Topic: Botnet - can we stop this madness? (Read 6868 times)

Here is what i think...
+1. Most likely they (botnet ops), will create private pools, concentrating all the mining power they have on there.
There are lot of "noobs" out there. There are office computers too, there are older people who don't have deep understandng of computers. Even if most of the computers have low end CPU's, infecting great amount of computers will give great speed.
Not necessary. CPU mining can be done when computer is idle and noone is going to notice. For example, how often do you check what computer do when is idle? This is the smartest choice assuming great amount of PC's are not being turned of at the end of shift, etc. making detection even more difficult. There isn't even need to bother infecting cumputers. Take some fancy screensaver (most of the modern can use GPU power), include the miner in it's code, and upload it on multiple sites. Ah... too bad i'm not a programmer myself But this is scenario that is most likely to happen.

Ok, I have few words and opinion on topic.

1. As long as botnet is running legit miner software, the blocks are just fine and will benefit the Bitcoin network as far as hashing power is expected. Running disruptive software and hurting Bitcoin network is not profitable for owner. It can only make short term lulz.

2. Most infected machines are low-end ones, with Intel crap cards and very few high-end ATI cards. Probably the most likely user getting infected is noob beginner or office computer. They predominantly are Celeron/Sempron/i3 and similar low spec machines. High-end rigs usually is controlled by smarter people, and infestation is more likely to be detected and removed.

3. Running CPU miner can lead to detection and is unprofitable by itself. You more likely will get your botnet reduced in size because people reinstall they computers than get more profit than sending emails or DDoSing.

botnetters running on the bitcoin network is not without risk.

The controlling node runs a much greater chance of being tracked and found when they try to bitcoin mine than when they are spamming because of the volume of similar traffic that is continuously going from the hub to the nodes.

Botnet mining is absolutely going to be a problem. As many have pointed out already, a large botnet could take 50% of market share almost overnight. Imagine a botnet of 1 million PC's (quite common), the cpu's running at half intensity would absolutely destroy profitability for "honest" miners. Now lets imagine that 10% of these computers have descent GPU's or that just 1% have some of the top of the line ATI GPU's. You can now see the problem. BTW The idea that botnet operators would have to choose between running, say a spam network and a bitcoin mining operation is false, what is to stop them doing both? The incentive's for these guys are enormous. Bitcoin mining over the botnet paradigm provides a direct route to quick cash.

There are however, some technical problems for the botnet operators to overcome, e.g. collecting the mined coins, preventing user detection.... but i can't see anything that won't be solved by clever code. Can we as a community come up with some method to prevent this from happening? Almost certainly not unless we can find a way to force some kind of user interaction into the mining process. I can't imagine how? Would we could at least do is ask the pools to come up with some security measures to prevent obvious use of botnets in their systems, but that would be require an incentive to do so, whilst yet right now they will be earning lot's of fee's by ignoring the problem.

Will bitcoin become associated with hackers looking for cheap bucks? I think so. Maybe we can persuade the big exchanges, the community and the pools to watch out for botnet behaviour (it should be fairly obvious) and thus attempt to make it difficult for these guys to cash out easily. Perhaps in the end the backbone of the bitcoin mining network will be controlled by botnet's, it may be an inevitability we have to accept.

It was a matter of time for a trojan like Trojan.NSIS.Miner.a to appear. I already said like 2 weeks ago this would happen...

i think your talking about Fast Flux

It won't take long for the next one to figure out that it needs to go thru a proxy, and probably some kind of shifting one that makes use of the infected systems themselves.
Nonetheless I'm glad to see that deepbit at least does a manual check when many IPs are detected.

this trojan was written by russian user and this signature is blocked by the most of AV-soft now...
but if the creator of TDL-4 will implement this experience ...

That is crazy. You have a nice anonymising currency that can stash your bot-gotten gains on the blockchain to collect at your liesure and instead you direct your bots to contact your friendly neighborhood miner-man?

Sheesh. Who did they hire to craft this brilliant trojan for them?

-MarkM-

So, we have Trojan.NSIS.Miner.a now
Are you protected?
http://www.securelist.com/en/blog/208188132/Gold_rush

... and the big difference is the miners get paid for work performed voluntarily ... the bot machine is a slave to someone else's control that has been stolen through force and coercion ... in fact, bitcoin net is the anti-botnet ... how long until these schmuck's with the compromised windoze shitboxes wake up to how much they are getting stolen from them

ffs ... fools and their money.

Another small, but very important difference: No C&C Server, meaning no herder.

Just hilarious that it happens when Europe wakes .... "ah, feels like a good day to get up and mine some bitcoins bot-net, let's roll!"

Wonder if it is on that 35 hour socialistic work week they got over there in euroland?

It doesn't impact performance at all if the thread runs at idle priority, or if it only runs when the computer is idle.

Mining difficulty don't mean sh*t for BTC pricing, only real demand (speculation or not) determines BTC price. Mining difficulty simply lag the price for a few weeks, though it will FOLLOW the price, not the other way around. Price will not follow mining difficulty.

Great discussion.  I would also like to point out that if a computer is mining, esp ordinary machines, this will tie up all processes and make the machine very slow.  I'm sure most owners will notice and do something about it, i.e. reformat

You are correct.  Click fraud and stealing credit card information would be more profitable... with that being said, mining for bitcoins is more legit at this point.

It's a tug-a-war game.  Haa....

Yet another spin on the "mining will be unprofitable because difficulty will skyrocket and the price is staying at $xx", except this time its not ASICs/FPGAs, subsidized gamers, or other invested miners that are the threat, but botnets.

Botnet operators have many different choices of monetizing the machines they control, from click fraud to credit card fraud to DDoS attacks and spam.  Sometimes they just sell the botnet outright.  You might be able find where they sell them and look at  prices.  If a very large botnet is not hard to achieve then they shouldn't be very expensive (in truth it isn't easy to infect many machines, so large ones are expensive). 

Profits from credit card and banking fraud set the base cost of a botnet.  Do you think monetizing by mining (which will mainly be CPU power not GPU) will be more profitable than credit card and banking fraud?  If anything, botnet operators will probably be looking to capture bank logins to buy bitcoins.

Miners who sell their coins high and buy back in cheap will be the ones making the most profit.  Miners who sell their coins continuously at the going rate will be the ones who regret it.

One positive side effect of all these botnet operators starting to mine bitcoin is that it might lead to a massive reduction in spam.

If you were a botnet operator, why would you continue renting your botnet to spammers, when it's so much more lucrative to mine bitcoins? Spam has extremely low returns per infected computer. Think about it...

And a lot of miners would have sad puppy dog faces

Exactly, even if this did happen it would hardly be a catastrophe. All that would happen is the hash-rate spikes and difficulty goes up.