Bitcoin mining malware spreads on Skype as price rises

Mining Bitcoins used be considered a low-rent way to use botnets. But now, as the virtual currency's star rises, criminals are looking for a piece of the action.
Written by Liam Tung, Contributing Writer

Criminals are using Skype to spread malware in the hope of building a botnet with enough computer power to mine Bitcoins.

Researchers at Russian security firm Kaspersky Lab discovered the Bitcoin malware campaign last week, which had been targeting would-be victims in Russia, Poland, Costa Rica, Spain, Germany, Ukraine and other countries.

Potential victims are encouraged to install a file that is included with messages like "this my favourite picture of you". If the malicious file is installed, one of its features is to turn the machine into a Bitcoin mining slave.

While Bitcoin-stealing malware that target wallets for the digital currency had been found in 2011, security experts have predicted malware would be developed to put botnets to work in Bitcoin mining. Anyone can earn Bitcoins by using their computers to solve a cryptographic "proof-of-work" problem called Bitcoin blocks. Computer owners are rewarded a certain number of Bitcoins per block solved.

Using the 2011 valuation of around $20, Symantec security researcher Peter Coogan estimated that a 100,000 strong botnet, using average computers running 24 hours a day, could earn roughly $3,000 a day. At those prices though, renting out a botnet for DDoS attacks was a more attractive use. 

Today though, Bitcoin is currently trading on the Mt. Gox exchange at around $180.

Kaspersky Lab also found Bitcoin miner malware in 2011. The malware failed because it was detected using multiple IPs, suggesting it was a botnet. 

It's unclear from Kaspersky's new report whether this new Bitcoin miner is any more successful, however. 

With the rising value of Bitcoins, hackers have also targeted Bitcoin wallet providers, such as Instawallet, which shutdown last week after suffering a database breach. 

Editorial standards