01BTC10
VIP
Hero Member
 Offline
Activity: 756
Merit: 503
|
 |
November 22, 2012, 02:45:28 PM |
|
To date there have been 0 confirmed CPU botnets, 0 confirmed GPU botnets, and 0 confirmed FPGA botnets on bitcoin.
A smart GPU botnet would of course create a different account for each worker but that is sooooo much work, right? ;-) I think a smart GPU botnet would setup a Bitcoin mining proxy or a mining pool. |
|
|
|
|
|
|
|
|
|
In order to achieve higher forum ranks, you need both activity points and merit points.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
SolarSilver
Legendary
Offline
Activity: 1112
Merit: 1000
|
|
November 22, 2012, 02:55:17 PM |
|
Yes? Can you link something to evidence the frequent action pool operators take? Article or transcript from pool operators talking about it? I'm curious to learn about this.
To get accurate numbers, you would have to ask the question to Tycho. I was shown last week by a deepbit user when he logged in the banner "your account has been suspended due to illegal activity" (paraphrasing from memory here). He said it happens automaticly once you have more than 150 different IPs connect to the same worker. (as it happened before) There is a banner when you register that says "In case of illegal activity your account will be locked", https://deepbit.net/register.phpWith the amount of traffic deepbit sees, it would be hard to believe they have not automated some parts of the banning |
|
|
|
|
|
bcpokey
|
|
November 22, 2012, 05:30:28 PM |
|
Yes? Can you link something to evidence the frequent action pool operators take? Article or transcript from pool operators talking about it? I'm curious to learn about this.
To get accurate numbers, you would have to ask the question to Tycho. I was shown last week by a deepbit user when he logged in the banner "your account has been suspended due to illegal activity" (paraphrasing from memory here). He said it happens automaticly once you have more than 150 different IPs connect to the same worker. (as it happened before) There is a banner when you register that says "In case of illegal activity your account will be locked", https://deepbit.net/register.phpWith the amount of traffic deepbit sees, it would be hard to believe they have not automated some parts of the banning I'm not asking for accurate numbers, I'm asking for any confirmed botnet reports, and evidence as to them being GPU based, as you so casually stated that they were. What you are telling me is that because an automated system on deepbit, which admittedly catches many regular users (unless you are suggesting your friend is a botnetter) by its aggressive settings, is the only suggestion that botnets "might be out there". That is hardly conclusive evidence of the roving bands of GPU botnets you claim. CPU botnets are the most likely, and even those are not very likely, nor clearly are they being very successful. |
|
|
|
|
01BTC10
VIP
Hero Member
Offline
Activity: 756
Merit: 503
|
|
November 22, 2012, 05:38:23 PM
Last edit: November 22, 2012, 06:00:00 PM by 01BTC10 |
|
Yes? Can you link something to evidence the frequent action pool operators take? Article or transcript from pool operators talking about it? I'm curious to learn about this.
To get accurate numbers, you would have to ask the question to Tycho. I was shown last week by a deepbit user when he logged in the banner "your account has been suspended due to illegal activity" (paraphrasing from memory here). He said it happens automaticly once you have more than 150 different IPs connect to the same worker. (as it happened before) There is a banner when you register that says "In case of illegal activity your account will be locked", https://deepbit.net/register.phpWith the amount of traffic deepbit sees, it would be hard to believe they have not automated some parts of the banning I'm not asking for accurate numbers, I'm asking for any confirmed botnet reports, and evidence as to them being GPU based, as you so casually stated that they were. What you are telling me is that because an automated system on deepbit, which admittedly catches many regular users (unless you are suggesting your friend is a botnetter) by its aggressive settings, is the only suggestion that botnets "might be out there". That is hardly conclusive evidence of the roving bands of GPU botnets you claim. CPU botnets are the most likely, and even those are not very likely, nor clearly are they being very successful. Maybe you missed those threads: https://bitcointalk.org/index.php?topic=81356.0;allhttps://bitcointalk.org/index.php?topic=67634.0http://www.reddit.com/r/IAmA/comments/sq7cy/iama_a_malware_coder_and_botnet_operator_ama/Q: How many botted machines do you typically gain per month or per campaign.
A: about 500-1000 a day, weekends more. I'm thinking about just buying them in bulks and milking them for bitcoins. Asian installs are very cheap, 15$/1000 installs and have good GPUs. http://arstechnica.com/tech-policy/2011/08/symantec-spots-malware-that-uses-your-gpu-to-mine-bitcoins/In contrast, the newest Bitcoin malware takes full advantage of the computing power on each compromised machine—including its GPU. http://www.symantec.com/security_response/writeup.jsp?docid=2011-081115-5847-99&tabid=2The Trojan will then run one of the following Bitcoin mining programs:
If a GPGPU-enabled graphics card is found, it runs Phoenix Miner.
Otherwise it runs RPC Miner. |
|
|
|
|
SolarSilver
Legendary
Offline
Activity: 1112
Merit: 1000
|
|
November 22, 2012, 10:24:59 PM |
|
What you are telling me is that because an automated system on deepbit, which admittedly catches many regular users (unless you are suggesting your friend is a botnetter) by its aggressive settings, is the only suggestion that botnets "might be out there".
I'm not suggesting he is a botnetter. I know he is a botnetter, he paid BTC 20 for the custom miner from a guy on Silk Road that installs itself on machines through a trojan horse and makes them into dedicated workers. That is hardly conclusive evidence of the roving bands of GPU botnets you claim.
