SCF Advanced Search


Members
Stats
  • Total Posts: 35660
  • Total Topics: 10902
  • Online Today: 2507
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)











Author Topic: Delving Deeply Into a Bitcoin Botnet  (Read 3634 times)

0 Members and 5 Guests are viewing this topic.

Pez

  • SCF VIP Member
  • *****
  • Posts: 776
  • KARMA: 117
  • Gender: Male
  • Pez
Delving Deeply Into a Bitcoin Botnet
« on: 03. June 2013., 09:32:35 »
Delving Deeply Into a Bitcoin Botnet

Bitcoin is a virtual decentralized currency that was created in 2009 by developer Satoshi Nakamoto, who described the currency in a paper. Recently Bitcoin has gotten lots of attention. In early 2013, the prices reached a high of US$265 per Bitcoin. The following chart shows the currency’s historical price:



"click the image to make it larger"

Because Bitcoin is a virtual currency and independent of any financial institution, many vendors accept Bitcoins as payments.

Bitcoins are generated through a process called mining. Every transaction is in the form of block that is broadcasted to all the nodes on the network. Nodes try to find a difficult proof of work that involves finding a value which when hashed with an algorithm such as SHA-256 gives output that contains a number of zero bits. Once a node finds such a hash, the user is rewarded with new Bitcoins.

Because mining requires enormous processing power, the concept of “pooled” mining allows lots of people to work together to find a hash value. They all work together by sharing their resources. Once a hash has been generated by any user, they all split the created Bitcoins.

The current jump in Bitcoin price suggests that cybercriminals are paying attention. With pooled mining, it is easier for botnet owners to install Bitcoin mining clients on various systems working together to generate Bitcoins for the botnet masters.

In our recent analysis of botnets, we found a couple of samples that were communicating to various online Bitcoin mining services over the Stratum protocol:




We also saw a couple of samples using JSON/RPC calls:




And communication with a control server:




It is clear that this bot is sending various information to the control server back and receiving commands from the server.

Our analysis found that this botnet uses ufasoft Bitcoin mining software. All the required files are embedded inside the resource section of the .exe, so unlike other botnets no extra download is required.




The following screenshot shows malicious files getting unpacked in memory and running there.




The botnet also dropped a couple of required files for Bitcoin mining under a temp/{random name} folder:




After that the botnet launches the file responsible for Bitcoin mining:




Note that the file has a fake description: “Malwarebytes Anti-malware.”

This bot can be installed on a victim’s system through various methods: drive-by downloads, download via botnet, etc. Once run, this bot registers with various online pooled mining services with the attacker-supplied user name and password, so the attacker gets Bitcoins credited to his or her own account:




We found one person selling an entire botnet kit on one of the underground forums for just a few dollars:




We also found that the sample we got is the same as shown in the preceding forum post.

Here are couple of screenshots showing the control panel of the bot.

Commands:




Bitcoin settings:




Botnet summary:




Statistics:




Bitcoin has recently gotten lots of media coverage because of the price it has attained during the last few months. We believe that this upward price trend will continue. With this bot, attackers are seeking new sources of income. They are quick to obtain the latest code as soon as it’s available.

McAfee customers are protected against this threat by IPS signature ID:0x4880b300_BOT_Bitbot_Activity_Detected.


Original article: Tuesday, May 21, 2013 at 3:11pm by Hardik Shah
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

devnullius

  • SCF VIP Member
  • *****
  • Posts: 3535
  • KARMA: 153
  • Gender: Female
    • SCForum.info
Re: Delving Deeply Into a Bitcoin Botnet
« Reply #1 on: 03. June 2013., 12:07:56 »
I'd love to be part of this....  >:D

Karma

Devvie


~~~ notemail@facebook.com ~~~

Conare nullius momenti videri fortasse missilibus careant
——
All spelling mistakes are my own and may only be distributed under the GNU General Public License! – (© 95-1 by Coredump; 2-013 by DevNullius)
More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

Thisper

  • SCF Newbie
  • *
  • Posts: 7
  • KARMA: -1
  • Gender: Male
Re: Delving Deeply Into a Bitcoin Botnet
« Reply #2 on: 05. October 2019., 07:50:13 »
I have checked lot of bitcoin wallet options are available where people want to invest and earn the money in good way.Bitcoin provides the best options for the Bitcoin Options earning in good way. Bitcoin getting the popularity for the demand.

MelissaLiberson

  • SCF CryptoGroupie
  • *
  • Posts: 397
  • KARMA: 16
  • Gender: Female
Re: Delving Deeply Into a Bitcoin Botnet
« Reply #3 on: 07. October 2019., 17:52:36 »
If we are willing to play things safely then it’s must that we use a safer and secure Crypto Wallet since that’s where safety and security comes in and I don’t think I will be interested in taking the risk at all.

So this is where we have to be extremely careful with how we go with approaching things. As the wallet is a major need and that has to be perfect because this is where we can’t afford to be taking chances at all, so got to be very careful.

Samker's Computer Forum - SCforum.info

Re: Delving Deeply Into a Bitcoin Botnet
« Reply #3 on: 07. October 2019., 17:52:36 »
Sponsored Links:




 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising