
Finally a non-sensationalist article.
Thank you theregister, for not using this to bash the currency, and instead realizing that this is a problem that all online payment processors have to deal with.
You know your virtual currency has hit the big leagues when criminals develop trojans that infect computers for the sole purpose of stealing it. Bitcoin, the open-source project launched two years ago, reached that turning point Thursday. That's when researchers from Symantec discovered Infostealer.Coinbit, a piece of Windows …
Online payment processors have to guard against fraudulent transactions being entered and passwords being pilfered, because whatever customer account value they "possess" are numbers in a database. Making off with that database file wouldn't alter the customer account value. It would be a bloody nuisance though, blocking access, resetting passwords and informing customers. And for individual accounts being defrauded there supposedly are transaction logs and procedures to dispute those transactions.
A bitcoin wallet resides on some personal computer, and if it is copied (and the password broken) then whoever has the wallet now has the "monetary" value, FWIW. Just like money in an old sock under your mattress, only a bit harder getting the actual money out of the sock, but easier for someone in Outer Elbonia to access the sock provided they've got an internet connection. And we all know how easy it is to lift files from end-user computers.
"If you use Bitcoins, you have the option to encrypt your wallet" - that's a bit misleading. The present version of the officieal Bitcoin client does not have the option to encrypt the wallet. Silly, isn't it? For a developer of a crypto currency to keep the wallet unencrypted... All you can do is create an encrypted disk partition and tell the software to keep the wallet file there - which is rather inconvenient.
BTW, how do you call a pickpocket who steals your Bitcoin wallet? A "bitpocket"?
In what sense is software which destablilises the Bitcoin "economy" malware, if the concept of Bitcoin itself is malware ? Generating Bitcoins wastes electricity generating C02 which properly accounted currencies based upon issuer commitment (i.e. 97% or more of conventional money and LETS) do not require. If the Bitcoin design is a Ponzi from the start and has little purpose other than to transfer resources from con victims to drug dealers, the botnet herders who mine bitcoins and financial scammers it's a bit difficult to argue that stealing them is malware when the software which generates, stores and transacts them is malware from any sane perspective. Losers who get their precious Bitcoins stolen deserve no sympathy.
If the sooner this house of cards resolves to its lowest energy state the better, then the so called malware which helps that to occur sooner isn't the malware in question.
If you are a botnet herder with a large enough botnet then you can vote whatever you like in bitcoin as the next valid transaction block. If you have more than 50% of the votes based upon 1 CPU cycle == 1 vote you win. Other possible manipulators would include Google and Facebook, but I don't think they care enough for these turds to want the bad reputation.
...are not assigned by malware authors. The white hats do not necessarily know or use the names the black hats give their creations. "Infostealer.Coinbit" will be the name that Symantec gave this malware once they discovered and analysed it, having noticed its similarity to other "infostealer" programs, and its individual feature.
The days when a virus could be called "Jerusalem" because that was where it was first found, or "Michelangelo" because the trigger date was Michelangelo's birthday, are gone. Like the plant or animal world, a more systematic naming convention has had to be developed. Hopefully all the white hats are adopting the same names as each other by now. They did not always agree on taxonomy, but they, not the malware authors, always assigned the names.
I'd be mildly surprised if this were put together by the Fed, IRS or DHS. They have the means and the motive, but I doubt they've got their act together yet. If it were the government behind this, then it's an own goal because my previous opinion of BitCoins as an academic exercise has been revised in the wake of finding some criminals actually consider them worth stealing. Maybe BitCoin has a future after all!
When the government comes down on this, I doubt it will be with a virus. More like a big hammer in view of everyone who dared to think of trespassing on one of governments two and a half basic monopolies (force, money and propaganda).
Even on so called geek sites, I quote one here called Geekosystemn
"but if someone is clever enough to steal a Bitcoin wallet, chances are they are clever enough to break an encrypted wallet open."
To equate the stealing of data to the decryption of said data? Ignorance reigns supreme.
I was under the impression that the production rate of bitcoins is limited and that contributing hardware to the process doesn't guarantee bitcoins, only the *chance* of mining them. Plus they are only worth what people are paying for them, flood the market and devalue your product...
the power bill for 100,000 machines is probably around $4m per month, so only a good return on investment for a botherder, unless caught. Not only may they be done for running a botnet and hacking, but they would be demonstrably culpable for the theft of electricity, as number crunching draws considerably more power than in average use...
Charles Cohen, mentioned here
http://en.wikipedia.org/wiki/Beenz.com
and here
http://www.theregister.co.uk/2001/08/16/beenz_is_dead_official/
appeared in the panel of businesspeople on BBC radio (and TV) "The Bottom Line" i.e.
http://www.bbc.co.uk/programmes/b011vhdm
"Charles Cohen, chief executive of mobile gambling company Probability plc...... Evan Davis also asks his guests to reveal their greatest business regrets." In the case of Beenz, it's not stopping sooner.
Also present: "Will Butler-Adams, managing director of folding bicycle manufacturer Brompton Bicycle", who mentioned that they're going to make an electric one. Well, probably not just one, there may be twenty or thirty people who would buy that. I'm joking. Any Brompton fans in?
that I now assume any site whose domain name ends in "z" where it would normally be a plural "s" is a scam or a malware bomber - warez, beenz, lockerz, starz... the list goes on. It's a simple rule of thumb that's stood me in good stead so far - if the domain name ends in a plural z, it's a ripoff or malware.
(inb4 any Douglas Adams sector coordinate references :))
I'm sure I could be forgiven for thinking you're a tax office shill or working for MasterCard or PayPal or something. What's your interest in all this? Why are you so opposed to people having a means to trade that can't be tracked? Why is it so important to you that only methods of transactions that can be monitored should be allowed to exist? Surely it can't just be that you have nothing to hide so you have nothing to fear? Because if you do, then may I point you in the direction of the Daily Mail forums, because your moronic comments are neither needed, welcome, or even effective here.
and steal them as soon as they become visible, before the victim has a chance to use them.
Better to boot from a verified Live CD or ramstick knowing that it really is a clean and virgin system, add a password to the live user, then mount the USB drive and do your stuff.
Most modern PCs have a variable speed fan. If your PC is infected with malware that quietyly sends out a little spam, you may be none the wiser and it could stay in place for a long time. If your PC is infected with malware that spikes the CPU at 100% so your fan is running at "super loud maximum", you may investigate and eventually (with the help of a more knowledgeable friend if you're a typical end user) discover the malware and eradicate it.
Whether it would be more profitable to grab the 94 cents per machine per month implied by the $94K/month for a 100K machine botnet depends not only on how profitable that is versus other uses like using it for spamming or renting out to others, but also on how quickly those 0wned machines will be fixed and removed from your botnet. The quieter (both literally and figuratively) you can make the operation of your botnet to your "end users", the longer it'll last.
I suspect that other than for those who have very expensive electricity, the extra cost having your PC going full blast for a month versus spending most of its time in some sort of sleep state would not be noticeable. My electricity is about 9 cents/kwh, and my PC (not including monitor) draws 105 watts running full out on all four cores. So that's just under a penny an hour, or perhaps $6 more a month. I'd never notice that.