Pages:
Author

Topic: ASIC botnet: The new threat? (Read 4256 times)

legendary
Activity: 1112
Merit: 1000
November 25, 2012, 06:16:11 AM
#50
What if BFL/bASIC backdoors the ASIC's?  Shocked
in the case of bASIC, it would be easy to spot as the firmware will be released as open source. Same with Avalon.

In the case of a hardcoded backdoor into the hardware or BFL (closed source), traffic analysis would show other outgoing communication than the account you config (your own choice of pool or solo mining). Whoever makes the hardware has little control over where/how you deploy the hardware.
hero member
Activity: 532
Merit: 500
November 24, 2012, 09:28:57 PM
#49
What if BFL/bASIC backdoors the ASIC's?  Shocked
full member
Activity: 196
Merit: 100
Another block in the wall
November 24, 2012, 07:36:53 AM
#48
There's probably something like zeus for miners already out in the wild. What you're seeing isn't whats really there.
hero member
Activity: 602
Merit: 500
November 23, 2012, 05:59:38 PM
#47
Yes? Can you link something to evidence the frequent action pool operators take? Article or transcript from pool operators talking about it? I'm curious to learn about this.
To get accurate numbers, you would have to ask the question to Tycho. I was shown last week by a deepbit user when he logged in the banner "your account has been suspended due to illegal activity" (paraphrasing from memory here).

He said it happens automaticly once you have more than 150 different IPs connect to the same worker. (as it happened before)

There is a banner when you register that says "In case of illegal activity your account will be locked",
https://deepbit.net/register.php

With the amount of traffic deepbit sees, it would be hard to believe they have not automated some parts of the banning

I'm not asking for accurate numbers, I'm asking for any confirmed botnet reports, and evidence as to them being GPU based, as you so casually stated that they were.

What you are telling me is that because an automated system on deepbit, which admittedly catches many regular users (unless you are suggesting your friend is a botnetter) by its aggressive settings, is the only suggestion that botnets "might be out there".

That is hardly conclusive evidence of the roving bands of GPU botnets you claim.

CPU botnets are the most likely, and even those are not very likely, nor clearly are they being very successful.

Maybe you missed those threads:

https://bitcointalk.org/index.php?topic=81356.0;all
https://bitcointalksearch.org/topic/wonder-who-this-solominer-is-8862169-67634

http://www.reddit.com/r/IAmA/comments/sq7cy/iama_a_malware_coder_and_botnet_operator_ama/
Quote
Q: How many botted machines do you typically gain per month or per campaign.
A: about 500-1000 a day, weekends more. I'm thinking about just buying them in bulks and milking them for bitcoins. Asian installs are very cheap, 15$/1000 installs and have good GPUs.

http://arstechnica.com/tech-policy/2011/08/symantec-spots-malware-that-uses-your-gpu-to-mine-bitcoins/
Quote
In contrast, the newest Bitcoin malware takes full advantage of the computing power on each compromised machine—including its GPU.

http://www.symantec.com/security_response/writeup.jsp?docid=2011-081115-5847-99&tabid=2
Quote
The Trojan will then run one of the following Bitcoin mining programs:
If a GPGPU-enabled graphics card is found, it runs Phoenix Miner.
Otherwise it runs RPC Miner.


Though I appreciate links, as I requested them (maybe you missed that post), neither of these fit any criteria of the quote.

Top line from The AMA post:

Quote
I operate a ~10k botnet using a ZeuS software I modified myself, including IRC, DDoS and bitcoin mining (13GH/s - 20GH/s atm).
20GH = 20,000 MH; 20,000 MH / 10,000comps = 2MH/comp. Or roughly what you'd get out of an old crappy CPU. I did say in the quote that CPU mining is most likely of the unlikely scenarios.

For the symantec stuff, GPU malware != GPU botnet. Simply is one, low-risk (hasn't spread much) example of code that has that ability. No one is claiming that it is impossible to do, that isn't what we're discussing, so this is not a useful link. If it were a report of how it was a widespread hidden threat that would make more sense.


