Copyright © 2012 Virus Bulletin
Social and technological switch often creates fresh opportunities for positive switch. Unluckily, it also means more opportunities for crime. So, when a fresh system of currency gains acceptance and widespread adoption te a computer-mediated population, it is only a matter of time before malware authors attempt to exploit it. Spil of halfway through 2011, wij embarked witnessing another means of financial profiteering being perpetrated by the malware authors, they commenced targeting Bitcoin.
Bitcoin-mining and -stealing functionality has bot discovered te a number of the most notable and prevalent malware families, including Alureon, Sirefef and Kelihos. Notably, Bitcoin being open-source software means that Windows users are not the only target. Cross-platform attacks have already bot seen, with OS X threats such spil MacOS_X/DevilRobber.A emerging on the toneel ter October 2011.
The very nature of the way Bitcoin operates also has implications. Bitcoin mining is a legitimate part of the system, permitting Bitcoin clients to rival with other clients te performing ingewikkeld calculations using the rekentuig’s processing power, aiding ter the flow of transfers and thus generating bitcoins for the winning miner. The potential for botmasters is clear: the more computers and resources they can control ter this distributed computing mechanism, the more they are likely to profit.
This paper examines the various malware families that target this currency, provides an analysis of how thesis families target bitcoins, and details the methods they use to steal and mine this increasingly popular digital currency. The paper will also give an insight into how malware authors and cybercriminals may exploit the Bitcoin system for their own financial build up, and details what the future holds for this form of exploitation.
Distributed or grid computing – a term used to describe numerous autonomous laptop systems working together for a common cause – is not a fresh concept, and is a method used to solve usually fairly ingewikkeld problems or tasks that require extensive processing power. The use of distributed systems is vast and traverses many fields, with many projects ter existence that utilize this method.
Of the many projects, there are those that any rekentuig user can partake ter, simply by installing client software on their system, they willingly volunteer their pc’s processing power to help contribute to a particular cause. The Superb Internet Mersenne Prime Search, also known spil GIMPS , is an example of the very first voluntary distributed computing project, te which participating computers contributed towards finding Mersenne prime numbers ter the field of mathematics. It wasgoed launched ter 1996. [email protected] [Two] is another well-known project, launched te May 1999, that utilizes the collective processing power of volunteered computers to ontleden radio signals and help te the search for extraterrestrial life.
Leaping ahead ten years from the launch of [email protected], January 2009 witnessed the launch of an experimental decentralized virtual currency called Bitcoin, which relies on computers connected through a peer-to-peer (P2P) network to work together te the creation and transfer of this currency across the network. Bitcoin has gained popularity amongst rekentuig users since its launch, appealing to many due to its non-reliance on a central authority to kwestie currency and track transactions, spil well spil its prize system, which encourages laptop users to volunteer their computing power to aid te generating bitcoins and validating transactions.
And it’s exactly thesis features that have encouraged the adoption of Bitcoin by the dark compels of the online world spil well, with cybercriminals and malware authors taking a keen rente te this fresh technology. But before wij delve into the agglomeration of nefarious activities surrounding Bitcoin, wij need to have a basic overview of what bitcoins are and how the Bitcoin system works.
What is Bitcoin?
Founded by Satoshi Nakamoto, Bitcoin wasgoed launched to the public on 11 January 2009, and wasgoed described by its inventor on the cryptography mailing list where it wasgoed very first announced spil a ‘fresh electronic specie system that uses a P2P network to prevent double-spending’ [Trio]. The Bitcoin wiki webpagina [Four], which contains almost everything there is to know about the system, describes it spil being ‘designed around the idea of using cryptography to control the creation and transfer of money, rather than relying on
The term ‘Bitcoin’ (upper case ‘B’) can be used to describe the system spil a entire, spil well spil the software used by the system, while ‘bitcoin’ (lower case ‘b’) is the virtual currency that is created by this system. A ‘bitcoin’ unit of currency is represented spil a ‘BTC’ and can be traded for real-world currency through various exchanges. The Bitcoin client software that is run on computers ter the P2P network is open source, spil well spil the bitcoin-mining software that exists to support the system.
How does it work?
The premise behind Bitcoin is that users of the system can transfer bitcoins to each other without the need of a central authority, such spil a financial institution, to validate transactions and monitor double-spending. This validation is instead performed by knots participating ter the Bitcoin P2P network, spil by vormgeving, all transactions are broadcast to the network.
Once a user installs a Bitcoin client on their machine, they can transfer bitcoins directly to another Bitcoin user. The Bitcoin client assigns an address to each user, which is used spil their identifier on the network, permitting them to receive bitcoins. A Bitcoin address is 34 characters long and is freshly generated by most Bitcoin clients each time a transaction occurs, so one user can have numerous addresses.
Bitcoin uses a public key cryptography system for transactions inbetween users. Each Bitcoin user has a pair of public and private keys which is stored ter a special opstopping on their system called a Bitcoin wallet. When User AX wants to transfer one bitcoin to User BY, for example, the following occurs:
- AX initiates a transaction by sending one bitcoin to BY’s Bitcoin address (Figure 1).
- BY’s public key is sent to AX.
- AX adds BY’s public key, along with the transfer amount, one bitcoin ter this case, to a transaction message.
- AY signs the transaction message with their private key and broadcasts the message to the network.
Figure 1: Address of BY chosen spil the destination for one BTC.
So, up until this point, the transfer amount, one BTC, has still not bot transferred to BY spil it needs to be verified and permanently recorded te the network before it can be spent. What happens next is the distributed computing opzicht of the Bitcoin system:
- The broadcasted transaction message is collected into blocks being worked on by knots running special mining software. A block contains, among other gegevens:
- latest transactions broadcast by other knots that have not bot verified yet
- a hash of all transactions
- a hash of previously accepted blocks
- a difficult-to-solve mathematical problem.
The block chain, which is a record of all transactions that occurred te the system since the very very first one initiated by Nakamoto – called the genesis block – is downloaded to every Bitcoin client’s machine, to the client’s Bitcoin gegevens directory (with the opstopping name ‘blk0001.dat’, for example). So once a transaction is accepted into the block chain it is visible to all ter the network and is irreversible. Because the transaction is te the block chain, redoing it would mean all miner knots would have to redo its associated block, spil well spil all blocks that go after it, since each accepted block contains a hash of the previous one. Hence, this is the Bitcoin system’s solution to the problem of double-spending.
But spil mentioned by Nakamoto , spil long spil fair miner knots have the majority of CPU power te the network, ‘an attacker would have to redo the proof-of-work of the block and all blocks after it and then catch up with and surpass the work of the fair knots.’ So ter the unlikely case that an attacker gains more than 50% of the hashing power ter the network (hashing will be discussed ter the ‘mining’ section), while ter control, they could potentially switch sides their transactions and prevent other knots from validating blocks.
The Bitcoin wallet contains a public and private key pair, spil mentioned previously, spil well spil an address created each time a transaction occurs. Because a fresh address is generated for each transaction, the wallet can contain many addresses and key pairs. So, a Bitcoin user having X number of bitcoins te their wallet indeed means they have te their wallet one or many Bitcoin addresses, and a corresponding private key that is needed to resend the bitcoins sent to that address. This also means that anyone can spend the bitcoins sent to the Bitcoin user’s address if they have access to their address and its corresponding private key. This is why the Bitcoin wallet opstopping is a popular target for malware.