The Delicate War Between Bitcoin Miners And Botnet Miners
March 28, 2013

The Delicate War Between Bitcoin Miners And Botnet Miners

Michael Harper for — Your Universe Online

Bitcoin, the online digital currency generated by completing complicated calculations, has seen a recent surge in both interest and value. In just one month´s time, the value of Bitcoin has nearly tripled. In late February, one digitally created Bitcoin was worth nearly $33. Now, just a month later, the same Bitcoin is worth about $90, according to the BBC.

This means botnet operators are now beginning to see illegal Bitcoin mining as a lucrative venture. According to security firm Sophos, some of these botnet operators are able to make up to $100,000 a day by taking over thousands of computers and using them to run the necessary calculations to generate the Bitcoins.

Yet, with this new currency becoming more sophisticated and valuable, professional Bitcoin miners are discovering new ways to prevent illegitimate botnet mining and protect the integrity of the online trading system.

BitCoins are created as a sort of reward for solving difficult mathematical problems. For instance, someone with sufficient hardware to run complex calculations can create a problem, or “block” to be solved or “mined.”

These blocks can either be mined via P2P as a group or individually, provided the individual´s hardware can stand up to the task. Once the block is mined, the BitCoins are distributed evenly amongst the miners.

Cyber thieves see this system as a way to use a botnet to do the heavy lifting of mining while they reap the Bitcoin rewards. It´s this kind of activity which diminishes the value of Bitcoin.

One Bitcoin developer, Jeff Garzik, told the BBC that botnet miners have become something professional miners have learned to deal with.

“Botnet mining is fundamentally theft of private property, illegal and unethical,” said Garzik, noting that they present a “cost and burden” to legitimate miners which they´ve simply learned to account for.

One of the largest botnets being used to mine this coin is called “ZeroAccess,” and according to Sophos, the rising value of Bitcoin has led this botnet´s operators to expand their army of zombie computers.

In a new paper by Sophos, the security team explains that ZeroAccess has been installed more than 9 million times. Currently they estimate its size at about 1 million machines spread all over the world with the majority located in the United States. ZeroAccess doesn´t only mine for BitCoin; it´s also used for click fraud, earning these operators even more extra income from fake ad clicks.

ZeroAccess´ operators have been running an affiliate program, paying other hackers to enlist as many computers as they can into this botnet. According to Sophos´ new paper, this affiliate program could be a point of weakness for ZeroAccess.

“Since we know exactly what values are being used to represent what data for the affiliate program during installation and where the data is being sent we could generate this data ourselves and send it straight to the servers without having to actually manage to get the malware installed anywhere,” reads the paper.

Sophos alternatively suggests one way to disrupt the ZeroAccess botnet is to sign up for the affiliate program, earn an affiliate ID, then use this ID to submit thousands of fake install hits via Denial of Service attacks. According to the paper, this would be like giving ZeroAccess a taste of its own medicine and earn the affiliates even more money.

There´s another way to keep botnet miners out of the system, says Mr. Garzik. A new kind of custom-made chip called ASIC (Application-Specific Integrated Circuits) has recently been adopted by some miners for their improved speed.

"It is theorized that the current shift in bitcoin mining to 'Asic' miners - the fastest and most advanced generation - will simply make it unprofitable for botnet miners," said Mr Garzik.

In other words, if the pros can mine Bitcoins better than the botnets, the botnets will no longer be as profitable as they once were.