors have to guard against fraudulent transactions being entered and passwords being pilfered, because whatever customer account value they "possess" are numbers in a database. Making off with that database file wouldn't alter the customer account value. It would be a bloody nuisance though, blocking access, resetting passwords and informing customers. And for individual accounts being defrauded there supposedly are transaction logs and procedures to dispute those transactions.

A bitcoin wallet resides on some personal computer, and if it is copied (and the password broken) then whoever has the wallet now has the "monetary" value, FWIW. Just like money in an old sock under your mattress, only a bit harder getting the actual money out of the sock, but easier for someone in Outer Elbonia to access the sock provided they've got an internet connection. And we all know how easy it is to lift files from end-user computers.

4
0
Silver badge

Finally

But the currency does deserve to be bashed. Anyone investing at this stage will become a Mark in a Ponzi scheme. Even if the original intention was altruistic.

10
4
Mushroom

Bitcoin software is malware anyway

In what sense is software which destablilises the Bitcoin "economy" malware, if the concept of Bitcoin itself is malware ? Generating Bitcoins wastes electricity generating C02 which properly accounted currencies based upon issuer commitment (i.e. 97% or more of conventional money and LETS) do not require. If the Bitcoin design is a Ponzi from the start and has little purpose other than to transfer resources from con victims to drug dealers, the botnet herders who mine bitcoins and financial scammers it's a bit difficult to argue that stealing them is malware when the software which generates, stores and transacts them is malware from any sane perspective. Losers who get their precious Bitcoins stolen deserve no sympathy.

If the sooner this house of cards resolves to its lowest energy state the better, then the so called malware which helps that to occur sooner isn't the malware in question.

0
0
Black Helicopters

Ponzi currency schemes

@Mage: Anyone investing at this stage will become a Mark in a Ponzi scheme.

Methinks the Chinese are probably feeling the same way about their US dollar holdings right now.

1
0
Headmaster

"develop trojans that infect computers for the sole purpose of stealing it"

Hm... "tweak" seems more appropriate than "develop" here.

1
0
Anonymous Coward

can you copy your coins?

Never heard of bitcoins before this so I only know what I have read here.

My question is if you copy the disk partition containing your bitcoins and then spend them, can you just restore the partition to get them back again?

0
0
Silver badge

No you can't

You can't do that, because everyone else in the network will have recorded your coins as being spent. If you were able to do this, you could spend the coins legitimately and restore a back-up to spend them again.

0
0
FAIL

no

No, the currency itself is not stored on your computer, its in the blockchain which is constantly being updated by all peers in the network.

0
0
Trollface

Yes you can copy bitcoins

If you are a botnet herder with a large enough botnet then you can vote whatever you like in bitcoin as the next valid transaction block. If you have more than 50% of the votes based upon 1 CPU cycle == 1 vote you win. Other possible manipulators would include Google and Facebook, but I don't think they care enough for these turds to want the bad reputation.

1
0
Silver badge

Discovered!

"...researchers from Symantec discovered Infostealer.Coinbit..."

With a name like that you have to wonder why suspicions weren't raised earlier ;-)

4
0

Malware names...

...are not assigned by malware authors. The white hats do not necessarily know or use the names the black hats give their creations. "Infostealer.Coinbit" will be the name that Symantec gave this malware once they discovered and analysed it, having noticed its similarity to other "infostealer" programs, and its individual feature.

The days when a virus could be called "Jerusalem" because that was where it was first found, or "Michelangelo" because the trigger date was Michelangelo's birthday, are gone. Like the plant or animal world, a more systematic naming convention has had to be developed. Hopefully all the white hats are adopting the same names as each other by now. They did not always agree on taxonomy, but they, not the malware authors, always assigned the names.

1
0
Bronze badge

Re: names...

It's probably a good thing those days are gone, actually. I remember hearing stories about the reasons for some of those old names, from one of the guys involved in assigning them. Childish doesn't begin to describe it.

0
0
Silver badge
Black Helicopters

No surprises

The trojan was probably built in a joint venture between the IRS, the Fed and DHS as a way to try getting people to avoid the technology until they figure out how they can tax and track all the money that goes through the system.

1
0
Anonymous Coward

Western governements definitely don't

want this taking off. Especially not after spending all that money destroying governments in North Africa that were moving their economies to a Gold backed currency.

0
0
Silver badge

Re; No Surprises

I'd be mildly surprised if this were put together by the Fed, IRS or DHS. They have the means and the motive, but I doubt they've got their act together yet. If it were the government behind this, then it's an own goal because my previous opinion of BitCoins as an academic exercise has been revised in the wake of finding some criminals actually consider them worth stealing. Maybe BitCoin has a future after all!

When the government comes down on this, I doubt it will be with a virus. More like a big hammer in view of everyone who dared to think of trespassing on one of governments two and a half basic monopolies (force, money and propaganda).

0
0
WTF?

Infostealer.Coinbit?

