Feeds

back to article Bitcoin blockchain allegedly infected by ancient 'Stoned' virus

A curious and probably accidental artefact has popped up in the Bitcoin blockchain, with a user reporting that it's identified as containing a virus by Microsoft's Security Essentials. The reason El Reg is inclined to think it's accidental: in this discussion on a Microsoft discussion board, user edc678 says MSE is identifying …

COMMENTS

This topic is closed for new posts.

Many Monkey theorem

I wonder how long it will be before the works of Shakespeare start to crop up?

12
0
Silver badge

Re: Many Monkey theorem

I'd bet that this is the chaos of MS' software interacting with random data to produce... random non-functional rubbish output. Even if it did replicate the entire sequence of bytes in order, without the applied intelligence and the context of a floppy disk boot mechanism, those bits have no meaning.

GIGO: unlike the moneys, this has some evidence.

Also, mow many many mips are expended looking for "stoned" on a daily basis?

5
5
Silver badge

Re: Many Monkey theorem

Or perhaps the complete works of Anonymous.

3
2
Silver badge

Re: Many Monkey theorem

"Also, how many many mips are expended looking for "stoned" on a daily basis?"

Probably, remarkably few. The days when AV was 'search target for pattern 1, search target for pattern 2, …' were over within 5 years of Stoned. More efficient search techniques are used, so Stoned and thousands of other malware sharing some pattern will be eliminated high up in the decision tree.

0
0
Silver badge
Pint

MonkeySoft: "Must... Attempt... To... Execute... Blockchain."

I'm beginning to think that the von Neumann Architecture might have been a big mistake.

1
0
Bronze badge

Re: Many Monkey theorem

Unfortunately the Infinite Monkeys Theorem isn't applicable in this case, as it requires completely random data, which doesn't occur in the blockchain.

0
0
Silver badge
Big Brother

Regulation is what will keep Wall Street down. Oh wait...

the increasing regulatory attention the crypto-currency is receiving

Indeed, once "regulators" show up, you know the pigs are there, fearing to be be possibly kept away from a good feast.

6
0
Silver badge
Thumb Up

STONED

"Since STONED is a 27-year-old relic from the DOS days – all it did was pop up a boot message telling users “Your PC is now STONED”."

Ahhh - the good old days - when virus writers were just trying to have a bit of fun...

7
1
Silver badge

Re: STONED

Those were the days, indeed. I'm just surprised that no one has figured out how to fiddle with the bitcoin code such that they can call the bitcoins home to their wallet... or even such that once the coin is mined, the person who ran the mining operation doesn't get the coin, the miscreant does.

0
1
Bronze badge

Re: STONED

I still have a warm spot in my heart for the Cookie Monster virus. DOS-based, it would eventually put up a message saying "gimme cookie" and do nothing else. After a while, the message would come back. Again and again, each time with less time between the message until eventually your PC would freeze.

To get rid of it? You typed COOKIE on the command line and it would sanitize itself from your system.

Benign, but fun.

6
0
Anonymous Coward

Re: STONED

> Ahhh - the good old days - when virus writers were

> just trying to have a bit of fun...

What fun is it when it destroys MD2DD disks with more than 96 files on it, and outright corrupts MD2HD, MF2DD and MF2HD disks?

http://en.wikipedia.org/wiki/Stoned_%28computer_virus%29

2
1
Silver badge

Re: STONED

The fun factor is determined by how much MD2HD you are made of.

2
1
Silver badge

Re: STONED

"I'm just surprised that no one has figured out how to fiddle with the bitcoin code such that they can call the bitcoins home to their wallet"

Doing this is trivial - all that is needed is more computing power than every other machine on the Bitcoin network combined in order to fork the blockchain, or control over more than 50% of the machines on the network.

The latter is actually conceivable if any of the mining pools or massive mining datacentres ever reaches 50% of the network hash-rate. (This could not be done in secret, as the address of the machine calculating the next block forms part of the block chain).

