Páginas

quinta-feira, 9 de junho de 2011

Botnets for Bitcoins

Botmasters are always trying to make a quick buck by renting their botnets for DDoS/SPAM, installing third-party malware (FakeAV) or stealing user credentials. It's not going to be a surprise when we finally see the first botnet mining bitcoins.

From Wikipedia, Bitcoin is a P2P currency created by  Satoshi Nakamoto. Bitcoins can be saved on a personal computer in the form of a wallet file or kept with a third party wallet service, and in either case bitcoins can be sent over the Internet to anyone with a Bitcoin address. Bitcoins are currently accepted in some cases for a small number of online services, work for hire, tangible goods and traders exchange regular currency (including US dollars, Russian rubles, and Japanese yen) for bitcoins through exchange sites. It is not possible in general to associate bitcoin identities with real-life identities. This property makes bitcoin transactions attractive to some sellers of illegal products.

The generation of a Bitcoin block requires finding the solution to a difficult cryptographic proof-of-work problem. Nodes which are attempting to generate blocks are called "miners". They repeatedly try solving instances of the problem through trial and error, each attempt having an equal and infinitesimal chance of being a correct solution. The number of Bitcoins created per block solved is never more than 50 BTC.

Pooled mining is an approach where multiple generating clients contribute to the generation of a block, and then split the block reward according the contributed processing power. Pooled mining effectively reduces the granularity of the block generation reward, spreading it out more smoothly over time.

With all that said we can be sure that in the near future we'll encounter some botnets mining bitcoins in a pooled mining kind of way since the design of the network is very favorable for the cybercriminal and the risk/reward is pratically non-existent. Is it possible that we'll find a botnet specialized in mining? Hardly, because the idea of the cybercriminal is to always maximize profits, so a botnet dedicated to only mine bitcoins could be considered a waste of resources. But mining as a module of multi-purpose botnets certainly is a go.