As to the other guy with the botnetter friend, well. I will just leave that conversation be then.
legendary
Activity: 1064
Merit: 1001
November 22, 2012, 05:38:52 PM
#46
I'm not suggesting he is a botnetter. I know he is a botnetter, he paid BTC 20 for the custom miner from a guy on Silk Road that installs itself on machines through a trojan horse and makes them into dedicated workers.

[...]

The people that run the botnets don't care if it's CPU or GPU, but they are more interested in harvesting good GPU machines. With most recent machines sporting some kind of GPU, they are actively being milked.

Check some of the stats individual people are getting on pools. A single individual that has 300 GH/s surely does not have all these machines in his own office.

Cool stuff. I wonder how sustainable the botnets actually are over time.

Even so, I don't think "botnetting" ASIC devices will be all that possible until the general public utilizes them daily (assuming it ever reaches that point). They're way too much of a niche device, tailored to a subset of the bitcoin community. To presume these botters are going to utilize ASICs attached to PCs undetected is a bit absurd....though not impossible.
legendary
Activity: 1112
Merit: 1000
November 22, 2012, 05:24:59 PM
#45
What you are telling me is that because an automated system on deepbit, which admittedly catches many regular users (unless you are suggesting your friend is a botnetter) by its aggressive settings, is the only suggestion that botnets "might be out there".

I'm not suggesting he is a botnetter. I know he is a botnetter, he paid BTC 20 for the custom miner from a guy on Silk Road that installs itself on machines through a trojan horse and makes them into dedicated workers.

Quote
That is hardly conclusive evidence of the roving bands of GPU botnets you claim.

CPU botnets are the most likely, and even those are not very likely, nor clearly are they being very successful.
The people that run the botnets don't care if it's CPU or GPU, but they are more interested in harvesting good GPU machines. With most recent machines sporting some kind of GPU, they are actively being milked.

Check some of the stats individual people are getting on pools. A single individual that has 300 GH/s surely does not have all these machines in his own office.
vip
Activity: 756
Merit: 503
November 22, 2012, 12:38:23 PM
#44
Yes? Can you link something to evidence the frequent action pool operators take? Article or transcript from pool operators talking about it? I'm curious to learn about this.
To get accurate numbers, you would have to ask the question to Tycho. I was shown last week by a deepbit user when he logged in the banner "your account has been suspended due to illegal activity" (paraphrasing from memory here).

He said it happens automaticly once you have more than 150 different IPs connect to the same worker. (as it happened before)

There is a banner when you register that says "In case of illegal activity your account will be locked",
https://deepbit.net/register.php

With the amount of traffic deepbit sees, it would be hard to believe they have not automated some parts of the banning

I'm not asking for accurate numbers, I'm asking for any confirmed botnet reports, and evidence as to them being GPU based, as you so casually stated that they were.

What you are telling me is that because an automated system on deepbit, which admittedly catches many regular users (unless you are suggesting your friend is a botnetter) by its aggressive settings, is the only suggestion that botnets "might be out there".

That is hardly conclusive evidence of the roving bands of GPU botnets you claim.

CPU botnets are the most likely, and even those are not very likely, nor clearly are they being very successful.

Maybe you missed those threads:

https://bitcointalk.org/index.php?topic=81356.0;all
https://bitcointalksearch.org/topic/wonder-who-this-solominer-is-8862169-67634

http://www.reddit.com/r/IAmA/comments/sq7cy/iama_a_malware_coder_and_botnet_operator_ama/
Quote
Q: How many botted machines do you typically gain per month or per campaign.
A: about 500-1000 a day, weekends more. I'm thinking about just buying them in bulks and milking them for bitcoins. Asian installs are very cheap, 15$/1000 installs and have good GPUs.

http://arstechnica.com/tech-policy/2011/08/symantec-spots-malware-that-uses-your-gpu-to-mine-bitcoins/
Quote
In contrast, the newest Bitcoin malware takes full advantage of the computing power on each compromised machine—including its GPU.

http://www.symantec.com/security_response/writeup.jsp?docid=2011-081115-5847-99&tabid=2
Quote
The Trojan will then run one of the following Bitcoin mining programs:
If a GPGPU-enabled graphics card is found, it runs Phoenix Miner.
Otherwise it runs RPC Miner.
hero member
Activity: 602
Merit: 500
November 22, 2012, 12:30:28 PM
#43
Yes? Can you link something to evidence the frequent action pool operators take? Article or transcript from pool operators talking about it? I'm curious to learn about this.
To get accurate numbers, you would have to ask the question to Tycho. I was shown last week by a deepbit user when he logged in the banner "your account has been suspended due to illegal activity" (paraphrasing from memory here).

