Kaspersky and INTERPOL Say Blockchain is Vulnerable

[Itskok]

Well i must say that it's really nice and creative way to inject malicious, but still the "Victim" must have another malicious object on his machine to run this idea on,exactly like lots of other examples that relevant in other technological environments, not a big surprise.
The problem is that "everyone" need to "download" the blockchain in order to use Bitcoin,and then its like half way through for the "Hacker",the second half still has the same challenges that we know,how to interact with your "Victim" and give him the second peas of the cake..
Its not a big news at all,
Let the speculators play with the technology,i think its good for all of us...

[samson]

Well i must say that it's really nice and creative way to inject malicious, but still the "Victim" must have another malicious object on his machine to run this idea on,exactly like lots of other examples that relevant in other technological environments, not a big surprise.
The problem is that "everyone" need to "download" the blockchain in order to use Bitcoin,and then its like half way through for the "Hacker",the second half still has the same challenges that we know,how to interact with your "Victim" and give him the second peas of the cake..
Its not a big news at all,
Let the speculators play with the technology,i think its good for all of us...

There are a lot of ways to get specific information from the blockchain without having Bitcoin installed.

[dewdeded]

OP_RETURN could be used to announce new C&C servers to victim computers.
Making the botnet pretty resistant vs. goverment downtakes.


Seams like a solid alternative vs. classic DGAs.

[tzpardi]

Its pretty simple how they did it. They created a malicous application that fetches data from the blockchain. If you run said malicious application malicious things might happen. Bottom line? Dont run anything from Kaspersky?

their "demo" -> https://www.youtube.com/watch?v=FNsqXHbeMco

That's the usual approach from the so called security experts: execute a malicious application with admin right and then, no wonder, the application with the admin right can steal data or cause damage to the machine. As you said, to avoid such problems don't get the malicious application to your computer in the first place.

[ca333]

OP_RETURN could be used to announce new C&C servers to victim computers.
Making the botnet pretty resistant vs. goverment downtakes.


Seams like a solid alternative vs. classic DGAs.

"nice" idea. haven't thinked about this option to use the blockchain.. but if such data is not encoded properly goverments could start to fetch bc-data too and look out for "bad" infos..

[Raize]

It occurred to me the other day why this may be considered a big deal for Kaspersky.

A lot of AV software is signature-based and still relies on identifying hostile programs before they execute by analyzing the code. A program that contains code that relies on hidden data in the blockchain may be able to evade AV detection slightly easier, especially for users who already have the blockchain stored on their computer. By making it look like the blockchain is what is responsible for this ease-of-evading, they might be attempting to gain empathy from regulators in parts of Europe/Russia that are hostile to Bitcoin.

That said, nothing of what they have brought up is particularly new. And like I mentioned earlier, it presumes that the hostile agent is already capable of executing code on an end user's device.

[Hyena]

It occurred to me the other day why this may be considered a big deal for Kaspersky.

A lot of AV software is signature-based and still relies on identifying hostile programs before they execute by analyzing the code. A program that contains code that relies on hidden data in the blockchain may be able to evade AV detection slightly easier, especially for users who already have the blockchain stored on their computer. By making it look like the blockchain is what is responsible for this ease-of-evading, they might be attempting to gain empathy from regulators in parts of Europe/Russia that are hostile to Bitcoin.

That said, nothing of what they have brought up is particularly new. And like I mentioned earlier, it presumes that the hostile agent is already capable of executing code on an end user's device.

they may also be worried because of the false positives their AV will give because someone has saved a virus signature in the block chain.

[DeboraMeeks]

This is like saying that HTTPS is insecure because I've written a program that just executes whatever response it receives to an HTTPS request.