Of course, the moment anyone tried to subvert the block-chain in this way, to give themselves an arbitrary number of bitcoins, or take bitcoins from other wallets, it would render the blockchain itself worthless, so could not actually be used for any material gain.

0
0

Re: STONED

More a semantic point than anything, but a bitcoin wallet does not contain any bitcoins, it is simply an identifier that can be cross referenced against the ledger (blockchain), which is what allows you to make a transaction (signed with your private key). At the moment it still requires far more computing power to brute force the wallet keys (either through collision or chancing on the duplicate of someone's private key) than finding a block by mining directly.

0
0
Anonymous Coward

Re: STONED

"Doing this is trivial - all that is needed is more computing power than every other machine on the Bitcoin network combined in order to fork the blockchain, or control over more than 50% of the machines on the network."

No, it is not trivial. Have you ever tried to do this on the testnet or on an altcoin?

Second, you can't just do arbitrary shit if you have 51% of the network hashrate. You can fork it and double-spend, you can instamine a shitload of blocks with the timewarp attack, but you can't just do whatever you want.

"The latter is actually conceivable if any of the mining pools or massive mining datacentres ever reaches 50% of the network hash-rate. (This could not be done in secret, as the address of the machine calculating the next block forms part of the block chain)."

Your IP address is not contained in the block you mine. In fact, it's possible to be rather anonymous when mining. This is another reason why it's so hard to find the founder of Bitcoin.

0
0
Anonymous Coward

the whole message

so, without the infector portion, how can it be seen as something to be concerned about? is MSE searching for only the known visible part of the text? why is MSE even searching for Stoned when it is ineffective on systems these days?

BONUS: who knows the rest of the output of Stoned?

2
0

Re: the whole message

The rest of the output should have been the phrase "Legalise Marijuana", however due to a bug in the virus it never actually displayed that text but would crash and freeze your machine instead.

As I recall the bug was when it attempted to draw and ASCII art Marijuana.

5
0
Bronze badge

Re: the whole message

So this virus (presumably written by pot smokers) infected a machine which then stopped working, without even 'taking care of business' first. Why am I not surprised?

7
1
Silver badge

Re: the whole message

quote: "So this virus (presumably written by pot smokers) infected a machine which then stopped working, without even 'taking care of business' first. Why am I not surprised?"

Compared to some government IT procurement projects, Stoned was both more functional and more complete, even taking the fact that functionality was missing into account. It was also several million pounds less expensive to have developed.

Stoner programmers being as effective as multinationals as well as cheaper? Who'd have thought? ;)

0
0
Bronze badge

Re: the whole message

Anti-virus only cares about the payload itself as most viruses have multiple infection vectors so there is no point in detecting those when payload scanning has worked just fine for many years.

MSSE still scans for DOS viruses as Microsoft still supports DOS 6.22 and Windows 3.11 due to their wide spread use in various embedded systems and industrial control computers.

1
0
Bronze badge

Re: the whole message

"why is MSE even searching for Stoned when it is ineffective on systems these days?"

For a few reasons:

* because, as someone pointed out above, it's cheap to add more signatures (things are much better than O(n) complexity we had in the very early days). If you can scan for it, and it's cheap to do so, then why not?

* because it's one of those viruses that your scanner is expected to pick up (and virus scanner manufacturers used to use number of viruses detected as a marketing tool)

* there are such things as virus droppers that will install all sorts of malware. The blockchain (or any random data file) mightn't be (isn't) a virus in itself, but if it contains the virus (which it doesn't) a dropper can pull it out and use it to infect something (so if I had an SQL database with lots of virus code, it would be nice if the av software could detect it in the db file)

* who says that it's ineffective? Some people still use floppies. (true, its not much of a risk, but the infection mechanism still works)

* by catching the floppy-only variant, you might also catch derived versions (like NoInt) that can infect hard disk boot sectors

Mostly, though, it's probably just a combination of inertia and anti-virus writers liking to keep old signatures around for historical/completist reasons. Maybe they should drop these old signatures, but imagine the embarrassment should one of these apparently "extinct" viruses have a high-profile outbreak and MS's program failed to detect it?

