The Miner botnet: Bitcoin mining goes peer-to-peer

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

The Miner botnet: Bitcoin mining goes peer-to-peer
Botnet Miner
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2011 / 2011-08-19
Editor/Conference Kaspersky Securelist
Link https://securelist.com/blog/incidents/30863/the-miner-botnet-bitcoin-mining-goes-peer-to-peer-33/ (Archive copy)
Author Tillman Werner
Type

Abstract

Identifying a botnet is not an easy task sometimes, especially when one gets lost in different components like droppers, infectors and other bad stuff. Some two weeks ago, Jose Nazario from Arbor Networks pointed me to a new varmint that appears to be another peer-to-peer bot. When executed, the program installs tons of stuff that holds a number of goodies, for example

  • an executable hidden in an Alternate Data Stream,
  • three Bitcoin miners: the Ufasoft miner, the RCP miner and the Phoenix miner,
  • a file with geo-location information for IP address ranges.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR1983,
   editor = {Kaspersky Securelist},
   author = {Tillman Werner},
   title = {The Miner botnet: Bitcoin mining goes peer-to-peer},
   date = {19},
   month = Aug,
   year = {2011},
   howpublished = {\url{https://securelist.com/blog/incidents/30863/the-miner-botnet-bitcoin-mining-goes-peer-to-peer-33/}},
 }