back to article Bitcoin-mining malware ENSLAVES computers

Dumb-as-a-post Bitcoin-mining malware has appeared – bringing further proof that the virtual currency's hyperbolic trajectory is attracting the sort of late-to-the-party shady speculator that telegraphs a jarring fall. The malware is currently spreading through a wide-ranging link poisoning campaign being run on Skype, a …

COMMENTS

This topic is closed for new posts.
Silver badge
Devil

> late-to-the-party shady speculator that telegraphs a jarring fall

Isn't that more like a diamond rush into Belgian congo though? "There's stones in those hills, young man, and the locals are .. willing and eager to help."

0
0
Anonymous Coward

Dumb question

Will bitcoin not inflate precisely in line with the amount of processing power assigned to mining?

0
0
Silver badge

Re: Dumb question

I gather that it's designed to get significantly harder to generate a new bitcoin as more are brought into existence, with a theoretical maximum number that could ever exist.

So eventually a new bitcoin will require near-infinite processing power.

Of course, that's assuming nobody finds a flaw in the algorithm or implementation before that happens!

2
0
Silver badge
Thumb Up

Re: Dumb question

@Richard12 - correct, there is a theoretical upper limit on the total amount of bitcoins.

I've read earlier today a comment that a truly bitcoin-based economy could not work because the non-issue of future bitcoins makes them deflationary - as more value is put into bitcoins, each bitcoin rises in value so no-one would ever spend bitcoins since their value is always rising. That is true but it misses the point - bitcoins aren't being used in a trade economy, they are being used as a value store (like gold) that will, at least in theory, keep it's value.

Of course, just like gold and anything else really, the value is whatever anyone else will exchange for them ... but at least, as hinted in the bootnote, no one can inflate away the value of bitcoins by central decree as is UK, US and now Japan did/are doing, nor by a circular route (as the EU is doing through a bcak door since it's disallowed by treaty from officially doing QE). There is no central agency that can mess with bitcoin values, it is purely 100% market driven. This is probably why at some point in the near future, governments will start taking countermeasures.

2
0
Boffin

Re: Dumb question

No, like any other commodity, the price will fluctuate according to the laws of supply and demand. It's independent of the cost of producing it. Right now, there is an alarmingly high demand for Bitcoins, so the price is pretty high.

The algorithm is designed to produce Bitcoins at a steady rate by adjusting the difficulty of the algorithm to the availability of miners. The miners have an incentive to mine because each block they successfully validate gives them a certain number of Bitcoins. But the cost of mining depends on the cost of acquiring the hardware, the cost of the electricity to run it, and the cost of the Internet connection to connect it to the Bitcoin network. And, as a practical matter, there is also the cost of spending time on Bitcoin mining instead of doing something else.

Many miners mine because the costs for them are lower than the wealth they can receive by validating the blocks. So that drives investment into Bitcoin mining. But the more miners go into Bitcoin mining, then the difficulty goes up to keep the Bitcoin production steady. Essentially, you get more people competing for the same resources. The return on investment for the less efficient miners eventually becomes so low that they drop out, which provides a sort of balance to the system. Some people will continue to mine just for the fun of it, but a lot of the mining is done for a profit.

The amusing part about this story is that the script kiddy is doing CPU mining. CPU mining became unprofitable a couple of years ago. The cost of electricity and the opportunity cost of setting it up has made CPU mining impractical compared to other techniques. In recent months, specially built chips (ASIC) have come online, so now a majority of the Bitcoin mining proceeds are going to people who invest in these devices that can do nothing but mine Bitcoins. Soon, a majority of GPU miners are also going to go offline, just because it will be unprofitable to mine with GPUs.

In summary, you have it backwards. The inflation of Bitcoin doesn't depend on the processing power to mine it. The inflation of Bitcoin depends on the algorithm. The processing power loosely depends on the exchange rate, which is dependent on people's valuation of the currency.

3
0
Thumb Down

Re: Dumb question

I gather that it's designed to get significantly harder to generate a new bitcoin as more are brought into existence, with a theoretical maximum number that could ever exist.

So eventually a new bitcoin will require near-infinite processing power.

Incorrect.

The algorithm sets a hard limit of 20,999,999.9769 BTC. That's part of the design. The Bitcoin system generates blocks at a fairly steady rate. (It temporarily increases the speed when new mining hardware comes online, and it temporarily decreases the speed when mining hardware goes offline. Likewise, the processing power to find a block goes up, on average, as new mining hardware comes online.) But the number of Bitcoins per block decreases until, eventually, there will be no more Bitcoins generated. Currently, the reward is 25 BTC per block. Block #6,929,999 will generate 0.00000001 BTC, and then there will be no more BTC generated. To say that you are making more BTC after that would be to engage in fraud, and it would not be recognized as valid by the Bitcoin network.

