Confession's of a Bitcoin Botnet coder...

[MysteryMiner]

A skilled person is safe with Windows or with Linux

Depends on the exploit. Yes, noobs click email attachments, download "codecs" from porn sites, etc. But it doesn't matter how good you are if somebody exploits a 0 day in chrome you are fucked. This is why Google pays people to disclose them.

Even for Windows 0-day exploits are becoming less damaging. Software does not run with administrative permissions. No system-wide damage, no rootkit installation possible. Some of vulnerabilities require special circumstances or already existing account on target computer.

The "codecs" are different kind of problem or "blessing" depending from context. When computers were expensive, only people who tried to master them used computers. Now everyone can afford a computer and they use it as entertainment device and don't want and can't use computers properly because of lack if IQ.

[check_status]

Please avoid this Windows bullshit. Those are Windows boxes because noobs use Windows and not Linux. And, since they are noobs, they keep their computer NOT secure, unprotected and vulnerable to everything
The problem is the user, NOT the operative system.


A skilled person is safe with Windows or with Linux

A Windows Security Experts advice to Noobs:

Noob:
What can I do to improve my Windows security?

WSE:
Install Windows ($150) latest updates ASAP.
Make sure you are running a good up to date Anti-Virus. ($59.99)
Make sure you have a good Firewall turned on. ($39.99)
Don't click on or install dumb shit. (Priceless)

A Linux Security Experts advice to Noobs:

Noob:
What can I do to improve my Linux security?

LSE:
Install your Linux (Priceless) distro's latest updates and fixes.
Don't click on or install dumb shit. (Priceless)

The cost of being secure on W?ndows? $250
The cost of being secure on Linux? Priceless  

[bulanula]

Please avoid this Windows bullshit. Those are Windows boxes because noobs use Windows and not Linux. And, since they are noobs, they keep their computer NOT secure, unprotected and vulnerable to everything
The problem is the user, NOT the operative system.


A skilled person is safe with Windows or with Linux

A Windows Security Experts advice to Noobs:

Noob:
What can I do to improve my Windows security?

WSE:
Install Windows ($150) latest updates ASAP.
Make sure you are running a good up to date Anti-Virus. ($59.99)
Make sure you have a good Firewall turned on. ($39.99)
Don't click on or install dumb shit. (Priceless)

A Linux Security Experts advice to Noobs:

Noob:
What can I do to improve my Linux security?

LSE:
Install your Linux (Priceless) distro's latest updates and fixes.
Don't click on or install dumb shit. (Priceless)

The cost of being secure on W?ndows? $250
The cost of being secure on Linux? Priceless  

For Windblow you have to pay the stupid tax

[MoonShadow]

Something important for Windows users...Notice in the pics, W7, VS, XP. Every machine listed in the pics are Windows boxes. He also said he binds programs uploaded to usenet.

At the beginning it happened, my crypter got flagged and I had to rearrange the code to re"FUD" it. Now everything is automated, every victim gets a regular update, just for him. And because the polymorphism happens on my side, AV vendors can't get a detection for all modifications, it's game over for them.

I wonder if he has compromised any linux boxes?

Please avoid this Windows bullshit. Those are Windows boxes because noobs use Windows and not Linux. And, since they are noobs, they keep their computer NOT secure, unprotected and vulnerable to everything
The problem is the user, NOT the operative system.


A skilled person is safe with Windows or with Linux

Skilled people don't use Windows exclusively, so it's a moot point.  Skilled people who use mutiple OS's know that GNU/Linux (and many other *nix class operating systems) is inherently more secure than Windows, even though Windows has improved significantly over the past decade.  Therefore, if some random person asks me what to do to improve their bitcoin security on windows, my default answer is still to use something else.

[Timo Y]

13-20 Ghash/s means his mining botnet earns him approx. $1.100-1.700 per month.

Now, I don't want to condone his actions, but putting myself in his skin, that seems hardly worth it to me. That's less than a cleaning lady earns where I live.  Why doesn't he just get a real job?  Why risk going to prison for such a modest amount of income?  

I assume that selling the CC information is a lot more lucrative than mining, and the mining is just a side project of his.

Either that, or his is doing this for reasons other than money. Prestige? Power?

He seems to think he is invincible, but even Tor is not 100% safe, and all it takes is a second of carelessness and your anonymity is blown, and your life is ruined.

[Sukrim]

As long there is Gigamining and Bitbond don't worry.
They collected now in only 3 weeks more than 30000 BTC to run their miners.

Volume does not mean income... I could sell a single share at 1 BTC and then it gets traded a million times --> volume is 1m BTC, but I still only got this single coin.

About the thread itself - just with the info he posted, as I said, it's not impossible to track his coins down at all for anyone. German speaker, miner at BTCguild (and no, I would NOT ban mining botnets by the way!) with a total of 10+ GH/s (possibly spread on several accounts), most likely has a higher-than-average stale rate, as he'd need to tunnel his getworks through his own proxy + TOR... do I need to go on?

