Wednesday, August 17, 2011

Bitcoin Mining with Trojan.Badminer

Via Symantec Über Security Response Blog -

Bitcoins have been in the news in recent months and there has been much discussion on them, as part of public discourse. In terms of how bitcoins are being targeted by malware, we’ve seen past attempts by Trojan.Cointbitminer to “mine” bitcoins on compromised computers, using up precious CPU cycles in the process. We’ve even seen other malware groups take a more direct and perhaps easier route by stealing bitcoins instead.

Now we are seeing another new Trojan on the bitcoin mining trail, which we are calling Trojan.Badminer. Instead of packing a pick axe and shovel like previous bitcoin mining Trojans, this makes use of heavy machinery to do its job. That way the flow of bitcoins can be mined much faster than before.

When it comes to mining, Badminer contains functionality to deal with all eventualities. It detects the type of computer that it is running on and then activates the appropriate “machinery” to dig through the hashes to reach the hidden treasures. If it determines the computer has a high-spec graphics card with a fast enough graphics processing unit (GPU), it uses the appropriate packages to leverage the immense processing power of the GPU to literally move through the mountains of hashes to reach the valuable bitcoins. Conversely if a low-spec computer is found, then it will wheel out the basic bitcoin mining tools, which will result in much slower throughput. To perform the mining functions, the Trojan contains both the RPC miner and Phoenix miner programs. The latter can take advantage of the extra power of the GPU for bitcoin mining.


Based on these numbers we can arrive at an earnings potential for some of the graphics cards that we have previously detailed. An AMD Radeon 6750 card is reportedly capable of 167.5 Mhash/s whereas a higher-end card like the AMD Radeon 6990 is capable of 758.82 Mhash/s.

In an ideal situation, we could expect to uncover 13.71 bitcoins with the high-end graphics card example, which in turn would be worth $156.84 per month. Not a huge amount of money in isolation, but when combined with hundreds or thousands of other compromised computers, all generating a few bitcoins each, the numbers begin to add up.


In a previous blog by Peter Coogan, it was surmised that renting a botnet to perform bitcoin mining was not an economically viable idea. The price of renting the botnet versus the CPU-based throughput of the bitcoin mining software did not justify this. With the advent of Trojan.Badminer and common usage of fast graphics cards, it may well begin to make economic sense to rent botnets in order to carry out distributed bitcoin mining and run the process on an industrial scale.

No comments:

Post a Comment