Amir Fouda Microsoft
download slides (PDF)
Social and technological change often creates new opportunities for positive change. Unfortunately, it also means more opportunities for crime. So, when a new system of currency gains acceptance and widespread adoption in a computer-mediated population, it is only a matter of time before malware authors attempt to exploit it. As of half way through 2011, we started seeing another means of financial profiteering being perpetrated by the malware authors; they started targeting Bitcoins.
Bitcoin mining and stealing functionality has been discovered in a number of the most notable and prevalent malware families, including Alureon, Sirefef and Kelihos. Notably, Bitcoin being open-sourced software means that Windows users are not the only target. Cross-platform attacks have already been seen, with OS X threats such as MacOS_X/DevilRobber.A emerging on the scene in October 2011.
The very nature of the way Bitcoin operates also has telling implications. Bitcoin mining is a legitimate part of the system, allowing Bitcoin clients to compete with other clients in performing complex calculations using the computer's processing power, aiding in the flow of transfers and thus generating Bitcoins for the winning miner. The potential for botmasters is clear: the more computers and resources they can control in this distributed computing technique, the more they are likely to profit.
This paper examines the various malware families that target this currency, provides an analysis of how these families target Bitcoins, and details the methods they use to steal and mine this increasingly popular digital currency. This paper will also give an insight into how malware authors and cybercriminals may exploit the Bitcoin system for their own financial gain, and details what the future holds for this form of exploitation.