• Gold Money
    05/26/2016 - 14:27
    Here’s a question that might have you pondering: Is gold a commodity? More importantly, are we doing a disservice to the gold industry by calling gold a commodity? These may sound like silly...

Yahoo Virus Converts Millions Of Computers Into Bitcoin Mining Slaves

Tyler Durden's picture




 

A few days ago it was revealed that numerous European users of Yahoo, as many as two million, had gotten infected with malware from virus-laden ads served by Yahoo's homepage during the period from December 31 to January 3. The company admitted as much when it revealed that "From December 31 to January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines – specifically, they spread malware." Users in North America, Asia Pacific and Latin America weren't affected, Yahoo said. Nor were users of Apple Macs or mobile devices. "We will continue to monitor and block any advertisements being used for this activity," the company added. "We will post more information for our users shortly." What was not clear is just what function the ad virus served. According to the Guardian, the purpose of the most prevalent virus spread by the website was to convert the infected computers into Bitcoin mining slaves.

According to the Guardian, "some of the malware would turn PCs into bitcoin miners - a huge drain on its computing resources - without users' knowledge. Yahoo has been criticised for not saying how many people could be affected or doing anything to help those with the malware, which attacked flaws in Java modules on systems."

As a reminder, in "A trip through the Bitcoin mines" we showed just how extensive the capital requirements can be for any legitimate Bitcoin mining operation, where the distributed calculations used to extract new Bitcoins have now risen to a stunning 10 quadrillion per second.

So what is an enterprising hacker in need of some quick cash, but unwilling to spend the CapEx for procuring the expensive equipment (especially when buybacks and dividends are so much more attractive, just kidding) to do? Why force others to do the mining for them. This is precisely what the creator of the Yahoo-hosted virus did.

According to Light Cyber, a security research firm which warned Yahoo of the attacks in late December, one of the malware programs delivered in the attack turned the victim's computer into a bitcoin miner. The computer is set to work performing the calculations required to make the bitcoin network run, but the rewards for doing so accrue to the malware writer.

 

Fox IT, the Dutch cybersecurity firm which first disclosed the vulnerability to the public, estimated that there were around 27,000 infections every hour the malware was live on the site. If the malware was being served consistently for the three days, it may be the case that almost 2 million computers were infected.

 

Bitcoin is so valuable to botnet owners, criminals who control large numbers of compromised computers, that one academic paper argues that the security of the network is permanently at risk. Philipp Güring and Ian Grigg argue that the currency violates Gresham's Law (pdf), an economic theorem that states that bad money drives out good. Since bitcoin mining is far more profitable done on stolen computers with stolen energy, they argue, it will soon be uneconomical to do it any other way.

 

"The attack focused on outdated software," says Steve Regan of security site CSO. "The only way for the exploits to work is to have outdated versions of Java on your system. If Java is up to date, then the odds are, you're safe. However, I don't trust Java, so unless you absolutely need it, my advice is to uninstall it from your system. It seems like I see more zero-day attacks aimed at Java than anything else, the risk isn't worth it for me." Zero-day attacks exploit previously unreported flaws in software to install malware or take over a computer.

Mining for Bitcoin was not the only infection.

As well as the bitcoin mining malware, other software installed includes ZeuS, which attempts to steal banking information; Andromeda, which turns the computer into part of a "botnet" for use by third parties, and "adjacking" malware which hijacks the user's browser to click on adverts, thus channeling income to corrupt site owners... Software such as ZeuS lets criminals install Cryptolocker, a dangerous new type of malware which first encrypts the user's files and then demands a ransom, payable in bitcoin, to decrypt them. In most versions of Cryptolocker, the ransom is set at two bitcoins, currently worth around $2,000.

One can only hope that Yahoo, which hosted the ads willingly and apparently without filtering and pre-clearing the ad content, wasn't in on the scheme. To be sure, it has been slammed for keeping users in the dark.

Yahoo has been criticised for not doing more to aid users infected by the faulty adverts. Dan Farber of technology site CNET says that: "At this point, Yahoo hasn't addressed any of the details, such as how the malware exploit got into its Web pages, how many users are impacted, and what victims of the attack should do. The company may still be gathering data."

All in all, a rather ingenious wealth extraction scheme: either have others mine for Bitcoin, or demand a ransom if they want their computer back. We wonder how long until these activities are added to the definition of GDP in the New Normal economy?