1
0
Bronze badge

Re: the whole message

So this virus (presumably written by pot smokers) infected a machine which then stopped working, without even 'taking care of business' first. Why am I not surprised?

Nah, it worked. It's just that it lived so close to the top of memory that the stack area overlapped the area for the stored message (so regular subroutine calls and interrupts garbled it). For something that couldn't even "take care of business" as you put it, it was remarkably successful, bugs and all.

(this comment based on actually disassembling the code and figuring out how it worked; I'm sure I have a copy of this still filed away somewhere)

0
0
Bronze badge
Childcatcher

Re: the whole message

Anti-virus only cares about the payload itself as most viruses have multiple infection vectors so there is no point in detecting those when payload scanning has worked just fine for many years.

Not so much. AV products look for, or can be set to look for, where a file is run from, where the executable resides, and other parameters. They also scan for payload. In fact one of the basic tests for AV functionality, the EICAR "virus," takes advantage of this.

0
0
Silver badge

This is not good.

Just coincidence, and the million monkeys effect - but it is possible to put data into the blockchain, if you've enough processing power or a whole lot of luck. That means this could be done deliberately, and is the type of prank many people might like.

The good news is that the blockchain is separate from private keys, so even if your AV wipes the file your coins will stll be safe. You'll just have to download it all again.

1
0
kbb

A cunning plan?

So could this be a plan to make people so annoyed with their AV - "I can't spend my bitcoins because the stupid AV software thinks it has a virus" - that they turn it off?

1
0
Alien

Conspiracy Theory #42

In reply to "This is not good"

'... put data into the blockchain, if you've enough processing power ...'

Heard of "social connections"? How's this for a chain of them?:

Big Banking <==> Government <==> FBI etc <==> NSA/GCHQ <==> Enough processing power?

"Of course, when everyone's out to get you, you must expect to feel a bit paranoid"

1
0
Bronze badge

Re: Conspiracy Theory #42

I always love how conspiracy theorists seem to have more faith in parts of the government being able to cooperate than even the staunchest Nationalist or even the President.

4
0
Silver badge

Re: Conspiracy Theory #42

Since half the conspiracy theorists are on the extreme right (the other half on the extreme left, there aren't many moderate/center conspiracy theorists as far as I can tell) one wonders how they can assign such amazing powers to a government they think is too incompetent to be trusted with anything?

3
0
Silver badge

So AV false positives are news now?

1
1
Bronze badge

When they produce such an astronomically unlikely coincidence, yes.

0
0

There are other blockchain oddities...

It's not the only oddity in the blockchain. There's supposedly loads of other cruft in there

http://www.righto.com/2014/02/ascii-bernanke-wikileaks-photographs.html

(excuse the weird URL - the link really is about bitcoin!)

1
0

It is a proof of concept..

0
0

I think it's Bitcoin that is a proof of concept.

1
0

Bitcoin Bomb?

Hmm, not only potential viri, but fundamentally how can we even know that Bitcoin is not already pre-programmed to suddenly start churning out more coins, stop altogether, or some other surprising "feature". We have no idea as to who is behind Bitcoin yet we have put as much, or more, trust in them than we have in buying REAL gold and silver coins which have inherent value. It would not surprise me if Bitcoin turns out to be a complete scam - I am not saying that it will be and in fact I did buy a very small amount to see where this journey ends, but I am completely prepared for the theft of my coins, or it being a scam, or some other "surprise".

1
4
Silver badge

Re: Bitcoin Bomb?

"yet we have put as much, or more, trust in them than we have in buying REAL gold and silver coins which have inherent value"

Who are these "we" you refer to?