He said it happens automaticly once you have more than 150 different IPs connect to the same worker. (as it happened before)

There is a banner when you register that says "In case of illegal activity your account will be locked",
https://deepbit.net/register.php

With the amount of traffic deepbit sees, it would be hard to believe they have not automated some parts of the banning

I'm not asking for accurate numbers, I'm asking for any confirmed botnet reports, and evidence as to them being GPU based, as you so casually stated that they were.

What you are telling me is that because an automated system on deepbit, which admittedly catches many regular users (unless you are suggesting your friend is a botnetter) by its aggressive settings, is the only suggestion that botnets "might be out there".

That is hardly conclusive evidence of the roving bands of GPU botnets you claim.

CPU botnets are the most likely, and even those are not very likely, nor clearly are they being very successful.
legendary
Activity: 1112
Merit: 1000
November 22, 2012, 09:55:17 AM
#42
Yes? Can you link something to evidence the frequent action pool operators take? Article or transcript from pool operators talking about it? I'm curious to learn about this.
To get accurate numbers, you would have to ask the question to Tycho. I was shown last week by a deepbit user when he logged in the banner "your account has been suspended due to illegal activity" (paraphrasing from memory here).

He said it happens automaticly once you have more than 150 different IPs connect to the same worker. (as it happened before)

There is a banner when you register that says "In case of illegal activity your account will be locked",
https://deepbit.net/register.php

With the amount of traffic deepbit sees, it would be hard to believe they have not automated some parts of the banning
vip
Activity: 756
Merit: 503
November 22, 2012, 09:45:28 AM
#41
To date there have been 0 confirmed CPU botnets, 0 confirmed GPU botnets, and 0 confirmed FPGA botnets on bitcoin.
A smart GPU botnet would of course create a different account for each worker but that is sooooo much work, right? ;-)
I think a smart GPU botnet would setup a Bitcoin mining proxy or a mining pool.
hero member
Activity: 602
Merit: 500
November 22, 2012, 06:46:53 AM
#40
To date there have been 0 confirmed CPU botnets, 0 confirmed GPU botnets, and 0 confirmed FPGA botnets on bitcoin.
Actually there are plenty of GPU botnets and big pools like Deepbit have to take frequent action against them. Deepbit blocks single accounts that have more than 150 (?) different IPs connecting.

To see if they are CPU or GPU botnets, one should ask if Tycho would release the stats on such an account so one can judge how much MH/s per IP they generate.

A smart GPU botnet would of course create a different account for each worker but that is sooooo much work, right? ;-)

Yes? Can you link something to evidence the frequent action pool operators take? Article or transcript from pool operators talking about it? I'm curious to learn about this.
legendary
Activity: 1112
Merit: 1000
November 22, 2012, 04:32:21 AM
#39
To date there have been 0 confirmed CPU botnets, 0 confirmed GPU botnets, and 0 confirmed FPGA botnets on bitcoin.
Actually there are plenty of GPU botnets and big pools like Deepbit have to take frequent action against them. Deepbit blocks single accounts that have more than 150 (?) different IPs connecting.

To see if they are CPU or GPU botnets, one should ask if Tycho would release the stats on such an account so one can judge how much MH/s per IP they generate.

A smart GPU botnet would of course create a different account for each worker but that is sooooo much work, right? ;-)
newbie
Activity: 56
Merit: 0
November 21, 2012, 09:17:00 PM
#38
I can't confirm if it's hackable or not, just not that many people bother. With all the su/sudo things that need to be run...I just don't see it happening.
too complex for me, me to stupid can't understand -> UNBREAKABLE!!!

your logic is failing.
You are picking a fight with the wrong person, and I shouldn't be the one to talk about comprehension when you failed to comprehend first grade English grammar.