The best news, however, is that there are still at least two millions people who use Yahoo.

0
Your rating: None
 

- advertisements -

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Wed, 01/08/2014 - 12:49 | 4311812 ebworthen
ebworthen's picture

Where's Fonestar to tell us this is bullish for Bitcoin?

Wed, 01/08/2014 - 12:54 | 4311825 Temporalist
Temporalist's picture

Ebworthen that isn't fair.  When there are tungsten bars floating around it doesn't mean all gold is bad or all gold "bugs" are thieves and the same should apply to BTC.  Whether you like it or not there cannot be a double standard.

Wed, 01/08/2014 - 12:59 | 4311864 Grande Tetons
Grande Tetons's picture

Fonestar should be laughing his ass off all the way to the bank...if he is smart...he will be taking profits here. 

 

Wed, 01/08/2014 - 13:00 | 4311876 Pladizow
Pladizow's picture

What color were these computers?

Wed, 01/08/2014 - 13:04 | 4311895 Skateboarder
Skateboarder's picture

PCB Green. You can call me raycizz. but I'm just tellin' the truth, brotha.

Wed, 01/08/2014 - 13:10 | 4311927 fonestar
fonestar's picture

Anyone using Yahoo deserves to be Bot'd.  I hope the guy running that net made shitloads off those dupes.

Wed, 01/08/2014 - 13:36 | 4312016 nope-1004
nope-1004's picture

Honorable currency you're pushing there dude.....

 

Wed, 01/08/2014 - 13:41 | 4312035 fonestar
fonestar's picture

How is a currency honourable or dishonourable?  Beyond stupid, your anti-Bitcoin rants are pathetic.

I don't care how anyone makes their Bitcoin as long as they make it.  These people were already voluntary windoze slaves so I have no objection to someone turning them into Satoshi's slaves.

Wed, 01/08/2014 - 13:55 | 4312085 SISSYFUSS
SISSYFUSS's picture

"I don't care how anyone makes their Bitcoin as long as they make it."

You'd fit right in at 'Wall Street Inc'

May the cog-dis be with you :-)

Wed, 01/08/2014 - 14:02 | 4312094 nope-1004
nope-1004's picture

I'm pro Bitcoin, if it were truly free.  But seems to me a log of every transaction and cyber wallet is not the most intelligent way to stay away from gov't peeps, especially in light of Snowden's disclosure on the level of NSA intrusion.

And I don't buy this notion that a failing electricity grid will kill Bitcoin either.  I just logically look at what the government and banks dislike, which is cash and PM's, and go from there.  If the govvy is open to incorporating Bitcoin and the same corrupt, fascist govvy is my enemy, then simple reasoning follows.

No?

Wed, 01/08/2014 - 14:37 | 4312260 Musashi Miyamoto
Musashi Miyamoto's picture

check out anoncoin

Wed, 01/08/2014 - 14:44 | 4312291 Bearhug Bernanke
Bearhug Bernanke's picture

I heard dogecoin is taking off too. Such profit.

Wed, 01/08/2014 - 15:04 | 4312389 Grosvenor Pkwy
Grosvenor Pkwy's picture

dogechain fork

much loss

so sad

 

Wed, 01/08/2014 - 17:10 | 4312792 Stackers
Stackers's picture

 

Since bitcoin mining is far more profitable done on stolen computers with stolen energy, they argue, it will soon be uneconomical to do it any other way.

 

At current difficulty levels, it would take 2 million desktop computers running normal graphics cards MONTHS to generate one single bitcoin.

 

The purpose built ASCI miners have made the difficulty go exponential and can not be matched by desktop GPU's anymore. Even millions of them mining into a single account would not generate any kind of real returns. A single desktop graphics card at today's difficulty would literally take 6 months to mine 0.01 bitcoin

Wed, 01/08/2014 - 19:37 | 4313378 digi
digi's picture

http://blog.cryptographyengineering.com/2013/04/zerocoin-making-bitcoin-anonymous.html 

Bitcoin will adopt that anonymous feature or another coin will and we will be talking about it in a few years and not bitcoin.

Wed, 01/08/2014 - 14:02 | 4312105 wee-weed up
wee-weed up's picture

 

 

Bitcoin... the new VD.

Are you infected?