What I find a bit disturbing is that even though he acts like a "total pro", in the end 1-2 years of reading coding tutorials online don't magically transform you in the god of programming. Likely he introduced a few security holes in his botnet software too.

[blablahblah]

can we tip the anti virus companies with advise on how to catch these background bitcoin mining processes so it's more difficult for botnets to operate as miners?

No no no... AV companies are like "reformed criminals" -- you never really know if they're 100% trustworthy.

1) They're self-proclaimed experts on viruses and other malware,
2) They like to install software on your computer which just happens to be a massive resource hog,
3) Their business model relies on a never-ending supply of viruses and customer fear.

If someone wants to be completely genuine about anti-virus software, why not ask for a government grant to kickstart a FOSS AV program that users are able to download and compile themselves? Then you can absolutely guarantee that your friendly anti-virus isn't burning up the idle time on your GPU.

[Raoul Duke]

If someone wants to be completely genuine about anti-virus software, why not ask for a government grant to kickstart a FOSS AV program that users are able to download and compile themselves? Then you can absolutely guarantee that your friendly anti-virus isn't burning up the idle time on your GPU.

http://www.clamav.net/lang/en/download/sources/ <-- not commenting on how good it is, but it's open source.

[kokojie]

Actually the botnet operator herself said windows is just as secure as macos or linux, it is just that botnets don't target linux because its tiny market share and the users are often knowledgeable about computers.

Please avoid this Windows bullshit. Those are Windows boxes because noobs use Windows and not Linux. And, since they are noobs, they keep their computer NOT secure, unprotected and vulnerable to everything
The problem is the user, NOT the operative system.


A skilled person is safe with Windows or with Linux

A Windows Security Experts advice to Noobs:

Noob:
What can I do to improve my Windows security?

WSE:
Install Windows ($150) latest updates ASAP.
Make sure you are running a good up to date Anti-Virus. ($59.99)
Make sure you have a good Firewall turned on. ($39.99)
Don't click on or install dumb shit. (Priceless)

A Linux Security Experts advice to Noobs:

Noob:
What can I do to improve my Linux security?

LSE:
Install your Linux (Priceless) distro's latest updates and fixes.
Don't click on or install dumb shit. (Priceless)

The cost of being secure on W?ndows? $250
The cost of being secure on Linux? Priceless  

[Sukrim]

If you get a Linux machine, it's likely a server. Probably quite often these are then used for FTP dumps and similar instead of being searched for credit card/Paypal/... information.

[rjk]

If someone wants to be completely genuine about anti-virus software, why not ask for a government grant to kickstart a FOSS AV program that users are able to download and compile themselves? Then you can absolutely guarantee that your friendly anti-virus isn't burning up the idle time on your GPU.

http://www.clamav.net/lang/en/download/sources/ <-- not commenting on how good it is, but it's open source.

I use that for all my mail servers. It's lightweight and fast.

[dizzy1]

Volume does not mean income... I could sell a single share at 1 BTC and then it gets traded a million times --> volume is 1m BTC, but I still only got this single coin.

About the thread itself - just with the info he posted, as I said, it's not impossible to track his coins down at all for anyone. German speaker, miner at BTCguild (and no, I would NOT ban mining botnets by the way!) with a total of 10+ GH/s (possibly spread on several accounts), most likely has a higher-than-average stale rate, as he'd need to tunnel his getworks through his own proxy + TOR... do I need to go on?

What I find a bit disturbing is that even though he acts like a "total pro", in the end 1-2 years of reading coding tutorials online don't magically transform you in the god of programming. Likely he introduced a few security holes in his botnet software too.

One of the pictures he linked to showed a modified version of https://github.com/cdhowie/Bitcoin-mining-proxy. He also said although he only says he has 10-20gh/s, he suspects that up to 30% of the current hashing power is from botnets.

[Raoul Duke]

If someone wants to be completely genuine about anti-virus software, why not ask for a government grant to kickstart a FOSS AV program that users are able to download and compile themselves? Then you can absolutely guarantee that your friendly anti-virus isn't burning up the idle time on your GPU.

http://www.clamav.net/lang/en/download/sources/ <-- not commenting on how good it is, but it's open source.

I use that for all my mail servers. It's lightweight and fast.

So do I. Just didn't want to start a discussion that AV's suck, and blah blah blah, hence the part about not commenting

[DeathAndTaxes]

A Windows Security Experts advice to Noobs:

Noob:
What can I do to improve my Windows security?