Also I don't think real Gold & Silver coins are used any more for trading. All trading currencies are "fait".

1
0
Bronze badge

Re: Bitcoin Bomb?

Then I suppose you will be surprised to hear that Bitcoin is open source.

Not only that, but also programmed by well-known and trusted developers like Wladimir J. van der Laan or Gavin Andresen

3
0
Bronze badge
Headmaster

Re: Bitcoin Bomb?

Have a downvote for "viri". I stopped reading after that.

0
0
Silver badge

Re: Bitcoin Bomb?

Maybe it was a typo and he simply meat "Siri"?

0
0
Anonymous Coward

Wahey.

It did indeed hail from New Zealand in 1987, I met the guy that wrote it. Old skool!

0
0
Bronze badge
Trollface

Another way for MS to make money

Claim your bitcoins (Other virtual currencies are available) are old virus's upload them to the server and then delete them from your machine!

1
2
Bronze badge

2,000 thumbs down can't be wrong

More than once a month there's a story on here pretty much proving de facto what I've been posting for a decade.

AV is so CRUDE it will match random cryptographic strings as viruses that haven't even been in the wild for over TWENTY FIVE YEARS.

It does not catch ANY 'current' viruses. Virus writers TEST THEIR CODE to make sure AV PROGRAMS DO NOT FIND IT.

Maybe if you thumb this post down enough times maybe you will deny reality so hard that your AV will actually start being useful, but I doubt it.

You are PAYING MONEY for a USELESS CATALOGUE OF OLD DOS VIRUSES, and little else.

2
7
Silver badge

Re: 2,000 thumbs down can't be wrong

Maybe, but I don't know anyone who's paying money for Microsoft Security Essentials (it's free).

6
0
Silver badge

Re: 2,000 thumbs down can't be wrong

As another has said, the MS AV is free and I'd argue it's probably not much different to any Paid AV.

The whole history of paid AV products is false positives that cripple machines. I'm no MS fan, but I wouldn't single them out on this.

Not when there are bigger targets of MS stupidity like one GUI for everything (CE era Desktop WIMP stupid on 320 x 240 PDA, today Zune GUI stupid on Desktop PC). The Ribbon. etc

0
1
Bronze badge

Re: 2,000 thumbs down can't be wrong

"The whole history of paid AV products is false positives that cripple machines. I'm no MS fan, but I wouldn't single them out on this."

So essentially we are in agreement?

I'm not singling MS out, there isn't a safe or effective AV software available from anyone, they are ALL filled with useless definitions from 20 years ago.

0
0
Bronze badge

Re: 2,000 thumbs down can't be wrong

Your AV is more likely to delete a completely safe innocuous software crack and leave the real malware behind.

0
0
Bronze badge
Joke

HHGTTG Quote (paraphrased)

All this talk of random numbers and not-so-random numbers reminds me of something:

If, he thought to himself, such a numerical coincidence is a virtual impossibility, then it must logically be a finite improbability. So all I have to do in order to make one is to work out exactly how improbable it is, feed that figure into the bitcoin generator, give it a fresh cup of really hot virus code ... and turn it on!

He did this, and was rather startled to discover that he had managed to create the long sought after golden Infinite Improbability bitcoin generator out of thin air.

It startled him even more when just after he was awarded the Galactic Institute's Prize for Extreme Cleverness he got lynched by a rampaging mob of respectable AV salesmen who had finally realized that the one thing they really couldn't stand was a smartass.

2
0
Unhappy

Is there any reason to think it wasn't deliberate?

Deliberately inserting virus signatures into the block chain has been talked about for a while. For example, http://pastebin.com/ct2WHUK5. Nor is this the first time it's happened, eg https://bitcointalk.org/index.php?topic=559365. Unless there's evidence to the contrary, I would expect this to be deliberate.

1
0
Bronze badge
Thumb Up

...

I see what you did there Mr. Chirgwin.

0
0
This topic is closed for new posts.