Samker's Computer Forum -

Off-Topic Lounge: => CryptoCurrencies Base => Topic started by: Pez on 03. June 2013., 09:32:35

Title: Delving Deeply Into a Bitcoin Botnet
Post by: Pez on 03. June 2013., 09:32:35
Delving Deeply Into a Bitcoin Botnet

Bitcoin is a virtual decentralized currency that was created in 2009 by developer Satoshi Nakamoto, who described the currency in a paper. Recently Bitcoin has gotten lots of attention. In early 2013, the prices reached a high of US$265 per Bitcoin. The following chart shows the currency’s historical price:


"click the image to make it larger"

Because Bitcoin is a virtual currency and independent of any financial institution, many vendors accept Bitcoins as payments.

Bitcoins are generated through a process called mining. Every transaction is in the form of block that is broadcasted to all the nodes on the network. Nodes try to find a difficult proof of work that involves finding a value which when hashed with an algorithm such as SHA-256 gives output that contains a number of zero bits. Once a node finds such a hash, the user is rewarded with new Bitcoins.

Because mining requires enormous processing power, the concept of “pooled” mining allows lots of people to work together to find a hash value. They all work together by sharing their resources. Once a hash has been generated by any user, they all split the created Bitcoins.

The current jump in Bitcoin price suggests that cybercriminals are paying attention. With pooled mining, it is easier for botnet owners to install Bitcoin mining clients on various systems working together to generate Bitcoins for the botnet masters.

In our recent analysis of botnets, we found a couple of samples that were communicating to various online Bitcoin mining services over the Stratum protocol:


We also saw a couple of samples using JSON/RPC calls:


And communication with a control server:


It is clear that this bot is sending various information to the control server back and receiving commands from the server.

Our analysis found that this botnet uses ufasoft Bitcoin mining software. All the required files are embedded inside the resource section of the .exe, so unlike other botnets no extra download is required.


The following screenshot shows malicious files getting unpacked in memory and running there.


The botnet also dropped a couple of required files for Bitcoin mining under a temp/{random name} folder:


After that the botnet launches the file responsible for Bitcoin mining:


Note that the file has a fake description: “Malwarebytes Anti-malware.”

This bot can be installed on a victim’s system through various methods: drive-by downloads, download via botnet, etc. Once run, this bot registers with various online pooled mining services with the attacker-supplied user name and password, so the attacker gets Bitcoins credited to his or her own account:


We found one person selling an entire botnet kit on one of the underground forums for just a few dollars:


We also found that the sample we got is the same as shown in the preceding forum post.

Here are couple of screenshots showing the control panel of the bot.



Bitcoin settings:


Botnet summary:




Bitcoin has recently gotten lots of media coverage because of the price it has attained during the last few months. We believe that this upward price trend will continue. With this bot, attackers are seeking new sources of income. They are quick to obtain the latest code as soon as it’s available.

McAfee customers are protected against this threat by IPS signature ID:0x4880b300_BOT_Bitbot_Activity_Detected.

Original article: Tuesday, May 21, 2013 at 3:11pm by Hardik Shah (
Title: Re: Delving Deeply Into a Bitcoin Botnet
Post by: devnullius on 03. June 2013., 12:07:56
I'd love to be part of this....  >:D



~~~ ~~~

Conare nullius momenti videri fortasse missilibus careant
All spelling mistakes are my own and may only be distributed under the GNU General Public License! – (© 95-1 by Coredump; 2-013 by DevNullius)
Title: Re: Delving Deeply Into a Bitcoin Botnet
Post by: Thisper on 05. October 2019., 07:50:13
I have checked lot of bitcoin wallet options are available where people want to invest and earn the money in good way.Bitcoin provides the best options for the Bitcoin Options earning in good way. Bitcoin getting the popularity for the demand.
Title: Re: Delving Deeply Into a Bitcoin Botnet
Post by: MelissaLiberson on 07. October 2019., 17:52:36
If we are willing to play things safely then it’s must that we use a safer and secure Crypto Wallet ( since that’s where safety and security comes in and I don’t think I will be interested in taking the risk at all.

So this is where we have to be extremely careful with how we go with approaching things. As the wallet is a major need and that has to be perfect because this is where we can’t afford to be taking chances at all, so got to be very careful.