WSE:
Install Windows ($150 $0.00) latest updates ASAP.  (Already installed on that computer you just bought, service Packs have never cost anything)
Make sure you are running a good up to date Anti-Virus. ($59.99 $0.00)  (You said good not expensive right?  Avast = Free)
Make sure you have a good Firewall turned on. ($39.99 $0.00)  (Windows firewall is fine for 99% of users.  For power users there are free alternatives.)
Don't click on or install dumb shit. (Priceless)

FYPFY

I would add:
Install Windows Defender (there are better anti-malware products but I generally give WD to noobs because it just works).
use a router w/ NAT & SPI.  Only forward ports you need.

[DeathAndTaxes]

13-20 Ghash/s means his mining botnet earns him approx. $1.100-1.700 per month.

Now, I don't want to condone his actions, but putting myself in his skin, that seems hardly worth it to me. That's less than a cleaning lady earns where I live.  Why doesn't he just get a real job?  Why risk going to prison for such a modest amount of income?  

He indicated he is a student.  An $1800/mo part time job which is related to your major ain't that bad of a gig for a student.  As you indicated his total compensated is likely more when you include various other forms of revnue.  Would I personally do it?  No but I imagine a lot of other would if they had the ability.

[Fiyasko]

Well. Atleast people might realise "omg my gpu is at 100% overnight"
Or "hey my fans slow down when i use my computer"

But ofcourse they wont /facepalm
Most people dont do regular Dust Checks

[Sukrim]

It might even help the PCs living longer having their fans run nonstop so there is less dust buildup!

[Nyaaan]

13-20 Ghash/s means his mining botnet earns him approx. $1.100-1.700 per month.

Now, I don't want to condone his actions, but putting myself in his skin, that seems hardly worth it to me. That's less than a cleaning lady earns where I live.  Why doesn't he just get a real job?  Why risk going to prison for such a modest amount of income?  

I assume that selling the CC information is a lot more lucrative than mining, and the mining is just a side project of his.

Either that, or his is doing this for reasons other than money. Prestige? Power?

He seems to think he is invincible, but even Tor is not 100% safe, and all it takes is a second of carelessness and your anonymity is blown, and your life is ruined.

It's extra money, everyone loves extra money. Also, he considers it a 'challenge', and I agree that it is one.
It's called anonymity and being careful. Your life is only ruined if you dox yourself and reveal everything to FBI lul

It might even help the PCs living longer having their fans run nonstop so there is less dust buildup!

+1

I'm tell you guys, this stuff is going to be the end of bitcoin.

I think you have it backward…this stuff is going to be the end of the traditional banking system.  At least with Bitcoin you have a fighting chance of securing your assets.  With the traditional banking system, the theft just gets subsidized and no one cares or will care until entire companies (or nations that bail them out) start to collapse.  Unfortunately, by that time, it will be too late for that system.  I find it interesting that these criminals are using a superior (and ultimately less vulnerable) system like bitcoin to exploit an antiquated system that is rife with insecurities.

I have to agree with that.

I kinda want my own bitcoin botnet now. 

Send me a PM bro, I can work something out for you

Something important for Windows users...Notice in the pics, W7, VS, XP. Every machine listed in the pics are Windows boxes. He also said he binds programs uploaded to usenet.

At the beginning it happened, my crypter got flagged and I had to rearrange the code to re"FUD" it. Now everything is automated, every victim gets a regular update, just for him. And because the polymorphism happens on my side, AV vendors can't get a detection for all modifications, it's game over for them.

I wonder if he has compromised any linux boxes?

Zeus is not compatible with Linux, and most malware isn't either, because Windows is fail and idiots use Windows (double fail)

[Gabi]

Please avoid this Windows bullshit. Those are Windows boxes because noobs use Windows and not Linux. And, since they are noobs, they keep their computer NOT secure, unprotected and vulnerable to everything
The problem is the user, NOT the operative system.


A skilled person is safe with Windows or with Linux

A Windows Security Experts advice to Noobs:

Noob:
What can I do to improve my Windows security?

WSE:
Install Windows ($150) latest updates ASAP.
Make sure you are running a good up to date Anti-Virus. ($59.99)
Make sure you have a good Firewall turned on. ($39.99)
Don't click on or install dumb shit. (Priceless)

A Linux Security Experts advice to Noobs:

Noob:
What can I do to improve my Linux security?

LSE:
Install your Linux (Priceless) distro's latest updates and fixes.
Don't click on or install dumb shit. (Priceless)

The cost of being secure on W?ndows? $250
The cost of being secure on Linux? Priceless  

Please, i use Windows 7 with Avast antivirus (wich is free) and nothing more and i get no virus

Yes i have to pay for the OS but except that nothing more.

Also a noob will get infected even with an antivirus and a firewall, that's why he is a noob

[Dansker]

He sounds like quite the Prodigy judging from his replies.

I wonder how he is spending his bitcoins?

Also, won't you be able to detect botnets mining in pools due to a change in mining power equal to people turning on and off their infected computers?