Using Bitcoin To Detect Malware

vigil

Now that you can actually buy things with bitcoins, it’s become a playground for modern malware authors. [Eric] recently lost about 5 BTC because of some malware he installed and decided to do something about it. He came up with BitcoinVigil, a web service that constantly looks at bitcoin honeypots and alerts you when bitcoins are surreptitiously removed.

The idea behind BitcoinVigil is to set up a Bitcoin wallet with a small amount of coins in it – only about $10 USD worth. When modern, Bitcoin-seeking malware is run on a computer, it looks for this ‘moneypot’ and sends an email out notifying the owner of the coins to stolen money.

[Eric] was at a LAN party a few weeks ago and ‘borrowed’ a friend’s copy of Starcraft 1. Just a few seconds after installing it, he received an alert notifying him about a few stolen bitcoins. This time [Eric] only lost a few microBTC, but better than the thousands of USD he lost before.

Comments

  1. The best way to avoid malware is to stay well the fuck away from anything having to do with Bitcoin

    • 1337 says:

      The best way to avoid sprained ankles is stay well the fuck away from anything having to do with spiral-bound notebooks. (Am I doing it right?)

    • lja says:

      Or any other “virtual currency”

      • Jan says:

        The best way is to avoid warez, stuff like “borrowed copies” of software.

        And not being stupid with your money. It is not Bitcoin’s fault if you get your money stolen because you were installing dodgy software and keep the wallet freely accessible on the same machine … Or entrusted your money to a complete stranger (exchange …) with the only guarantee for not losing it being their word …

        Use the common sense. There is no difference between Bitcoin or real money – you could get both stolen via your hacked PC if you are stupid.

        • bobfeg says:

          Good advice my friend.

        • Anonymous says:

          Debit/credit card gets stolen: Financial institution nullifies transactions, cancels cards, issues replacements.

          Cash gets stolen: You lose whatever you were carrying, or a small amount of “mugger’s money”. (If you’re regularly carrying thousands in cash, you’re nuts.)

          Bitcoin gets stolen / private key lost / exchange shuts down and keeps everything for themselves: Oh well!

          • not quite. If ANY person loses their bitcoin it is GONE…NO ONE gets it. If an exchange shuts down the same things that happen with real money ensue. MtGox either stole or LOST the coins in question, either way – it isn’t hard to find where the coins went if they were stolen.

            The only difference between cash and bitcoin is that there is no human being MANIPULATING the ledger book to give you the money back that you lost or had stolen. There IS NO MANIPULATIONS by greedy – power crazed banksters and politicians with bitcoin.

            Lastly, a thief, is a thief. Can you say Bernie Madoff? Enron?

            People are people, period. I have a lot more faith in a mathematical exquation than I do any “benevolent” authority pulling all the strings to make everything “safe’ and “fair”

            Safe and fair to WHOM?

        • S says:

          Yes, better to install original Sony rootkits instead.

      • Adobe/Flash hater says:

        All the hubris surrounding bitcoins has had me waiting for this next chapter of the story to open.

        “Flooz”. Does anyone even remember those?

        http://money.cnn.com/galleries/2010/technology/1003/gallery.dot_com_busts/7.html

    • anon says:

      porn is the number one cause ( you got it wrong )

    • m4rkiz says:

      the best way to avoid malware is to throw your pc out of the window or perhaps jump from a high building

      • qwerty says:

        Or having more than one PCs: one for important online stuff (no games, no warez, no windows etc) and one or more for everything else. And of course no way for the latter to access files stored in the first one.

  2. Tony says:

    If you own any bitcoins, odds are you’ve already lost money.

    • Thomas says:

      Not really no…. It really depends on how / when you bought / harvested them….

      • oldsak says:

        I don’t think you know what the word “odds” means.

      • Tony says:

        A true believer, how cute.

        Keep on minin’, dude. There’s gold in them thar hills.

        • asdf_the_third says:

          just because you don’t know how it works or lost out on the opportunity to become a millionaire doesn’t make the system “wrong”.

          there are plenty of people that have become stupid rich through bitcoin.