Which brings me to my question, are you kano? He is an idiot and has the same avatar. Spells the same way. I can only imagine it's you.

kokjo is an idiot who picks fights with everyone, constantly pretends to misunderstand what is being said, and initiates verbal abuse toward people.
hero member
Activity: 602
Merit: 500
November 21, 2012, 08:35:00 PM
#37
To date there have been 0 confirmed CPU botnets, 0 confirmed GPU botnets, and 0 confirmed FPGA botnets on bitcoin.

This made LOL. No, seriously....it did.

This is null.

The only thing left is don't get owned.



You have some contrary evidence? Or you just have no logical response?
hero member
Activity: 574
Merit: 500
November 21, 2012, 08:25:10 PM
#36
Quote
ASIC will, in the-not-so-distant future, cost about the same as GPU.

The cost is high now coz there's a HIGH demand for ASIC. Once that little bubble burst, I'd imagine ASIC price will fall.
Did the FPGA get cheaper? BTCFPGA MM Quad is still $1k.
full member
Activity: 196
Merit: 100
Another block in the wall
November 21, 2012, 03:09:16 PM
#35
To date there have been 0 confirmed CPU botnets, 0 confirmed GPU botnets, and 0 confirmed FPGA botnets on bitcoin.

This made LOL. No, seriously....it did.

This is null.

The only thing left is don't get owned.

full member
Activity: 196
Merit: 100
Another block in the wall
November 21, 2012, 03:01:29 PM
#34

There's no incentive for the vast majority of people to buy ASIC mining hardware regardless of price.

The incentive is Bitcoin. Or cryto-currency.





hero member
Activity: 602
Merit: 500
November 21, 2012, 12:39:16 PM
#33
Anybody that spent that much money on their ASICs is going to be........

ASIC will, in the-not-so-distant future, cost about the same as GPU.

The cost is high now coz there's a HIGH demand for ASIC. Once that little bubble burst, I'd imagine ASIC price will fall.

I'll personally order a few and plug them in and forget em, I got other things to do. So does my rich friend who's even less tech savvy than I am.

With that, there's a chance they'll get own, becoming part of a net.



I don't mean to sound insensitive but it sounds like you're approaching a very technical problem from a very non-technical point of view. So let's try a different approach.

To date there have been 0 confirmed CPU botnets, 0 confirmed GPU botnets, and 0 confirmed FPGA botnets on bitcoin. Why would this change with ASICs? If as you say, ASICs become cheap like water, difficulty becomes high like a mountain. A 60GH/sec ASIC becomes the equivalent of a 300MH/sec GPU today, and there is as little incentive to seek out ASICs as there is for the other methods.

How many people are rich? By definition, very few (limited resource world). Thus very few people would "set it and forget it" after buying hardware that has no function except mining. Most people with money would as MrTeal said rather buy Bitcoins directly. It's faster, easier, can just throw it somewhere and forget about it. This idea of an ASIC botnet is really just a bugaboo.
legendary
Activity: 1274
Merit: 1004
November 21, 2012, 12:24:11 PM
#32
Anybody that spent that much money on their ASICs is going to be........

ASIC will, in the-not-so-distant future, cost about the same as GPU.

The cost is high now coz there's a HIGH demand for ASIC. Once that little bubble burst, I'd imagine ASIC price will fall.

I'll personally order a few and plug them in and forget em, I got other things to do. So does my rich friend who's even less tech savvy than I am.

With that, there's a chance they'll get own, becoming part of a net.

There's no incentive for the vast majority of people to buy ASIC mining hardware regardless of price. Everyone needs a CPU and some sort of graphics hardware in a computer. Even if Bitcoin really takes off the cast majority of people won't buy mining hardware; there's no reason to. They could just buy BTC on the market.
full member
Activity: 196
Merit: 100
Another block in the wall
November 21, 2012, 12:17:33 PM
#31
Anybody that spent that much money on their ASICs is going to be........

ASIC will, in the-not-so-distant future, cost about the same as GPU.

The cost is high now coz there's a HIGH demand for ASIC. Once that little bubble burst, I'd imagine ASIC price will fall.

I'll personally order a few and plug them in and forget em, I got other things to do. So does my rich friend who's even less tech savvy than I am.

With that, there's a chance they'll get own, becoming part of a net.

Pages:
Jump to: