Bitcoin Forum
February 16, 2019, 06:53:49 AM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: 2012-09 sophos.com - The ZeroAccess Botnet – Mining and Fraud for Massive Financ  (Read 3184 times)
julz
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000



View Profile
September 20, 2012, 10:58:26 PM
 #1

sophos technical paper

Quote
The ZeroAccess Botnet – Mining and Fraud for Massive Financial Gain

James Wyke, Senior threat researcher SophosLabs
2012-09

http://www.sophos.com/en-us/why-sophos/our-people/technical-papers/zeroaccess-botnet.aspx

...
The ZeroAccess botnet that communicates on port 16471 (32-bit) and 16470 (64-bit) is currently downloading plugins that facilitate Bitcoin mining.
...
These statistics clearly show that the Bitcoin mining botnet is the most prevalent, followed by the click fraud botnet with the kernel-mode botnet a very distant third.
...
If we estimate the total size of all ZeroAccess botnets to be 1,000,000 machines and use the statistics acquired from the successful installs data that suggests that the proportion of the total machines that connect to the Bitcoin mining botnet is 62%, then we have 620,000 machines that could be participating in Bitcoin mining.
...
We can see that ZeroAccess’ mining pool is close in size to some of the biggest public pools. These generate huge numbers of Bitcoins, for example the DeepBit pool [14] has mined over 1 million Bitcoins in the course of one year.
...
Using botnets to mine Bitcoins deprives hard-working legitimate Bitcoin miners from generating those coins and therefore receiving payment.
More importantly this activity taints the Bitcoin image. There have been several cases of Bitcoin exchanges being broken into and Bitcoins stolen [17], and there are concerns that the currency may die off like some digital currencies have done so before it [18].
A continued association with botnets and malware does nothing to increase the more widespread adoption of Bitcoin.
...

@electricwings   BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
1550300029
Hero Member
*
Offline Offline

Posts: 1550300029

View Profile Personal Message (Offline)

Ignore
1550300029
Reply with quote  #2

1550300029
Report to moderator
1550300029
Hero Member
*
Offline Offline

Posts: 1550300029

View Profile Personal Message (Offline)

Ignore
1550300029
Reply with quote  #2

1550300029
Report to moderator
Your Bitcoin transactions
The Ultimate Bitcoin mixer
made truly anonymous.
with an advanced technology.
Mix coins
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1550300029
Hero Member
*
Offline Offline

Posts: 1550300029

View Profile Personal Message (Offline)

Ignore
1550300029
Reply with quote  #2

1550300029
Report to moderator
JMAHH
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250


View Profile
September 22, 2012, 04:10:47 AM
 #2

BUMP. Just finished reading this.

The ZeroAccess botnet could be the third largest mining pool in terms of total hash rate. (page 44)
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1007


View Profile
September 23, 2012, 12:03:19 PM
 #3

Very interesting link, thanks.

It sounds like the operators weren't ready to scale up their pool operation, that's the only reason I can think of for why it'd be regularly unavailable. Incidentally google-updaete.com is now an NXDOMAIN.

Scaling a mining pool isn't easy, let alone to millions of nodes. They may have found the amount of effort it took to keep the pool running and performant made it not worth doing. Especially given the complexity of cashing out large quantities of coins.
JMAHH
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250


View Profile
September 23, 2012, 12:37:39 PM
 #4

Very interesting link, thanks.

It sounds like the operators weren't ready to scale up their pool operation, that's the only reason I can think of for why it'd be regularly unavailable. Incidentally google-updaete.com is now an NXDOMAIN.

Scaling a mining pool isn't easy, let alone to millions of nodes. They may have found the amount of effort it took to keep the pool running and performant made it not worth doing. Especially given the complexity of cashing out large quantities of coins.

Interestingly, they only make use of the CPU and not the GPU, as the report states. That is a huge loss of potential over a million computers. I was actually wondering why the hackers wouldn't implement a system whereby the GPU would be used an arbitrary number of hours per day (one, two, three)...
Gabi
Legendary
*
Offline Offline

Activity: 1148
Merit: 1008


If you want to walk on water, get out of the boat


View Profile
September 23, 2012, 04:47:47 PM
 #5

ASIC will make them die  Cheesy Just some months and goodbye

Shadow383
Sr. Member
****
Offline Offline

Activity: 336
Merit: 250


View Profile
September 24, 2012, 02:43:11 AM
 #6

Very interesting link, thanks.

It sounds like the operators weren't ready to scale up their pool operation, that's the only reason I can think of for why it'd be regularly unavailable. Incidentally google-updaete.com is now an NXDOMAIN.

The interesting question is - how long until they patch it to use Stratum? Then they could probably handle far more load...
Pages: [1]
  Print  
 
Jump to:  

Bitcointalk.org is not available or authorized for sale. Do not believe any fake listings.
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!