
New Skype malware spreading at 2,000 clicks per hour to mine Bitcoins - knappster
http://thenextweb.com/insider/2013/04/05/new-skype-malware-spreading-at-2000-clicks-per-hour-makes-money-by-using-victims-machines-to-mine-bitcoins/
======
fennecfoxen
Malware Bitcoin-miners, hmm? I don't like Skype as a vector... what if you
could put it in the browser instead? Which leads me to a less malware-y idea:
write a JavaScript/Flash/similar component that mines bitcoins in a web
browser. Put it on your site instead of ads. Has anyone beat me to it?

~~~
igul222
Mining bitcoin on a CPU these days is like digging for gold with a garden
shovel. Once upon a time it may have worked, but today it's basically useless
(even if you do it on a million computers at once).

~~~
base698
WebGL FTW!

:)

~~~
vitno
Wouldn't work. The right API calls aren't exposed. You would need something
like webCL.

~~~
babs474
A long time ago I did some proof of concept work to do GPGPU operations in the
browser with regular webGL, it kind of worked:
<http://learningwebgl.com/blog/?p=1828#comments>

I did look into using the same technique to implement bitcoin mining in glsl.
My opinion is that it is possible, but not straight forward and probably not
worth it, but still a pretty f'ing cool concept.

------
RobotCaleb
<http://www.bitcoinplus.com/miner/embeddable>

I don't see how this is any worse.

~~~
swinglock
One is malware, the other isn't. When I open their "Generate Bitcoin" page it
won't run because I don't have Java, not JS, in my browser. If I did it would
ask me for permission to run and if I said yes it wouldn't be persistent.

The Skype malware is classed as a malicious IRC-bot so unless it's very
specialized it's safe to assume it includes other features as well, like
DDoSing, searching and mass uploading of files ("wallet.dat"?), mass
downloading and running of files (so the backdoor could be extended at any
time), login form reporting and what have you.

------
hcarvalhoalves
A new market for malware opens. This is even better than spam.

~~~
waps
Actually it is better, isn't it. If malware starts working to keep the bitcoin
transaction network operational as opposed to spamming or stealing webbanking
keys ... then it's actually doing something that's either neutral or useful.
Useful if you like bitcoin.

That'd be a great step forward. I doubt it's worth the effort though.

~~~
arjie
Shouldn't it also be more noticeable? Quiet spyware can go undetected, but
something that's eating up loads of CPU cycles is less likely to do so. That's
a good thing.

------
vertis
Evil...and yet I'm a bit disappointed it doesn't try to use the computers GPU
instead of CPU.

(and yes I'm aware this wouldn't work in all cases).

------
Bud
Why does Skype even have any clickable links in it at all if Microsoft can't
be bothered to keep the obvious malware out?

~~~
anigbrowl
Don't miss the forest for the trees. If it wasn't skype, it'd be some other
channel. The point here is that mining malware is a rather new and troubling
phenomenon.

~~~
neurotech1
And of limited real value. A CPU only miner would yield about 10 MHash/s or
less on standard hardware, and a malware/junkware loaded PC will do even less.

~~~
mischanix
I recently came across a very naive-looking sample of a pooled GPU-miner being
distributed via a purported crack for a certain EA game.

It's ridiculously easy to implement GPU mining if you have any remote
execution on a machine.

------
aspratley
Is it also stealing people's local wallets too?

------
kaonashi
Does all the computing power put towards Bitcoin mining strike anyone else as
an extreme waste of electricity?

------
guelo
A keylogger would be more lucrative than a bitcoin miner.

~~~
mfringel
[IANAL] A bitcoin miner sidesteps "unauthorized access to information", taking
advantage only of the the compute resources. I'm not sure if that makes any
real difference in the eyes of the law, though.

------
Evbn
Re the conclusion: to protect yourself, don't run an OS that will silently
install software just because you clicked on a blue link in a program
published by the OS vendor.

Steve Ballmer should be jailed as an accessory for allowing this.

~~~
D9u
With a malware name like "Trojan.Win32.Jorik.IRCbot.xkt" - implying a Windows
vector - I can't see why someone would downvote you for that comment.

I've got Skype on my *nix box, so do the downvoters assume that my system is
also vulnerable to this malware?

~~~
kevingadd
There's no indication anywhere in the descriptions of this malware - on
Kaspersky's blog or elsewhere - that it is exploiting any new or unique
Windows-specific vulnerabilities. It could easily just be a downloadable
executable that people are stupid enough to run. Social engineering works
great. If your goal is simply to get a malicious executable onto as many
machines as possible, Win32 is the obvious target to choose.

You've got Skype on your *nix box: Are you certain it's NOT vulnerable to
malware? Obviously a Win32 executable isn't going to run on Linux, but if
there's a hole in Skype what's stopping the bug responsible for that hole from
causing a similar problem on Linux or OS X?

At this point no facts have been published to describe the nature of the
malware in depth, so it's stupid to assume that it's dependent on some
platform-specific exploit. On the other hand, it relies on clicking a link, so
hopefully you're smart enough not to click shortened URLs sent by friends on
Skype, no matter what OS you're running!

