Home Tags Posts tagged with "cyber thieves"

cyber thieves

Botnet miners, or cyber-thieves, are attempting to cash in on the rising value of the bitcoin virtual currency.

Bitcoins have almost tripled in value in a month. In late February one bitcoin was worth $33 but now each one sells for about $90.

Thieves who run networks of hijacked PCs are increasingly using these machines to create or “mine” the coins.

However, bitcoin miners say thieves will struggle to keep up, as coin-generating technology becomes more sophisticated.

Botnet miners, or cyber-thieves, are attempting to cash in on the rising value of the bitcoin virtual currency

Botnet miners, or cyber-thieves, are attempting to cash in on the rising value of the bitcoin virtual currency

As a virtual currency, bitcoins depend on a wide network of closely connected computers to log who holds the coins and where they are spent.

That network also shares information about who is “mining” the coins.

Mining involves solving a hard mathematical problem and miners typically use large numbers of computers to speed up the number crunching involved.

“Botnet mining is fundamentally theft of private property, illegal and unethical,” said Jeff Garzik, a bitcoin developer, adding that bitcoin miners had battled botnets for years, seeing them as a “cost and a burden” they just had to deal with.

Many cyber-thieves who control botnets, large networks of home PCs compromised with a virus, were using them as a dedicated mining pool in a bid to generate bitcoins for themselves, said Derek Manky, senior security strategist at Fortinet.

The operators of one of the biggest current botnets, known as ZeroAccess, had recently ramped up their efforts to use machines they control to mine bitcoins, he said, adding that millions of infected PCs were unwittingly enrolled in the criminal network.

“ZeroAccess has employed an affiliate model,” he said.

“They pay other people to install malware for them.”

The operators of ZeroAccess were making so much money that they were paying high prices for each infection. Current rates ran at about $100 for every 1,000 infections, said Derek Manky.

As well as mining bitcoins, PCs enrolled in ZeroAccess were also being used to poison search results – to cause users to unwittingly click on booby-trapped web pages – or fraudulently click on adverts to generate revenue.

“ZeroAccess has been extremely profitable,” said Derek Manky.

The wider bitcoin community was aware of the efforts botnet owners were making to produce their own cash, said Derek Manky.

“They try to detect and remove these transactions but it’s a bit of a cat and mouse game,” he said.

“The operators of ZeroAccess know about that and just change their tactics.”

However, said Jeff Garzik, criminal participation in bitcoin mining was likely to get much less profitable as professional miners turned away from using desktop PCs to generate the coins.

Increasingly, he said, professional miners were using custom-made chips, called Asics (Application-Specific Integrated Circuits), to mine because such processors worked faster.

“It is theorized that the current shift in bitcoin mining to <<Asic>> miners – the fastest and most advanced generation – will simply make it unprofitable for botnet miners,” said Jeff Garzik.

Vitalik Buterin, technical editor at Bitcoin Magazine, said the rise of Asic mining meant cyber-thieves would soon be pushed out.

Currently only about one-third of all professional miners were using Asics, but as that proportion grew, the number of bitcoins that could be generated with a botnet would shrink, said Vitalik Buterin.

“The fact that botnets are (somewhat) viable now is basically an aberration resulting from the massive price increase that has not yet been matched by increased mining activity,” he said.

 “Once Bitcoin stabilizes again the botnets will rapidly crawl back into the shadows.”

[youtube 7fvSYT7vhQY]

More than 300,000 people worldwide could lose internet access later today as the FBI shuts off servers used by cyber thieves.

The FBI seized the servers in November 2011 during raids to break up a gang of criminals who used viruses to infect more than four million victims.

Victims’ web searches were routed through the servers so they saw adverts that led to the gang being paid.

Many machines still harbor the gang’s malicious code.

The gang racked up more than $14 million by hijacking web searches and forcing victims to see certain adverts. They managed to do this because their servers were taking over a key web function known as domain name look-up.

Domain names are the words humans use for websites. These are converted into the numerical values that computers use by consulting domain name servers (DNS).

When a person types a name into a browser address bar, often their computer will consult a DNS server to find out where that website resides online.

More than 300,000 people worldwide could lose internet access later today as the FBI shuts off servers used by cyber thieves

More than 300,000 people worldwide could lose internet access later today as the FBI shuts off servers used by cyber thieves

The gang infected computers with malware called DNS Changer because it altered where a PC went to convert domain names to numbers.

Since the FBI raids the gang’s servers have been run by Californian company ISC.

Over the last few months, the FBI has worked with many ISPs and security firms to alert victims to the fact that their PC was infected with DNS Changer. Online tools are available that let people check if they are infected.

This has meant the original population of four million infected machines has been whittled down to just over 300,000, according to statistics gathered by the DNS Changer Working Group.

The largest group of machines still harboring the infection are in the US but many other nations, including Italy, India, the UK and Germany, have substantial numbers still checking in with the ISC servers.

These servers will be shut down on 9 July.

The result could be that some people lose net access because the PCs that are still victims of DNS Changer will suddenly have nowhere to go when they need to look up the location of a particular domain.

It might take some time for the problems to become apparent, said Sean Sullivan, a security researcher at F-Secure.

“Initially some domains will be cached which will mean web access will be spotty,” he said.

“People will be confused about why some things work and some do not.”

Other security experts said it might take time for the remaining infected machines to be cleaned up.

“Reaching victims is a very hard problem, and something we have had issues with for years,” said Johannes Ullrich, a researcher with the Sans security institute.

He expected the impact to be “minimal” because many of these systems were no longer used or maintained.

Top 10 DNS Changer infections:

• US – 69,517

• Italy – 26,494

• India – 21,302

• UK – 19,589

• Germany – 18,427

• France, 10,454

• China – 10,304

• Spain – 10,213

• Canada – 8,924

• Australia – 8,518