The new Bitcoins go to the miner who first makes a solution to the mining algorithm, but that's not the primary purpose of the mining operation. The primary purpose of the mining operation is to validate transactions as having happened. Sort of a very expensive COMMIT operation. The transactions are grouped into the blocks, and the miner receives the transaction fees that are attached to the transactions. Thus, mining should remain profitable after the end of new BTC because the miner receives the transaction fees.

This was actually a pretty clever solution. By dribbling out Bitcoins using an algorithm, Satoshi solved the problem of distributing money without a central authority. By rewarding transaction blocks with new BTC, Satoshi created the incentive for people to start validating transactions in the days before there is a profitable volume of BTC transactions.

Of course, that's assuming nobody finds a major flaw in the algorithm (certainly not for want of trying), or the economic conditions drastically change (World War IV as Total War?), or people become disillusioned with Bitcoin for some reason. Bitcoin has already survived several flaws in implementation of Bitcoin services, and even a flaw in the core Bitcoin program, but it's still vulnerable. Everything is vulnerable, but Bitcoin is relatively new and people are more aware of its vulnerability.

2
0
Anonymous Coward

Re: Dumb question

"The amusing part about this story is that the script kiddy is doing CPU mining. CPU mining became unprofitable a couple of years ago. The cost of electricity and the opportunity cost of setting it up has made CPU mining impractical compared to other techniques."

Yes, but the script kiddies aren't the ones paying for the electricity in this case, so that particular cost isn't relevant for them (assuming that they are quite happy to be amoral thieves). And if the setup (i.e. infection) is adequately self-sufficient and automated, that shouldn't be an issue either, only coordinating the army of machines is.

Of course, even accounting for that, there will eventually come a point where even stealing someone else's electricity and CPU cycles isn't worth it, but I'm not sure it's here yet.

1
0
Anonymous Coward

I encountered this myself, via another route: Embedded into a game downloaded in blatant copyright infringement off Usenet. Bioshock Infinite. The Fairlight/FLT rip, according to the filename. Actually the second and third ISOs were Fairlights, but the first had been edited by someone else to add the GPU-using coin miner. Rather badly: They broke the game data files, and the miner kept popping up errors saying ieutil.exe could not start as opencl.dll was not found which made the infection highly obvious, plus their edited ISO was 12GB while FLTs original (which I found via filelocker) was only 8GB.

It's quite rare to find malware inside of an ISO file. This is the first time I've come across any.

1
0
Bronze badge
Facepalm

CPU mining is pretty stupid

CPU mining is much less efficient than GPU mining anyway, so mining with only a CPU is sort of pointless.

0
0
Silver badge
Headmaster

Pay attention: Grammatical error erroneously missing in subheading

The subheading "All your CPU cycles belong to us, say the script kiddies" is wrong, should be "All your CPU cycles ARE belong to us, say the script kiddies".

The original of this flogged-to-death-and-beyond meme was "ALL YOUR BASE ARE BELONG TO US". It even has an entry in Wikipedia...

4
1
Anonymous Coward

Solving PI vs. time to mine one Bitcoin...

Bitcoins are a fascinating topic, but they can be tricky to get your head around! Anyone have a simple analogy of the processes involved in mining a Bitcoin? Articles in the media are fabulously vague, preferring to debate the merits of FIAT Currency vs. Gold vs. Bitcoins...

Question #1:

Is it true to say that solving the mathematical puzzle and the CPU computational time involved is a Sisyphean exercise? By that I mean, the actual calculations involved exist merely to slow the speed of expansion of the Bitcoin money-supply? Or is the computational burden there to aid reinforcement of the integrity of the Bitcoins currently in circulation?

Question #2:

Could the CPU burden be applied to more utilitarian purposes i.e. SETI analysis, or some other distributed problem solving at the same time a Bitcoin is being mined? If yes, a fantasy favourite would be finding an algorithm to solve PI. If PI could be solved, then due to its unique never repeated series, all digital info could be compressed into just two numbers, an Index into PI and the original size of the item... That would make sending a large file over the internet potentially instant!

0
0

Re: Solving PI vs. time to mine one Bitcoin...