Wed, 01/08/2014 - 14:14 | 4312155 Handful of Dust
Handful of Dust's picture

Yahoo becomes malware's bitch.

Wed, 01/08/2014 - 14:19 | 4312169 fonestar
fonestar's picture

All's fair in love and HaX0r3.

Wed, 01/08/2014 - 16:56 | 4312793 silvermail
silvermail's picture

"...turning them into Satoshi's slaves"?!

More precisely in slaves of Fed, which is hidden under the guise of an unknown Satoshi.
After all, that's what you meant, is not it? LOL

Wed, 01/08/2014 - 13:42 | 4312037 Woodhippie
Woodhippie's picture

A crazy thing happened to me the other day ... had someone show up trying to sell me something and right in the middle of the pitch he wanted me to go mine some gold for him.

 

I told him to fuck off.

Wed, 01/08/2014 - 14:43 | 4312285 max2205
max2205's picture

My PC just said I now have 1,000 bitcoin....how do I sell them?

Wed, 01/08/2014 - 15:57 | 4312608 Woodhippie
Woodhippie's picture

Look for a crytoperson that will accept them?

Wed, 01/08/2014 - 21:35 | 4313812 BitStorm
BitStorm's picture

I'll give ya three-fiddy

Wed, 01/08/2014 - 13:55 | 4312087 Stoploss
Stoploss's picture

Your currency is about to be declared a cyber terrrrisst....

Wed, 01/08/2014 - 14:06 | 4312127 fonestar
fonestar's picture

I guess you think Bitcoiners are concerned about their declarations?

Wed, 01/08/2014 - 14:46 | 4312300 sessinpo
sessinpo's picture

fonestar   "Anyone using Yahoo deserves to be Bot'd.  I hope the guy running that net made shitloads off those dupes.

Comment

Very emotional response. And what if it happened on a site you used. What if it happened at ZH. Would you then be one of those dupes? And would you be a dupe for buying into bitcoin or because you got infected?

Wed, 01/08/2014 - 14:50 | 4312320 fonestar
fonestar's picture

I wouldn't get infected.  I don't run windoze and I am too smart.

Wed, 01/08/2014 - 17:00 | 4312829 silvermail
silvermail's picture

If you actually had a "very smart", then you would understand that Bitcoin - it is product of the Federal Reserve.

Wed, 01/08/2014 - 17:07 | 4312835 silvermail
silvermail's picture

Bitcoin – a product of the Federal Reserve.
Only the blind can not see it.

Dollar discredited itself in the eyes of the public. The Fed also discredited itself in the eyes of the public.
Of course for Fed was needed make a legend about some Satoshi, buyout supposedly created Bitcoin, and then he is evaporated.

Thus, the Fed shows for fools (which the majority) that Bitcoin - a system that "does not belong to anyone," and "no one is controlled".

But this is absurd. In the world there are no financial assets and payment systems that have no legal owner,
with a specific name, surname and ID number.

All that is in front of the prefix "The global World or International" - it is the property of the United States. Or controlled by the United States.
Everything else - the local and minor.

Federal Reserve no longer need gold. Now they have a Bitcoin. As soon ends era the first fiat money - the U.S. dollar, immediately begin the era of other fiat money under the control of the Fed - it will Bitcoin.

Bitcoin system has a limit of coins. But Bitcoin system has no limit fragmentation of these coins.
Crushing coins Bitcoin to infinity - it's the same exact Monetary Emission, like printing FRN.

http://bitcoinmagazine.com/8531/u-s-air-force-building-bitcoin-payment-g...

One of the main objectives of Bitcoin - it distract investors from investing in gold and silver.
Bitcoin today is the main enemy of the PMs and the main instrument of the Fed for to suppress the price of PMs.

Wed, 01/08/2014 - 14:40 | 4312275 unrulian
unrulian's picture

if you like your processor, you can keep it

Wed, 01/08/2014 - 14:05 | 4311900 SafelyGraze
SafelyGraze's picture

I can practically hear them laughing

https://www.youtube.com/watch?v=mcSujceZDmg

spoiler:  the ceo laugh lasts

Wed, 01/08/2014 - 14:17 | 4312166 nope-1004
nope-1004's picture

hilarious

Wed, 01/08/2014 - 13:03 | 4311884 zaphod
zaphod's picture

Your average dedicated CPU miner does 2Mh/s. If a hacker gets control of 2 million computers that equals 4Th/s at best. 