OK, I realize this has no importance whatsoever, but why .Coinbit? It's called .Bitcoin!

0
0

The level of idiocy out there is monumental

Even on so called geek sites, I quote one here called Geekosystemn

"but if someone is clever enough to steal a Bitcoin wallet, chances are they are clever enough to break an encrypted wallet open."

To equate the stealing of data to the decryption of said data? Ignorance reigns supreme.

3
0
Silver badge
Trollface

Somebody is ripping of the tax evaders' wet dream?

The tears are streaming down my cheeks as I type this, I cannot tell you how upset I am.

2
2
Silver badge
FAIL

Looking at your posts

I'm sure I could be forgiven for thinking you're a tax office shill or working for MasterCard or PayPal or something. What's your interest in all this? Why are you so opposed to people having a means to trade that can't be tracked? Why is it so important to you that only methods of transactions that can be monitored should be allowed to exist? Surely it can't just be that you have nothing to hide so you have nothing to fear? Because if you do, then may I point you in the direction of the Daily Mail forums, because your moronic comments are neither needed, welcome, or even effective here.

0
0
Stop

theoretically generate $97,000 per month

I was under the impression that the production rate of bitcoins is limited and that contributing hardware to the process doesn't guarantee bitcoins, only the *chance* of mining them. Plus they are only worth what people are paying for them, flood the market and devalue your product...

0
0
Anonymous Coward

Furthermore...

the power bill for 100,000 machines is probably around $4m per month, so only a good return on investment for a botherder, unless caught. Not only may they be done for running a botnet and hacking, but they would be demonstrably culpable for the theft of electricity, as number crunching draws considerably more power than in average use...

0
0
FAIL

and why would they care

they are getting it for free with their bot. Why would they care if they get less.

0
0
Bronze badge

Beenz - fellow was just on BBC radio talking about a previous online currency.

Charles Cohen, mentioned here

http://en.wikipedia.org/wiki/Beenz.com

and here

http://www.theregister.co.uk/2001/08/16/beenz_is_dead_official/

appeared in the panel of businesspeople on BBC radio (and TV) "The Bottom Line" i.e.

http://www.bbc.co.uk/programmes/b011vhdm

"Charles Cohen, chief executive of mobile gambling company Probability plc...... Evan Davis also asks his guests to reveal their greatest business regrets." In the case of Beenz, it's not stopping sooner.

Also present: "Will Butler-Adams, managing director of folding bicycle manufacturer Brompton Bicycle", who mentioned that they're going to make an electric one. Well, probably not just one, there may be twenty or thirty people who would buy that. I'm joking. Any Brompton fans in?

0
0
Silver badge
Thumb Up

It's thanks to Beenz

that I now assume any site whose domain name ends in "z" where it would normally be a plural "s" is a scam or a malware bomber - warez, beenz, lockerz, starz... the list goes on. It's a simple rule of thumb that's stood me in good stead so far - if the domain name ends in a plural z, it's a ripoff or malware.

(inb4 any Douglas Adams sector coordinate references :))

0
0

Put it on a USB Drive

If you have a bitcoin wallet, put the files on a USB drive, and keep the drive unplugged except when actually transferring funds. Keeping the wallet and bitcoin program on your main PC is somewhat like staying logged into your online bank account continuously - a bad idea.

1
0
Linux

but a trojan could just lie in wait

and steal them as soon as they become visible, before the victim has a chance to use them.

Better to boot from a verified Live CD or ramstick knowing that it really is a clean and virgin system, add a password to the live user, then mount the USB drive and do your stuff.

0
0
Meh

Bitcoin mining doesnt work like that.

If a botnet started to mine, the difficulty of generating a bitcoin hash would simply increase.

See http://bitcoin.sipa.be/ for the history on how computation in the network has increased along with the difficulty.

0
0
Silver badge
FAIL

Power usage would be a giveaway

Most modern PCs have a variable speed fan. If your PC is infected with malware that quietyly sends out a little spam, you may be none the wiser and it could stay in place for a long time. If your PC is infected with malware that spikes the CPU at 100% so your fan is running at "super loud maximum", you may investigate and eventually (with the help of a more knowledgeable friend if you're a typical end user) discover the malware and eradicate it.

Whether it would be more profitable to grab the 94 cents per machine per month implied by the $94K/month for a 100K machine botnet depends not only on how profitable that is versus other uses like using it for spamming or renting out to others, but also on how quickly those 0wned machines will be fixed and removed from your botnet. The quieter (both literally and figuratively) you can make the operation of your botnet to your "end users", the longer it'll last.

I suspect that other than for those who have very expensive electricity, the extra cost having your PC going full blast for a month versus spending most of its time in some sort of sleep state would not be noticeable. My electricity is about 9 cents/kwh, and my PC (not including monitor) draws 105 watts running full out on all four cores. So that's just under a penny an hour, or perhaps $6 more a month. I'd never notice that.

0
0
Coat

Ferrets?

I like ferrets.

Er, what?

0
0
This topic is closed for new posts.