          • uMinded says:

            To a degree…

            Bitcoin is like me amassing a fortune in sunflower seeds. 99% of the world does not acknowledge my sunflower seeds as a currency but my god that 1% that does I could trade the shit out of with. “Rich” is subjective because if you do all your commerce and acquire your tangible items through that 1% then you are very wealthy. However have you tried to convert >10BTC into USD? Almost nobody wants to do it.

            I also would like to point out that if you turned $10USD into $1M USD even through shady trading it took you effort and insight, where as someone who joined the Bitcoin movement in the early days and bought 1000BTC for $300USD and just did nothing they are a subjective “millionaire”… well until the whole china thing…

  3. ejonesss says:

    was that copy of Starcraft 1 the legit copy bought from store or a burned copy?

    i am not here to talk about or accuse anyone of piracy

    i am asking because if it is legit then it may be a false alert caused by 1 or more of the following

    1. the bitcoin mining and theft ware uses the same ports as the other applications for example bit torrent uses ports in the high 6000 like 6969 so they criminals use those ports because they are opened by bit torrent.

    2. some of the game files are similar in name and function triggering a false hit.

    if it is a burned copy or even from an iso image then i could see a problem.

    it could be a legit copy but a cracker ([K[) was used because the game’s serial number is tied to the user and would be detected as pirated.

    unlikely (because i think it is illegal to put software in a system without permission) the makers of the game could have decided ok you may run this copy but we require the use of a bit coin miner/stealer to pay for it.

    • asdf_the_third says:

      most obvious answer is either a key-gen or crack. none of your other options make sense. no proper game causes false triggers. anyone who tells you otherwise wants you to have malware.

      • asdf_the_third says:

        let me be specific:

        most cracked games thesedays are from steam, which require a modified steam_api.dll
        all AV mark that file as infected because, well, it is, regardless of which compression methods were used.

        Usually a trojan that just installs other shit in the background.

  4. luka says:

    Losing 5 bitcoins to malware could have easily be prevented by using a password on the wallet.

  5. Jedi says:

    I do lots with bitcoin (and other crypto currencies) and guess how much malware i have, and how many bitcoins have ever been stolen from me? Zero.
    The best way to avoid malware is to watch what you click, and read carefully when you’re installing crap.
    Back in 2012 somebody stole everything i had on my person, including my Wallet and my Bitcoin wallet (not even password protected). guess which money disappeared, and I can’t get back. The money in the bank. $3000, $1000 of which i was going to invest in bitcoin, approximately 100BTC at $10 ish. I regret that I didn’t make that purchase, not only because the money I was going to do it with was stolen by Pennsylvanians, but more importantly, that investing $1000 in BTC would have more than covered some douche’s grand larceny. i could sell it today for $42000, or earlier for $100000, or in the future for well over $1000000.
    Update your bitcoin client to the latest version to prevent losses by Heartbleed.
    run like 20 malware/virus scanners back to back, just for the hell of it.
    Nobody who did their research deposited any BTC or USD in MTGOX for at least a full year before they took the money and ran with it. I know anywhere i put my money could result in a loss. That doesn’t mean I should just shelter it in my wallet and do nothing with it. I invest it, i help people who need $ on btcjam. Picking the right person to lend your money to is very important there. i have risked and been rewarded by btc-arbs.com (somebody mentioned Bernie Madoff, if you know who that is then you know that btc-arbs is a very dangerous ‘investment’ but i’ve pulled my money out plus interest and am just watching some change grow interest. one day i may check and see that they’ve taken the money and ran, but when that happens, i won’t care because i don’t have any of my own money in there, its just free money, earning like 1% interest a day. I will never withdraw it, most likely i will decide to check my balance one day and it will be gone. but maybe, just maybe.. i’ll check some account i invested btc in back in 2014 and i will be like 80 and they’ll still be around and i will be like ‘hey look i can buy my own country!’

    • uminded says:

      The best option of them all is to just not run shitty Windows. My family converted to Ubuntu 3 years ago and we have never restarted (other than power outages), have no virus or malware problems, and no lack of system resources.

      • Spork says:

        I will write some malware for Ubuntu and mail it over to you if you like. — This has nothing to do with your dislike for an operating system. If you allow malware to run on any OS it will still steal your passwords, bitcoins, etc.

  6. brook says:

    I like the part where he didn’t learn to stop installing malware

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,687 other followers