The new virus forces the computer to earn virtual currency

Posted: April 8, 2013 in IT Security News
Tags: , , , , ,

Kaspersky LabThe new virus forces the personal computer to earn Bitcoin virtual currency.

Specialists of Kaspersky Lab found a new unusual virus spreading in the file «bitcoin-miner.exe». The virus uses the processing power of infected PCs, to “produce” virtual currency for intruders.

As soon as the course of virtual currency Bitcoin grows over time (for it is already possible to buy a real house), attackers are increasingly trying to get the currency detours. For example, found at the end of last year Skynet botnet contains a module for obtaining new bitkoins on capacities of infected machines. The fact that the number of outstanding Bitkoins strictly limited, and new Bitkoins appear only as a result of serious computing. Time for a lucrative “getting” Bitkoins way at the end: soon their number will become so large that the calculation of each following bitkoyna be prohibitively expensive.

Now one Bitkoin (BTC) is traded on the virtual exchange for the price of U.S. $ 130 per unit – four times more than just six weeks ago. According to the principles of currency BTC, new units, or “coins”, created by solving complex cryptographic equations. For each new valid block data, the authors receive 25 Bitkoins (until recently the remuneration was 50 BTC). Legitimate participants “production” usually have their share of awards, using powerful system with graphics cards for better performance.

As it turned out, the authors of the new virus uses a much more aggressive approach. A new virus is spreading in with Skype voice and video in the form of links to malicious files. Although executable file called «bitcoin-miner.exe» uses only CPU that slows “extraction” Bitkoins, attackers use a lot of “captive” of computers, so that the result is quite a powerful resource. Unlike legitimate “miners” virtual currency, criminals do not have to pay for the captured equipment, pay electricity bills and so on.

Viruses for illegal “mining” Bitcoin there for about two years. Some versions of these viruses have learned to use the graphics accelerators on the infected PC, the viruses can infect even machines running Mac OS X.

For most signs new virus similar to the average quality imitation other viruses in this class, but there is reason to think that the creators of this virus was not just entertainment. The fact that the short using the service bit.ly URL-address that hosts the malicious files, received more than 2,000 hits per hour, at least, at the time of publication of the description of the blog Kaspersky Lab. Distributed computing is a very good level.

According to the classification of Kaspersky  Lab virus called «Trojan.Win32.Jorik.IRCbot.xkt». Presumably, the distribution began in Europe – the highest levels of activity were recorded in Italy, Russia, Poland, Costa Rica, Spain, Germany and the Ukraine. The initial fragment of the virus, according to experts, established in India, and then began to use servers in Germany (IP-address of a server 213.165.68.138:9000). When the user clicks on a dangerous link, the virus runs additional components and data from service Hotfile, and then wait for further instructions. To avoid infection, it is best not to go on any suspicious links in Skype.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s