Bitcoin Forum>Bitcoin>Bitcoin Discussion>Press
Author

Topic: 2012-09 sophos.com - The ZeroAccess Botnet – Mining and Fraud for Massive Financ (Read 3305 times)

Shadow383
sr. member
Activity: 336
Merit: 250
2012-09 sophos.com - The ZeroAccess Botnet – Mining and Fraud for Massive Financ
September 23, 2012, 09:43:11 PM
#6
Quote from: Mike Hearn on September 23, 2012, 07:03:19 AM
Very interesting link, thanks.

It sounds like the operators weren't ready to scale up their pool operation, that's the only reason I can think of for why it'd be regularly unavailable. Incidentally google-updaete.com is now an NXDOMAIN.

The interesting question is - how long until they patch it to use Stratum? Then they could probably handle far more load...
Gabi
legendary
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
Re: 2012-09 sophos.com - The ZeroAccess Botnet – Mining and Fraud for Massive Financ
September 23, 2012, 11:47:47 AM
#5
ASIC will make them die  Cheesy Just some months and goodbye
JMAHH
sr. member
Activity: 280
Merit: 250
Re: 2012-09 sophos.com - The ZeroAccess Botnet – Mining and Fraud for Massive Financ
September 23, 2012, 07:37:39 AM
#4
Quote from: Mike Hearn on September 23, 2012, 07:03:19 AM
Very interesting link, thanks.

It sounds like the operators weren't ready to scale up their pool operation, that's the only reason I can think of for why it'd be regularly unavailable. Incidentally google-updaete.com is now an NXDOMAIN.

Scaling a mining pool isn't easy, let alone to millions of nodes. They may have found the amount of effort it took to keep the pool running and performant made it not worth doing. Especially given the complexity of cashing out large quantities of coins.

Interestingly, they only make use of the CPU and not the GPU, as the report states. That is a huge loss of potential over a million computers. I was actually wondering why the hackers wouldn't implement a system whereby the GPU would be used an arbitrary number of hours per day (one, two, three)...
Mike Hearn
legendary
Activity: 1526
Merit: 1134
Re: 2012-09 sophos.com - The ZeroAccess Botnet – Mining and Fraud for Massive Financ
September 23, 2012, 07:03:19 AM
#3
Very interesting link, thanks.

It sounds like the operators weren't ready to scale up their pool operation, that's the only reason I can think of for why it'd be regularly unavailable. Incidentally google-updaete.com is now an NXDOMAIN.

Scaling a mining pool isn't easy, let alone to millions of nodes. They may have found the amount of effort it took to keep the pool running and performant made it not worth doing. Especially given the complexity of cashing out large quantities of coins.
JMAHH
sr. member
Activity: 280
Merit: 250
Re: 2012-09 sophos.com - The ZeroAccess Botnet – Mining and Fraud for Massive Financ
September 21, 2012, 11:10:47 PM
#2
BUMP. Just finished reading this.

The ZeroAccess botnet could be the third largest mining pool in terms of total hash rate. (page 44)
julz
legendary
Activity: 1092
Merit: 1001
Re: 2012-09 sophos.com - The ZeroAccess Botnet – Mining and Fraud for Massive Financ
September 20, 2012, 05:58:26 PM
#1
sophos technical paper

Quote
The ZeroAccess Botnet – Mining and Fraud for Massive Financial Gain

James Wyke, Senior threat researcher SophosLabs
2012-09

http://www.sophos.com/en-us/why-sophos/our-people/technical-papers/zeroaccess-botnet.aspx

...
The ZeroAccess botnet that communicates on port 16471 (32-bit) and 16470 (64-bit) is currently downloading plugins that facilitate Bitcoin mining.
...
These statistics clearly show that the Bitcoin mining botnet is the most prevalent, followed by the click fraud botnet with the kernel-mode botnet a very distant third.
...
If we estimate the total size of all ZeroAccess botnets to be 1,000,000 machines and use the statistics acquired from the successful installs data that suggests that the proportion of the total machines that connect to the Bitcoin mining botnet is 62%, then we have 620,000 machines that could be participating in Bitcoin mining.
...
We can see that ZeroAccess’ mining pool is close in size to some of the biggest public pools. These generate huge numbers of Bitcoins, for example the DeepBit pool [14] has mined over 1 million Bitcoins in the course of one year.
...
Using botnets to mine Bitcoins deprives hard-working legitimate Bitcoin miners from generating those coins and therefore receiving payment.
More importantly this activity taints the Bitcoin image. There have been several cases of Bitcoin exchanges being broken into and Bitcoins stolen [17], and there are concerns that the currency may die off like some digital currencies have done so before it [18].
A continued association with botnets and malware does nothing to increase the more widespread adoption of Bitcoin.
...
Bitcoin Forum>Bitcoin>Bitcoin Discussion>Press
Jump to: