Pages:
Author

Topic: Botnet - can we stop this madness? (Read 6935 times)

newbie
Activity: 55
Merit: 0
July 04, 2011, 02:41:32 AM
#50
Here is what i think...
Quote
1. As long as botnet is running legit miner software, the blocks are just fine and will benefit the Bitcoin network as far as hashing power is expected. Running disruptive software and hurting Bitcoin network is not profitable for owner. It can only make short term lulz.
+1. Most likely they (botnet ops), will create private pools, concentrating all the mining power they have on there.
Quote
2. Most infected machines are low-end ones, with Intel crap cards and very few high-end ATI cards. Probably the most likely user getting infected is noob beginner or office computer. They predominantly are Celeron/Sempron/i3 and similar low spec machines. High-end rigs usually is controlled by smarter people, and infestation is more likely to be detected and removed.
There are lot of "noobs" out there. There are office computers too, there are older people who don't have deep understandng of computers. Even if most of the computers have low end CPU's, infecting great amount of computers will give great speed.
Quote
3. Running CPU miner can lead to detection and is unprofitable by itself. You more likely will get your botnet reduced in size because people reinstall they computers than get more profit than sending emails or DDoSing.
Not necessary. CPU mining can be done when computer is idle and noone is going to notice. For example, how often do you check what computer do when is idle? This is the smartest choice assuming great amount of PC's are not being turned of at the end of shift, etc. making detection even more difficult. There isn't even need to bother infecting cumputers. Take some fancy screensaver (most of the modern can use GPU power), include the miner in it's code, and upload it on multiple sites. Ah... too bad i'm not a programmer myself Cheesy But this is scenario that is most likely to happen.
legendary
Activity: 1512
Merit: 1049
Death to enemies!
July 02, 2011, 03:41:39 PM
#49
Ok, I have few words and opinion on topic.

1. As long as botnet is running legit miner software, the blocks are just fine and will benefit the Bitcoin network as far as hashing power is expected. Running disruptive software and hurting Bitcoin network is not profitable for owner. It can only make short term lulz.

2. Most infected machines are low-end ones, with Intel crap cards and very few high-end ATI cards. Probably the most likely user getting infected is noob beginner or office computer. They predominantly are Celeron/Sempron/i3 and similar low spec machines. High-end rigs usually is controlled by smarter people, and infestation is more likely to be detected and removed.

3. Running CPU miner can lead to detection and is unprofitable by itself. You more likely will get your botnet reduced in size because people reinstall they computers than get more profit than sending emails or DDoSing.
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
July 01, 2011, 06:57:18 PM
#48

botnetters running on the bitcoin network is not without risk.

The controlling node runs a much greater chance of being tracked and found when they try to bitcoin mine than when they are spamming because of the volume of similar traffic that is continuously going from the hub to the nodes.
newbie
Activity: 30
Merit: 0
July 01, 2011, 05:46:44 PM
#47
Botnet mining is absolutely going to be a problem. As many have pointed out already, a large botnet could take 50% of market share almost overnight. Imagine a botnet of 1 million PC's (quite common), the cpu's running at half intensity would absolutely destroy profitability for "honest" miners. Now lets imagine that 10% of these computers have descent GPU's or that just 1% have some of the top of the line ATI GPU's. You can now see the problem. BTW The idea that botnet operators would have to choose between running, say a spam network and a bitcoin mining operation is false, what is to stop them doing both? The incentive's for these guys are enormous. Bitcoin mining over the botnet paradigm provides a direct route to quick cash.

There are however, some technical problems for the botnet operators to overcome, e.g. collecting the mined coins, preventing user detection.... but i can't see anything that won't be solved by clever code. Can we as a community come up with some method to prevent this from happening? Almost certainly not unless we can find a way to force some kind of user interaction into the mining process. I can't imagine how? Would we could at least do is ask the pools to come up with some security measures to prevent obvious use of botnets in their systems, but that would be require an incentive to do so, whilst yet right now they will be earning lot's of fee's by ignoring the problem.

Will bitcoin become associated with hackers looking for cheap bucks? I think so. Maybe we can persuade the big exchanges, the community and the pools to watch out for botnet behaviour (it should be fairly obvious) and thus attempt to make it difficult for these guys to cash out easily. Perhaps in the end the backbone of the bitcoin mining network will be controlled by botnet's, it may be an inevitability we have to accept.

newbie
Activity: 55
Merit: 0
July 01, 2011, 04:48:13 PM
#46
It was a matter of time for a trojan like Trojan.NSIS.Miner.a to appear. I already said like 2 weeks ago this would happen...
member
Activity: 109
Merit: 11
July 01, 2011, 02:39:12 PM
#45
It won't take long for the next one to figure out that it needs to go thru a proxy, and probably some kind of shifting one that makes use of the infected systems themselves.
Nonetheless I'm glad to see that deepbit at least does a manual check when many IPs are detected.
i think your talking about Fast Flux
hero member
Activity: 784
Merit: 1009
firstbits:1MinerQ
July 01, 2011, 07:19:26 AM
#44
It won't take long for the next one to figure out that it needs to go thru a proxy, and probably some kind of shifting one that makes use of the infected systems themselves.
Nonetheless I'm glad to see that deepbit at least does a manual check when many IPs are detected.
legendary
Activity: 2026
Merit: 1005
July 01, 2011, 07:15:06 AM
#43
That is crazy. You have a nice anonymising currency that can stash your bot-gotten gains on the blockchain to collect at your liesure and instead you direct your bots to contact your friendly neighborhood miner-man?

Sheesh. Who did they hire to craft this brilliant trojan for them?

-MarkM-

this trojan was written by russian user and this signature is blocked by the most of AV-soft now...
but if the creator of TDL-4 will implement this experience ... Cry Cry Cry
legendary
Activity: 2940
Merit: 1090
July 01, 2011, 07:03:17 AM
#42
That is crazy. You have a nice anonymising currency that can stash your bot-gotten gains on the blockchain to collect at your liesure and instead you direct your bots to contact your friendly neighborhood miner-man?

Sheesh. Who did they hire to craft this brilliant trojan for them?

-MarkM-
legendary
Activity: 2026
Merit: 1005
July 01, 2011, 06:25:02 AM
#41
So, we have Trojan.NSIS.Miner.a now
Are you protected? Wink
http://www.securelist.com/en/blog/208188132/Gold_rush
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
July 01, 2011, 04:41:29 AM
#40
has anyone ever considered that bitcoin pretty much is a botnet itself?
I mean, really, people, you are all doing distributed work which is controlled by a piece of software over the network.

To translate from the german wikipedia entry for botnet:
Quote
A botnet is a group of software bots. these bots run on networked computers, whose network connectivity and local resources are at their disposal.

One other from the english wiki page:
Quote
Botnets are controlled en masse via protocols such as IRC and http.

Anyone hearing a bell ringing? The only difference is that most Bitcoiners run the software willingly.

Another small, but very important difference: No C&C Server, meaning no herder.

... and the big difference is the miners get paid for work performed voluntarily ... the bot machine is a slave to someone else's control that has been stolen through force and coercion ... in fact, bitcoin net is the anti-botnet ... how long until these schmuck's with the compromised windoze shitboxes wake up to how much they are getting stolen from them Huh

ffs ... fools and their money.
sr. member
Activity: 314
Merit: 251
June 30, 2011, 06:31:02 AM
#39
has anyone ever considered that bitcoin pretty much is a botnet itself?
I mean, really, people, you are all doing distributed work which is controlled by a piece of software over the network.

To translate from the german wikipedia entry for botnet:
Quote
A botnet is a group of software bots. these bots run on networked computers, whose network connectivity and local resources are at their disposal.

