您的位置:网站首页 > 数字资产资讯 > 正 文 比特币

World's most dangerous botnet mines Bitcoins

【作者:fjbit】 来源:未知 日期:2011-9-17 15:25:17 人气: 标签:dangerous Bitcoins 【打印】

 

SECURITY RESEARCHERS at Russian antivirus vendor Kaspersky Lab warn that TDSS, one of the most dangerous and widespread family of rootkits, recently received an update that forces infected computers to mine Bitcoins.

TDSS rootkits have consistently grown in sophistication since first appearing in 2008. The latest version known as TDL4 installs itself in the master boot record (MBR) and is capable of infecting all Windows versions, including 64-bit Windows Vista and Windows 7, which require signed device drivers.

TDL4 is notoriously hard to remove or even detect, which led security researchers at Kaspersky to describe its botnet as indestructible in the past.

The vendor's malware experts have recently analyzed a TDSS sample collected from a computer that was constantly exhibiting 100 per cent CPU utilisation. It turns out that the variant had been configured to execute a component called conhost.exe with special parameters.

Further investigation revealed that conhost.exe was a copy of the Ufasoft GPU Bitcoin miner application. Bitcoin is a popular peer-to-peer virtual currency that can be exchanged by users over the Internet without the need of an intermediary bank or payment processing service.

This Bitcoin mining scheme exhibits the same sophistication one would expect from the TDSS gang. It uses a mining pool proxy and encrypted credentials, making it impossible for security researchers to determine how many Bitcoins were mined by the botnet and what accounts received them.

"The use of such sophisticated malware as TDSS testifies that cybercriminals are getting more and more interested in Bitcoin, and the growing interest correlates with growing amounts of money 'earned' by bad guys," said Kaspersky Lab expert Sergey Golovanov.

Malware like TDSS is one of the reasons why Microsoft secured the boot process in Windows 8. The new Windows version authenticates all boot components at every reboot, and detection of any unauthorized modification forces the system into the Windows Recovery Environment.

Until then, however, users should scan their computers regularly with a competent antivirus product in order to make sure that they are not infected with such dangerous rootkits. As far as TDSS is concerned, Kaspersky offers a free stand-alone tool that can detect and remove most of its variants.

返回顶部】【关闭窗口 风险提示:本站分享转载的信息均来自互联网,且仅供阅读参考,不作为具体投资的依据,据此入市,风险自担。本站所有内容涉及到的“货币”字眼需谨慎研判,我们维护各国法币的合法地位,同时数字资产具有货币的某些属性,目前是不能替代任何国家的法定货币的,请谨慎理解投资并严格遵守各国法律法规!详见本站[免责声明]。】
【读完这篇文章后,可否发表您的感受?】
0
0
0
0
0
0
0
0
本文网址:
安全联盟站长平台 互联网举办平台 公共信息安全网监 中国网安 赛门铁克安全响应中心