back to article New malware ferrets out and steals Bitcoins

You know your virtual currency has hit the big leagues when criminals develop trojans that infect computers for the sole purpose of stealing it. Bitcoin, the open-source project launched two years ago, reached that turning point Thursday. That's when researchers from Symantec discovered Infostealer.Coinbit, a piece of Windows …


This topic is closed for new posts.
  1. devils_advocate

    Finally a non-sensationalist article.

    Thank you theregister, for not using this to bash the currency, and instead realizing that this is a problem that all online payment processors have to deal with.

    1. Stoneshop Silver badge

      Not quite

      Online payment processors have to guard against fraudulent transactions being entered and passwords being pilfered, because whatever customer account value they "possess" are numbers in a database. Making off with that database file wouldn't alter the customer account value. It would be a bloody nuisance though, blocking access, resetting passwords and informing customers. And for individual accounts being defrauded there supposedly are transaction logs and procedures to dispute those transactions.

      A bitcoin wallet resides on some personal computer, and if it is copied (and the password broken) then whoever has the wallet now has the "monetary" value, FWIW. Just like money in an old sock under your mattress, only a bit harder getting the actual money out of the sock, but easier for someone in Outer Elbonia to access the sock provided they've got an internet connection. And we all know how easy it is to lift files from end-user computers.

  2. Dr. Vesselin Bontchev

    Encrypting the wallet

    "If you use Bitcoins, you have the option to encrypt your wallet" - that's a bit misleading. The present version of the officieal Bitcoin client does not have the option to encrypt the wallet. Silly, isn't it? For a developer of a crypto currency to keep the wallet unencrypted... All you can do is create an encrypted disk partition and tell the software to keep the wallet file there - which is rather inconvenient.

    BTW, how do you call a pickpocket who steals your Bitcoin wallet? A "bitpocket"?

    1. Graham Dawson Silver badge


      A pickpacket.

  3. XMAN

    Sticky note

    Just wrote the password on a sticky note and put it on the side of the monitor. Trojan can't read that!

    1. da_fish27

      Re: Sticky note

      Do you have a decent resolution webcam? And a mirror in your room somewhere convenient?

  4. Mage


    But the currency does deserve to be bashed. Anyone investing at this stage will become a Mark in a Ponzi scheme. Even if the original intention was altruistic.

    1. copsewood

      Bitcoin software is malware anyway

      In what sense is software which destablilises the Bitcoin "economy" malware, if the concept of Bitcoin itself is malware ? Generating Bitcoins wastes electricity generating C02 which properly accounted currencies based upon issuer commitment (i.e. 97% or more of conventional money and LETS) do not require. If the Bitcoin design is a Ponzi from the start and has little purpose other than to transfer resources from con victims to drug dealers, the botnet herders who mine bitcoins and financial scammers it's a bit difficult to argue that stealing them is malware when the software which generates, stores and transacts them is malware from any sane perspective. Losers who get their precious Bitcoins stolen deserve no sympathy.

      If the sooner this house of cards resolves to its lowest energy state the better, then the so called malware which helps that to occur sooner isn't the malware in question.

    2. flibbertigibbet
      Black Helicopters

      Ponzi currency schemes

      @Mage: Anyone investing at this stage will become a Mark in a Ponzi scheme.

      Methinks the Chinese are probably feeling the same way about their US dollar holdings right now.

  5. Anonymous Coward
    Anonymous Coward

    can you copy your coins?

    Never heard of bitcoins before this so I only know what I have read here.

    My question is if you copy the disk partition containing your bitcoins and then spend them, can you just restore the partition to get them back again?

    1. jonathanb Silver badge

      No you can't

      You can't do that, because everyone else in the network will have recorded your coins as being spent. If you were able to do this, you could spend the coins legitimately and restore a back-up to spend them again.

    2. devils_advocate


      No, the currency itself is not stored on your computer, its in the blockchain which is constantly being updated by all peers in the network.

    3. copsewood

      Yes you can copy bitcoins

      If you are a botnet herder with a large enough botnet then you can vote whatever you like in bitcoin as the next valid transaction block. If you have more than 50% of the votes based upon 1 CPU cycle == 1 vote you win. Other possible manipulators would include Google and Facebook, but I don't think they care enough for these turds to want the bad reputation.

  6. Marvin the Martian

    "develop trojans that infect computers for the sole purpose of stealing it"

    Hm... "tweak" seems more appropriate than "develop" here.

  7. Cliff


    "...researchers from Symantec discovered Infostealer.Coinbit..."

    With a name like that you have to wonder why suspicions weren't raised earlier ;-)

    1. Apocalypse Later

      Malware names...

      ...are not assigned by malware authors. The white hats do not necessarily know or use the names the black hats give their creations. "Infostealer.Coinbit" will be the name that Symantec gave this malware once they discovered and analysed it, having noticed its similarity to other "infostealer" programs, and its individual feature.

      The days when a virus could be called "Jerusalem" because that was where it was first found, or "Michelangelo" because the trigger date was Michelangelo's birthday, are gone. Like the plant or animal world, a more systematic naming convention has had to be developed. Hopefully all the white hats are adopting the same names as each other by now. They did not always agree on taxonomy, but they, not the malware authors, always assigned the names.

      1. Steve the Cynic

        Re: names...

        It's probably a good thing those days are gone, actually. I remember hearing stories about the reasons for some of those old names, from one of the guys involved in assigning them. Childish doesn't begin to describe it.

  8. da_fish27


    OK, I realize this has no importance whatsoever, but why .Coinbit? It's called .Bitcoin!

  9. Eddy Ito
    Black Helicopters

    No surprises

    The trojan was probably built in a joint venture between the IRS, the Fed and DHS as a way to try getting people to avoid the technology until they figure out how they can tax and track all the money that goes through the system.

    1. Anonymous Coward
      Anonymous Coward

      Western governements definitely don't

      want this taking off. Especially not after spending all that money destroying governments in North Africa that were moving their economies to a Gold backed currency.

    2. h4rm0ny

      Re; No Surprises

      I'd be mildly surprised if this were put together by the Fed, IRS or DHS. They have the means and the motive, but I doubt they've got their act together yet. If it were the government behind this, then it's an own goal because my previous opinion of BitCoins as an academic exercise has been revised in the wake of finding some criminals actually consider them worth stealing. Maybe BitCoin has a future after all!

      When the government comes down on this, I doubt it will be with a virus. More like a big hammer in view of everyone who dared to think of trespassing on one of governments two and a half basic monopolies (force, money and propaganda).

  10. Steve Brooks

    The level of idiocy out there is monumental

    Even on so called geek sites, I quote one here called Geekosystemn

    "but if someone is clever enough to steal a Bitcoin wallet, chances are they are clever enough to break an encrypted wallet open."

    To equate the stealing of data to the decryption of said data? Ignorance reigns supreme.

  11. Robin Layfield

    theoretically generate $97,000 per month

    I was under the impression that the production rate of bitcoins is limited and that contributing hardware to the process doesn't guarantee bitcoins, only the *chance* of mining them. Plus they are only worth what people are paying for them, flood the market and devalue your product...

    1. midcapwarrior

      and why would they care

      they are getting it for free with their bot. Why would they care if they get less.

    2. Anonymous Coward
      Anonymous Coward


      the power bill for 100,000 machines is probably around $4m per month, so only a good return on investment for a botherder, unless caught. Not only may they be done for running a botnet and hacking, but they would be demonstrably culpable for the theft of electricity, as number crunching draws considerably more power than in average use...

  12. Robert Carnegie Silver badge

    Beenz - fellow was just on BBC radio talking about a previous online currency.

    Charles Cohen, mentioned here

    and here

    appeared in the panel of businesspeople on BBC radio (and TV) "The Bottom Line" i.e.

    "Charles Cohen, chief executive of mobile gambling company Probability plc...... Evan Davis also asks his guests to reveal their greatest business regrets." In the case of Beenz, it's not stopping sooner.

    Also present: "Will Butler-Adams, managing director of folding bicycle manufacturer Brompton Bicycle", who mentioned that they're going to make an electric one. Well, probably not just one, there may be twenty or thirty people who would buy that. I'm joking. Any Brompton fans in?

    1. Steven Roper
      Thumb Up

      It's thanks to Beenz

      that I now assume any site whose domain name ends in "z" where it would normally be a plural "s" is a scam or a malware bomber - warez, beenz, lockerz, starz... the list goes on. It's a simple rule of thumb that's stood me in good stead so far - if the domain name ends in a plural z, it's a ripoff or malware.

      (inb4 any Douglas Adams sector coordinate references :))

  13. Arctic fox

    Somebody is ripping of the tax evaders' wet dream?

    The tears are streaming down my cheeks as I type this, I cannot tell you how upset I am.

    1. Steven Roper

      Looking at your posts

      I'm sure I could be forgiven for thinking you're a tax office shill or working for MasterCard or PayPal or something. What's your interest in all this? Why are you so opposed to people having a means to trade that can't be tracked? Why is it so important to you that only methods of transactions that can be monitored should be allowed to exist? Surely it can't just be that you have nothing to hide so you have nothing to fear? Because if you do, then may I point you in the direction of the Daily Mail forums, because your moronic comments are neither needed, welcome, or even effective here.

  14. Dani Eder

    Put it on a USB Drive

    If you have a bitcoin wallet, put the files on a USB drive, and keep the drive unplugged except when actually transferring funds. Keeping the wallet and bitcoin program on your main PC is somewhat like staying logged into your online bank account continuously - a bad idea.

    1. Anonymous Coward

      but a trojan could just lie in wait

      and steal them as soon as they become visible, before the victim has a chance to use them.

      Better to boot from a verified Live CD or ramstick knowing that it really is a clean and virgin system, add a password to the live user, then mount the USB drive and do your stuff.

  15. dave 81

    Bitcoin mining doesnt work like that.

    If a botnet started to mine, the difficulty of generating a bitcoin hash would simply increase.

    See for the history on how computation in the network has increased along with the difficulty.

  16. Anonymous Coward

    Power usage would be a giveaway

    Most modern PCs have a variable speed fan. If your PC is infected with malware that quietyly sends out a little spam, you may be none the wiser and it could stay in place for a long time. If your PC is infected with malware that spikes the CPU at 100% so your fan is running at "super loud maximum", you may investigate and eventually (with the help of a more knowledgeable friend if you're a typical end user) discover the malware and eradicate it.

    Whether it would be more profitable to grab the 94 cents per machine per month implied by the $94K/month for a 100K machine botnet depends not only on how profitable that is versus other uses like using it for spamming or renting out to others, but also on how quickly those 0wned machines will be fixed and removed from your botnet. The quieter (both literally and figuratively) you can make the operation of your botnet to your "end users", the longer it'll last.

    I suspect that other than for those who have very expensive electricity, the extra cost having your PC going full blast for a month versus spending most of its time in some sort of sleep state would not be noticeable. My electricity is about 9 cents/kwh, and my PC (not including monitor) draws 105 watts running full out on all four cores. So that's just under a penny an hour, or perhaps $6 more a month. I'd never notice that.

  17. Anonymous Coward


    I like ferrets.

    Er, what?

This topic is closed for new posts.

Other stories you might like