"If PI could be solved, then due to its unique never repeated series, all digital info could be compressed into just two numbers, an Index into PI and the original size of the item... That would make sending a large file over the internet potentially instant!"

Unfortunately this idea isn't worthwhile.

For a bitstream of length n there are 2^n possible values, each of them unique. This means each of them needs a separate index into PI, 2^n possible indexes., Unfortunately the due to the random nature of PI the first consecutive 2^n indexes will result in some duplicate patterns and so you'll need a larger number space for the indexes to pick every possible value - in other words for 2 digit patterns '14' may be at index 0 but '00' isn't available until index 307. This means you've now used 3 digits to represent 2 digits which isn't a good compression ratio.

I'm also not sure you can prove that every combination of sequence of digits is guaranteed to occur. the Sequence is n ones followed by a zero, followed by n+1 ones is none repeating but will never have the sequence 222 in it.

2
0
Boffin

Re: Solving PI vs. time to mine one Bitcoin...

If you really want to understand Bitcoin, then you really should study from the people who work on it, such as http://bitcoin.org/en/how-it-works

Question 1: Is mining Sisyphean?

I can't tell whether Bitcoin mining is Sisyphean. The story of Sisyphus is a morality tale about the futility of undermining the rules of the gods. The problem with Sisyphus was that his ultimate opponent had divine powers. Bitcoin has no gods as enemies, as far as I know. Likewise, not everybody is involved in Bitcoin for the monetary reward.

The calculations are not to slow the speed of the expansion. They do, but their purpose is to reinforce the integrity of the Bitcoin system. Bitcoins are traded from one wallet to another via transactions. Transactions are listed in blocks of transactions, in a chain of blocks going back to the first block. Zero or more transactions are bundled together in a block, along with some additional data such as the identity of the previous block, and the block is validated as being part of the block chain by having a header with the appropriate difficulty.

The hard part is finding a header with the appropriate difficulty. The difficulty is adjusted up and down depending on the speed of finding the previous several blocks, so each block takes on average 10 minutes. The Sisyphean aspects are that:

1) The more miners working on the blockchain, the less likely you are to find a block, so your mining equipment becomes less valuable. CPU mining is already worthless, and GPU mining should become unprofitable due to competition with FPGA and ASIC.

2) The reward for finding a block is a combination of the transaction fees and the new Bitcoins themselves. The number of new Bitcoins is gradually decreasing, by design, until just under 21 million Bitcoins will be generated by 2140. Assuming the Bitcoin system is still operational at that time. Miners will still have an incentive to mine because they receive the transaction fees, but that depends on Bitcoin becoming an active currency with enough volume to make the transaction fees significant.

Question #2: Could Bitcoin be used for utilitarian purposes such as SETI or Pi?

No.

It would have to be a different protocol, not Bitcoin, because Bitcoin is inextricably linked to the use of cryptographic hashes to find headers of appropriate difficulty. I guess you could make a newer version of Bitcoin that uses a more difficult hash, if SHA256 turns out to have a fatal flaw within the next hundred years, but it doesn't work for general-purpose computing.

The great thing about the cryptographic hash is that anybody can verify the headers, much more cheaply than the headers take to calculate. You could hypothetically mine using SETI, but there's no way for somebody to independently verify that the SETI-miner has done the work. They would have to download the same blocks from SETI and do the calculations again. That's a lot of work and a single point of failure.

Also, solving pi is an extremely impractical method of compression. For one thing, there is no "solution" to pi because it's infinite. For another thing, to use pi for compression, you would need to store the "solution" somewhere so you could use it for compression, which would more than wipe out any savings. Finally, because it's infinite, the number of bytes you would need for the index is also infinite, so in general you don't save any space in the transmission. I'm sure better mathematicians than I have proven it somewhere.

2
0
Silver badge

Re: Solving PI vs. time to mine one Bitcoin...

You're just using π as a random number generator. So, yes, your uncompressed text will exist in it; but if you need more bits to represent its index than there are in the uncompressed text then you can't compress it. Naive intuition should be enough to hint that your uncompressed text begins "close" to "infinity". The Shannon's Source Coding theorem puts that on a rigorous footing.

1
0
Silver badge

Re: Solving PI vs. time to mine one Bitcoin...

So, yes, your uncompressed text will exist in it; but if you need more bits to represent its index than there are in the uncompressed text then you can't compress it. Naive intuition should be enough to hint that your uncompressed text begins "close" to "infinity". The Shannon's Source Coding theorem puts that on a rigorous footing.