One other from the english wiki page:
Quote
Botnets are controlled en masse via protocols such as IRC and http.

Anyone hearing a bell ringing? The only difference is that most Bitcoiners run the software willingly.

Another small, but very important difference: No C&C Server, meaning no herder.
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
June 27, 2011, 08:27:46 PM
#38

Just hilarious that it happens when Europe wakes .... "ah, feels like a good day to get up and mine some bitcoins bot-net, let's roll!"

Wonder if it is on that 35 hour socialistic work week they got over there in euroland?
newbie
Activity: 28
Merit: 0
June 27, 2011, 08:07:12 PM
#37
Great discussion.  I would also like to point out that if a computer is mining, esp ordinary machines, this will tie up all processes and make the machine very slow.  I'm sure most owners will notice and do something about it, i.e. reformat

You are correct.  Click fraud and stealing credit card information would be more profitable... with that being said, mining for bitcoins is more legit at this point.

It's a tug-a-war game.  Haa....

It doesn't impact performance at all if the thread runs at idle priority, or if it only runs when the computer is idle.
legendary
Activity: 1806
Merit: 1003
June 27, 2011, 07:30:50 PM
#36
Eventually price will go up since your mining will take longer.
Mining will always be profitable.
The only that is still a issue is the 2 week reset lag it has.

Mining difficulty don't mean sh*t for BTC pricing, only real demand (speculation or not) determines BTC price. Mining difficulty simply lag the price for a few weeks, though it will FOLLOW the price, not the other way around. Price will not follow mining difficulty.
sr. member
Activity: 372
Merit: 250
June 27, 2011, 07:21:10 PM
#35
Great discussion.  I would also like to point out that if a computer is mining, esp ordinary machines, this will tie up all processes and make the machine very slow.  I'm sure most owners will notice and do something about it, i.e. reformat

You are correct.  Click fraud and stealing credit card information would be more profitable... with that being said, mining for bitcoins is more legit at this point.

It's a tug-a-war game.  Haa....
legendary
Activity: 826
Merit: 1001
rippleFanatic
June 27, 2011, 04:25:34 PM
#34
Yet another spin on the "mining will be unprofitable because difficulty will skyrocket and the price is staying at $xx", except this time its not ASICs/FPGAs, subsidized gamers, or other invested miners that are the threat, but botnets.

Botnet operators have many different choices of monetizing the machines they control, from click fraud to credit card fraud to DDoS attacks and spam.  Sometimes they just sell the botnet outright.  You might be able find where they sell them and look at  prices.  If a very large botnet is not hard to achieve then they shouldn't be very expensive (in truth it isn't easy to infect many machines, so large ones are expensive). 

Profits from credit card and banking fraud set the base cost of a botnet.  Do you think monetizing by mining (which will mainly be CPU power not GPU) will be more profitable than credit card and banking fraud?  If anything, botnet operators will probably be looking to capture bank logins to buy bitcoins.

Miners who sell their coins high and buy back in cheap will be the ones making the most profit.  Miners who sell their coins continuously at the going rate will be the ones who regret it.
legendary
Activity: 938
Merit: 1001
bitcoin - the aerogel of money
June 27, 2011, 03:06:39 PM
#33
One positive side effect of all these botnet operators starting to mine bitcoin is that it might lead to a massive reduction in spam.

If you were a botnet operator, why would you continue renting your botnet to spammers, when it's so much more lucrative to mine bitcoins? Spam has extremely low returns per infected computer. Think about it...
full member
Activity: 210
Merit: 100
firstbits: 121vnq
June 27, 2011, 02:50:18 PM
#32
And a lot of miners would have sad puppy dog faces
sr. member
Activity: 546
Merit: 253
June 27, 2011, 02:03:31 PM
#31
Exactly, even if this did happen it would hardly be a catastrophe. All that would happen is the hash-rate spikes and difficulty goes up.
Pages:
Jump to: