back to article Malware mints virtual currency using victim's GPU

Security researchers have unearthed a piece of malware that mints a digital currency known as Bitcoins by harnessing the immense power of an infected machine's graphical processing units. According to new research from antivirus provider Symantec, Trojan.Badminer uses GPUs to generate virtual coins through a practice known as …

COMMENTS

This topic is closed for new posts.
  1. nyelvmark
    Trollface

    Cybernomics 101

    You see, that's the problem with the bitcoin. It's a virtual currency, and doesn't have any actual real existence. Whereas the Euro, uh...

  2. AlmightyCushion

    Stupid comparison.

    Why do they compare a HD6990, one of the most powerful graphics cards on the market, to an atom processor, one of the weakest processors on the market now (is the n270 even still on the market?). A much better comparison would be to a high end processor or compare the processor and graphics card of a standard computer/laptop.

    1. DannyAston
      Thumb Up

      The title is required, and must contain letters and/or digits.

      I don't think the idea was to make a comparison of two top of the range devices, it was to show you the vast difference between CPU and GPU.

      Danny

      1. Anonymous Coward
        FAIL

        Yeah

        But what he actually did was compare a top-of-the-line GPU with a rock-bottom CPU which is not quite the same thing.

        1. Charles 9

          Irrelevant.

          Sure, they did that to exaggerate the scale, but the kind of computing demanded in Bitcoin mining (and the correct term is MINING, not MINTING), not to mention protein folding and so on, heavily favors repetitive parallel processing: IOW, the GPU holds an inherent edge. Take a look at this chart:

          https://en.bitcoin.it/wiki/Mining_Hardware_Comparison

          (Sure, it's a Wiki page, but it's full of entries contributed by actual Bitcoin miners.)

          As you can see in the chart, even GPUs from the early days of the GPGPU craze (like the nVidia 8800/9800 series) can pump out a decent 30+MHash/sec. It took the most-advanced consumer CPU on the market: the Intel Core i7 990x, a hexacore with HyperThreading, overclocking all the way up to 4.5GHz (Stock speed: 3.46GHz) to match that level of performance. Practically all the other CPU miners can't even crack 10MHash/sec.

          So there you have it: a top-end CPU can't even keep up with a close-to-obsolete GPU--and nVidia cards are handicapped in mining; comparable ATI/AMD cards tend to work twice as well (architectural differences to blame--the roles are switched in Folding@home).

    2. stu 19

      you spotted that too

      Wonder what rate of mhash(es) my i7 970 extreme can get?

      Still won't be as high as a GPU.

      Anyway this report is a bit behind the times, it suggests that GPU is the way forward from now. Miners have been using the GPU for some time, the new bit is the botnet controllers are using their network to mine isn't it?

  3. Herby

    On minting small amounts...

    In the words of Everett Dirkson "A billion here, a billion there, pretty soon it adds up to real money".

    Adjusted for inflation, one would now say a trillion...

  4. Joe Montana
    Megaphone

    Botnet drones...

    While a Radeon 6990 is very fast at bitcoin processing, how many users actually have such cards? I bet the market share of reasonably new radeon cards is relatively low... Intel has the largest market share for video cards, and their cards cannot do bit coin... Nvidia cards are considerably slower than AMD, and even those users who are using AMD cards, only the higher end 4xxx 5xxx and 6xxx series are worth using, lower end versions of the cards as well as anything older than 4xxx aren't worth it. I would imagine that no more than a couple of % of potential bot hosts have usable video cards.

    That said, a smarter bot herder could target places where people likely to have such cards hang out, like gaming forums etc, but gamers will very quickly notice if the malware makes a significant impact on their bot. Non gamers are very unlikely to have such cards at all.

    Also, bitcoin involves a large number of integer calculations, not floating point, this is primarily why nvidia cards are so poor (optimised for floating point) compared to AMD.

    And this malware is not trying to defeat the safeguards of the bitcoin protocol, they are attempting to participate in the bitcoin network and thus earn a share of coins for doing so (aka mining)... Profit margins on doing so are a lot higher if you aren't paying for the hardware or electricity yourself.