Agreed. And the Pigeonhole Principle demonstrates that while "all digital info could be compressed into just two numbers", there can't be any overall savings over the entire corpus of "all digital info". Compression is useful because some sequences are of more interest than other sequences; a compression algorithm reorders the space of all possible sequences to put more of the interesting ones at the shorter end.

For that matter, it's trivial to convert any sequence of digits, of length > 1, into two numbers: just split it, at the offset of your choice. There's no "compression", but that's the point - there's no reason why "just two numbers" would be smaller than the original sequence.

You're just using π as a random number generator.

Yup, and there are probably better (though still infeasible) choices for this approach. If memory serves, the Blum, Blum, Shub (BBS) PRNG is proven to contain all possible sequences in its output; and it offers random access - so given an index N, you can tell the generator to start generating there, without iterating through the first N-1 outputs. Alas, to (potentially) compress your input, you'd still have to crank the generator until you found the sequence you're looking for. And there's no way to speed that up without solving factoring. (And if you did solve factoring, this still couldn't compress all input sequences, for the reasons given above.)

The simple fact is that there are better general-purpose (eg PPM variants) and special-purpose (particularly lossy) compression approaches. There are arithmetic compression algorithms that make more sense than indexing into random or pseudo-random streams. The compress-by-π idea is just a fantasy; it's a useful thought experiment into some aspects of compression and complexity, but it has no practical utility.

1
0
Anonymous Coward

Re: Solving PI vs. time to mine one Bitcoin...

Fascinating.

Thanks to The Mole, Decade and Brewster's Angle Grinder for their insightful posts!

1
0
Anonymous Coward

Bitcoin-mining malware ENSLAVES Windows computers

Fixed that for ya.

"...The dropper is detected by Kapersky as "Trojan.Win32.Jorik.IRCbot.xkt," he wrote..."

As usual, you omit to mention that [also as usual] the malware only affects computers running Windows. Are you worried your headlines might lose some clickability for your mainly *nix-using readership if you point this out?... or are you just avoiding stating the bleedin' obvious every time?

5
4
FAIL

Re: Bitcoin-mining malware ENSLAVES Windows computers

As usual, you omit to mention that [also as usual] the malware only affects computers running Windows.

The headline isn't trying to say that all computers have been enslaved...

Maybe the author figured the highly intelligent "*nix-using readership" would:

a) understand that the headline doesn't read "Bitcoin-mining malware ENSLAVES ALL computers INCLUDING UNIX BOXES"

b) understand that this was a Windows virus, given the Trojan.Win32 description by Kaspersky...

or are you just avoiding stating the bleedin' obvious every time?

*sigh*

1
1
Thumb Up

Re: Bitcoin-mining malware ENSLAVES Windows computers

Re: a)

I no more inferred the headline meant "ALL computers" than I suggested it should read "ALL Windows computers"

Re b)

Er.. wasn't that the point I was making? [vis-a-vis headline versus content of article]

The whooshing sound you heard was aforesaid point flying several miles above your head.

*sigh* x 2

Thumbs up, coz you'll probably mis-read that too.

0
2
Silver badge

Similar to gold

In some respects bitcoins are similar to gold (with the principal difference gold can be physically used for something other than wealth storage). There is a finite amount of gold available that does become increasingly costly to mine over time.

0
0
Alert

Re: Similar to gold

Does the similarity to gold extend to destroying Bitcoins?

I mean, you can burn pound notes or throw gold into the ocean to remove it from circulation.

Can you destroy Bitcoins?

1
0
Silver badge

Can you destroy Bitcoins?

Yes, this is quite easy actually. Bitcoin does use a checksum prevent sending coins to a mistyped address, but if you know how it works it would be easy enough to create a fake address for which no private key exists. Or you could just create the address the normal way and then delete the key of course. Either way, any coins sent there would be unrecoverable.

Not sure why you'd want to do that, but you could.

1
0

The malware does seem pretty skidish, still using irc for it's C&C when http seems to be the wave of the future.

http://www.exposedbotnets.com/2013/04/hopennewssu-irc-botnet-hosted-by.html

It's skype spreading technique does seem to be effective though. Unlike a centralized service such as msn, there's no way for Microsoft to block urls in skype messages.

0
0
Devil

Already dealt with it...

Had to clean up a case pre-automated detection. Sort of a pain, but I whupped it.

And, sorry, I couldn't resist.

Is not a man entitled to the coin of his bit?

No, says the the man with malware, it belongs to me.

0
0
This topic is closed for new posts.

Forums