Feeds

New malware ferrets out and steals Bitcoins

Hopelessly devoted to you

Top three mobile application threats

You know your virtual currency has hit the big leagues when criminals develop trojans that infect computers for the sole purpose of stealing it. Bitcoin, the open-source project launched two years ago, reached that turning point Thursday.

That's when researchers from Symantec discovered Infostealer.Coinbit, a piece of Windows malware that ferrets out the digital wallet stashed on Bitcoin users' hard drives and uploads it to an SMTP server that's probably located in Poland. It's the first report of a trojan in the wild that targets the digital cash, but Symantec researchers said its only a matter of time until the feature is found in other pieces of malware.

“If you use Bitcoins, you have the option to encrypt your wallet and we recommend that you choose a strong password for this in the event that an attacker is attempting to brute-force your wallet open,” Symantec's Stephen Doherty wrote in a blog post.

The advice makes sense, since Bitcoins are just like cash in the sense that they lack any sort of intrinsic method of tracking the thief. The digital currency's peer-to-peer architecture was designed from the ground up to foster transactions that can't be reversed and to allow users to remain anonymous. A Bitcoin user calling himself Allinvain claims to have learned that lesson the hard way when, he said, someone stole coins theoretically valued at $500,000.

But this irreversibility points to a potential risk of following Symantec's advice to encrypt the wallet: Lose the key and your coins will be lost forever.

A separate Symantec researcher, Peter Coogan, has theorized a separate way online crooks could profit handsomely from a Bitcoin feature that allows users to “mine” coins by contributing CPU cycles to solving a cryptographic problem. Criminals wielding a botnet of 100,000 infected machines, for example, could generate $97,000 per month, assuming all nodes worked on the problem continuously. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Burnt out on patches this month? Oracle's got 104 MORE fixes for you
Mass patch for issues across its software catalog
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
Oracle working on at least 13 Heartbleed fixes
Big Red's cloud is safe and Oracle Linux 6 has been patched, but Java has some issues
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.