    1. Charles 9

      Two reasons why it doesn't matter.

      First, a botnet can build strength in numbers. Even 100,000 weak machines will get you something productive, and if a few of them happen to have decent to great video cards, all the better. Thanks to known pooled mining techniques, you can easily put everyone to use not matter what they have available.

      Second, do note that even cards like the nVidia 8800/ATI 4700 series, which are two generations old and practically obsolete, turn out some good numbers. And the numbers only climb with each generation. Even if you don't go top-end, a decent upgrade card available at a brick & mortar store for just $100 or so will still spank any CPU-based miner that isn't multi-socket. And you get better-looking games to boot.

      And don't count out gamer machines. Dedicated video cards are still a big business for both AMD and nVidia; thus why they keep improving on them. There is a demand out there; the botnet's simply trying to tap it. As for slipping under the gamer's nose, that will probably be dealt with in a future version of the bot: intelligent load management to try and sneak past gamers who might otherwise notice FPS drops.

  5. Dr. Vesselin Bontchev
    Boffin

    Ignorance

    It is surprising how few people understand how bitcoins really work. It is not, however, surprising to see yet another ElReg journalist demonstrate his incompetence. Let us get the facts straight, shall we?

    1) If somebody has the standard Bitcoin client installed on their machine, any malicious program that has invaded the machine can steal all the bitcoins there without any effort at all. No "lockpicking", "drilling" and "sawing" is involved, since the present version of the client does not encrypt the wallet with the bitcoins yet. (That's planned for the next version.) Theoretically, one could install the wallet on an encrypted partition, but few would bother, and even if they do, the partition has to be accessible (i.e., decrypted on-the-fly) at the time when the client is working, so nothing prevents the malware from stealing the wallet then.

    2) A botnet client designed to mine bitcoins can do this on ANY infected machine. The owner of the machine doesn't need to have any bitcoins there. In fact, the owner isn't required to even know what bitcoins are. What the malware would be stealing in this case wouldn't really be bitcoins (although this is what it would be sending to the botmaster) but computing time.

  6. This post has been deleted by its author

  7. Drefsab

    The title is required, and must contain letters and/or digits.

    lol I find this funny I do mining and I know exactly how loud my gfx cards fan gets when working on it, if my gfx card was doing that for no reason id damned well know about it and so would most people who have these kinds of gfx cards.

  8. Alan Brown Silver badge

    Drefsab beat me to it

    Boxes get _hot_ when running cryptographically intense processes. Users tend to notice after a while when the fans go to full speed and stay there. They'll notice even more if the heatsinking is inadequate.

    The issue of malware pulling this kind of thing (and the near impossibility of being able to detect tokens generated with stolen computing time) is one of the reasons that the hashcash project didn't go forward. While we didn't call 'em botnets they already existed in 1998ish.

  9. David Hicks
    Meh

    Sooner it dies a death the better

    Yet another strike against BTC - now a proportion of the money supply is illegally generated!

    And to those that say they'd notice the machine getting hot and the fans on - I hope you would, as readers of the register. Millions wouldn't think past "Computer is loud!" or "Computer is broken!" though.

    And then perhaps it could be refined. What's to stop a virus writer putting in some temperature detection and slowing its activity to keep it a little cooler, plus making it a very low priority process so it doesn't interfere with normal operation?

    I'll admit to gaining quite a bit of schadenfreude from watching the price of bitcoins slowly decline over the last month or so...

  10. joe.user
    Thumb Down

    Did anyone do their homework?

    Bitcoin already had this concern in mind by design - thresholds for minting.

    GPU or CPU or NSA doesn't change it.

    1. Charles 9

      Wanna bet?

      Thousands of computers in a Botnet means thousands of potential Bitcoin wallets. If the 50BTC goes to a different Bot each time, which is then forwarded to the Botherder (and BTW, pure Bitcoin transactions are DESIGNED to be damn near impossible to block if both parties are willing), then how will Bitcoin be able to tell the difference? Plus, a Botnet minig pool with enough power becomes ahead of the curve if the POW puzzle gets inevitably harder.

This topic is closed for new posts.

Other stories you might like