CPU botnets are the most likely, and even those are not very likely, nor clearly are they being very successful.
The people that run the botnets don't care if it's CPU or GPU, but they are more interested in harvesting good GPU machines. With most recent machines sporting some kind of GPU, they are actively being milked. Check some of the stats individual people are getting on pools. A single individual that has 300 GH/s surely does not have all these machines in his own office. |
|
|
|
|
Korbman
Legendary
Offline
Activity: 1064
Merit: 1001
|
|
November 22, 2012, 10:38:52 PM |
|
I'm not suggesting he is a botnetter. I know he is a botnetter, he paid BTC 20 for the custom miner from a guy on Silk Road that installs itself on machines through a trojan horse and makes them into dedicated workers.
[...]
The people that run the botnets don't care if it's CPU or GPU, but they are more interested in harvesting good GPU machines. With most recent machines sporting some kind of GPU, they are actively being milked.
Check some of the stats individual people are getting on pools. A single individual that has 300 GH/s surely does not have all these machines in his own office.
Cool stuff. I wonder how sustainable the botnets actually are over time. Even so, I don't think "botnetting" ASIC devices will be all that possible until the general public utilizes them daily (assuming it ever reaches that point). They're way too much of a niche device, tailored to a subset of the bitcoin community. To presume these botters are going to utilize ASICs attached to PCs undetected is a bit absurd....though not impossible. |
|
|
|
|
bcpokey
|
|
November 23, 2012, 10:59:38 PM |
|
Yes? Can you link something to evidence the frequent action pool operators take? Article or transcript from pool operators talking about it? I'm curious to learn about this.
To get accurate numbers, you would have to ask the question to Tycho. I was shown last week by a deepbit user when he logged in the banner "your account has been suspended due to illegal activity" (paraphrasing from memory here). He said it happens automaticly once you have more than 150 different IPs connect to the same worker. (as it happened before) There is a banner when you register that says "In case of illegal activity your account will be locked", https://deepbit.net/register.phpWith the amount of traffic deepbit sees, it would be hard to believe they have not automated some parts of the banning I'm not asking for accurate numbers, I'm asking for any confirmed botnet reports, and evidence as to them being GPU based, as you so casually stated that they were. What you are telling me is that because an automated system on deepbit, which admittedly catches many regular users (unless you are suggesting your friend is a botnetter) by its aggressive settings, is the only suggestion that botnets "might be out there". That is hardly conclusive evidence of the roving bands of GPU botnets you claim. CPU botnets are the most likely, and even those are not very likely, nor clearly are they being very successful. Maybe you missed those threads: https://bitcointalk.org/index.php?topic=81356.0;allhttps://bitcointalk.org/index.php?topic=67634.0http://www.reddit.com/r/IAmA/comments/sq7cy/iama_a_malware_coder_and_botnet_operator_ama/Q: How many botted machines do you typically gain per month or per campaign.
A: about 500-1000 a day, weekends more. I'm thinking about just buying them in bulks and milking them for bitcoins. Asian installs are very cheap, 15$/1000 installs and have good GPUs. http://arstechnica.com/tech-policy/2011/08/symantec-spots-malware-that-uses-your-gpu-to-mine-bitcoins/In contrast, the newest Bitcoin malware takes full advantage of the computing power on each compromised machine—including its GPU. http://www.symantec.com/security_response/writeup.jsp?docid=2011-081115-5847-99&tabid=2The Trojan will then run one of the following Bitcoin mining programs:
If a GPGPU-enabled graphics card is found, it runs Phoenix Miner.
Otherwise it runs RPC Miner. Though I appreciate links, as I requested them (maybe you missed that post), neither of these fit any criteria of the quote. Top line from The AMA post: I operate a ~10k botnet using a ZeuS software I modified myself, including IRC, DDoS and bitcoin mining (13GH/s - 20GH/s atm). 20GH = 20,000 MH; 20,000 MH / 10,000comps = 2MH/comp. Or roughly what you'd get out of an old crappy CPU. I did say in the quote that CPU mining is most likely of the unlikely scenarios. For the symantec stuff, GPU malware != GPU botnet. Simply is one, low-risk (hasn't spread much) example of code that has that ability. No one is claiming that it is impossible to do, that isn't what we're discussing, so this is not a useful link. If it were a report of how it was a widespread hidden threat that would make more sense. As to the other guy with the botnetter friend, well. I will just leave that conversation be then. |
|
|
|
|
Jaw3bmasters (OP)
Full Member
Offline
Activity: 196
Merit: 100
Another block in the wall
|
|
November 24, 2012, 12:36:53 PM |
|
There's probably something like zeus for miners already out in the wild. What you're seeing isn't whats really there.
|
In Cryptography we trust.
|
|
|
|
legitnick
|
|
November 25, 2012, 02:28:57 AM |
|
What if BFL/bASIC backdoors the ASIC's?  |
|
|
|
SolarSilver
Legendary
Offline
Activity: 1112
Merit: 1000
|
|
November 25, 2012, 11:16:11 AM |
|
What if BFL/bASIC backdoors the ASIC's? in the case of bASIC, it would be easy to spot as the firmware will be released as open source. Same with Avalon. In the case of a hardcoded backdoor into the hardware or BFL (closed source), traffic analysis would show other outgoing communication than the account you config (your own choice of pool or solo mining). Whoever makes the hardware has little control over where/how you deploy the hardware. |
|
|
|
|
|