This is no better than a single ASIC miner or two today. Basically standard computers are useless for bitcoin mining, the currency has moved beyond that.

The network is fully secure and fine, thanks for the FUD though.

 

Wed, 01/08/2014 - 13:11 | 4311936 fonestar
fonestar's picture

Windoze abusers + Yahoo == my pants are down around my ankles, rape me please!!

Wed, 01/08/2014 - 16:11 | 4312650 Papasmurf
Papasmurf's picture

Windoze abusers + Yahoo == my pants are down around my ankles, rape me please!!

"Sent from your iPhone"

Wed, 01/08/2014 - 17:18 | 4312887 silvermail
silvermail's picture

The Fed and Wall Street, rape you every day with the help of deceptions, manipulations and now with Bitcoin.

Is this not enough for you?

Wed, 01/08/2014 - 13:17 | 4311954 DoChenRollingBearing
DoChenRollingBearing's picture

zaphod, thank you again for your kind assitance a week or two ago re BTC encryption, etc.

That may be part of my "Part Seven", which might finish off my BTC articles.

Wed, 01/08/2014 - 14:01 | 4312112 Kirk2NCC1701
Kirk2NCC1701's picture

Beeblebrox for President!

;-)

Wed, 01/08/2014 - 14:31 | 4312216 margaris
margaris's picture

Exactly.

I'd suspect that the malware was trying to steal the user's wallet.dat and not do any mining, because mining with a cpu is completely idiotic at this point in time.

Even mining with an ASIC is considered a waste of time and money by many, because you could rather just buy the Bitcoins directly instead of investing the money in miners and hoping you can return the investement, in the end it's the same result.

Wed, 01/08/2014 - 17:23 | 4312904 silvermail
silvermail's picture

I think this is just another viral advertising Bitcoin.

Wed, 01/08/2014 - 13:31 | 4311999 fonestar
fonestar's picture

Why would I "take profits" (sell Bitcoin) dumbass?  How does this effect Bitcoin or Bitcoin's value at all?  Oh right, it doesn't....

Wed, 01/08/2014 - 13:40 | 4312020 Grande Tetons
Grande Tetons's picture

Well, the reason is simple.....book profits on a winning trade and keep some of your original investment on the table.  

Taking profits has nothing to with value and everyhting to do with generating wealth.  

How many Canadian bagholders got fucked by not taking profits on Nortel? Bitcoin may be future...who knows...but there is nothing wrong with taking some chips off the table. 

Wed, 01/08/2014 - 14:05 | 4312121 jcaz
jcaz's picture

Don't bother, dude- you're already way over Fonestar's head....

Plus- you can ever sell in a Ponzi......

Wed, 01/08/2014 - 14:17 | 4312163 fonestar
fonestar's picture

Another pathetic lemming, clueless about P2P.  Spent the last ten years living in a closet.

Wed, 01/08/2014 - 17:29 | 4312932 silvermail
silvermail's picture

Skype and torrent also based on P2P. But this does not make them orphaned, self-managed, decentralized, anonymous and safe.

Wed, 01/08/2014 - 14:50 | 4312323 sessinpo
sessinpo's picture

fonestar   "Why would I "take profits" (sell Bitcoin) dumbass?  How does this effect Bitcoin or Bitcoin's value at all?  Oh right, it doesn't...."

 

Comment

You don't take profits or losses to effect the the price of any market. You take profit or loss to effect your own account despite the market. Your emotional reponses to defend bitcoin makes one really see bitcoin is a bubble or a market not worth being in.

Wed, 01/08/2014 - 15:08 | 4312342 fonestar
fonestar's picture

Hahaha..... "a bubble" what a pathetic joke.  I guess cars are in a bubble, horse buggies are going to make a comeback any day now!

Wed, 01/08/2014 - 17:32 | 4312948 silvermail
silvermail's picture

And for this reason you are willing to pay money for a ticket to a virtual spaceship? LOL

Wed, 01/08/2014 - 18:46 | 4313224 silvermail
silvermail's picture

Each adult who believes in fairy godmother, wizards, Satoshi and bitcoin - should go to a psychiatrist to be checked.

Do NOT follow this link or you will be banned from the site!