Explore Technology Certificate Programs That Fit Your Needs /// Click here to learn more.
Welcome Guest | Sign In
LinuxInsider.com

Bitcoin's Popularity Attracts Malware Writers

Bitcoin's Popularity Attracts Malware Writers

The Bitcoin dodge was similar to scams that involve someone claiming to have a million dollars to invest and offering the target a portion of the money to do it, said LogRhythm's Greg Foss. "This is the New Age version of that, where it's attacking users of Bitcoin. We can tell it was very targeted, because all the people we've seen affected by this are registered Bitcoin users."

By John P. Mello Jr. TechNewsWorld ECT News Network
01/22/14 5:00 AM PT

While most folks know the value of money, few know the latest value of a Bitcoin, a virtual currency prone to wide price swings. Those swings haven't deterred those on the digital leading edge from speculating in the currency -- or bad app writers from cooking up ways to steal it.

"Bitcoins -- and indeed any digital property of any value -- will be a theft target," Bitcoin developer Jeff Garzik told TechNewsWorld.

"Just like U.S. dollars, Bitcoins are a thing of value, and therefore attractive to bad actors such as thieves," he added. "Bitcoins are purely digital, which makes them more vulnerable to malware than the wallet in your pocket."

Such a vulnerability was discovered recently by LogRhythm; it identified a phishing campaign targeting a list of known Bitcoin owners. Attached to messages are zip archives that the missives declare contain an electronic wallet with 30 Bitcoins, or about US$24,000.

When the wallet is opened, it infects a machine with the Bitcoin malware.

"What we found was that it actually siphons off the Bitcoin wallet of the person who opened the archive," LogRhythm Senior Security Research Engineer Greg Foss told TechNewsWorld.

Bitcoin Mining

Bitcoins also were targeted in a malware attack uncovered by Light Cyber. In that campaign, the bad app was distributed through advertising originating with Yahoo's servers.

Once the ad appeared in a browser, the malware infecting it exploited a Java vulnerability and went on to infect the machine, running the browser with several malicious programs -- including a Bitcoin miner.

Installing a Bitcoiin miner was a curious choice on the part of the malware writers, noted Light Cyber Vice President of Product and Strategy Giora Engel.

"Mining Bitcoin with a personal computer is not efficient," he told TechNewsWorld. "You would need to infect millions of computers before you could generate revenue from this."

Target Developments

The security spotlight continued to shine last week on Target, which was beginning to look like a deer in a Peterbilt's headlights.

The number of customers affected by a data breach in November-December zoomed from 70 million to 110 million.

More information began to emerge about where the data went after it was stolen and how the thieves nicked it.

Two security firms traced the path of some 11 GB of purloined personal information of millions of target customers from a place on the company's own servers to a U.S. server compromised by the attackers, and finally to a server in Russia (see Breach Diary).

"A heist of this caliber is done by the best of the best," said JD Sherry, vice president of technology and solutions at Trend Micro. "One or more elite crime syndicates most likely performed most of the reconnaissance and analysis on the Target mother ship."

RAM Scrapers

The world also got a better look at the techniques used by the Target attackers to compromise the company's systems. It was revealed that Target's point of sale terminals were infected with malware that used "RAM scraping" to siphon data from the devices.

The technique is used to look into an area of memory and identify targets -- credit card numbers, for example -- to capture.

"They can use scraping to retrieve raw data or gain intelligence about the layout of a POS system," Jeff Debrosse, director of security labs at Websense, told TechNewsWorld.

Because the malware was found on thousands of POS stations, it probably was distributed from Target's servers. "The size of the breach indicates the attack was centralized in order to have impacted that many credit card account holders," Debrosse said.

Also last week, although the horses have left the barn, Target announced it was investing $5 million in a multiyear campaign to educate the public on the dangers of scams.

Breach Diary

  • Jan. 13. Nieman Marcus confirms its systems were violated by hackers and some customer's credit card information may have been taken. It does not disclose the size of the breach.
  • Jan. 13. Cisco announces that later this month, it will release firmware patches to remove a backdoor from one of its wireless access points and two of its routers. Products affected by the flaw are the WAP4410N Wireless-N Access Point, WRVS4400N Wireless-N Gigabit Security Router and RVS4000 4-port Gigabit Security Router.
  • Jan. 14. Twitter change takes effect requiring all developers using the service's API to communicate with it using encrypted communication.
  • Jan. 15. Cisco releases patches to address vulnerabilities in its Secure Access Control appliance that could give remote attackers administrative access to the platform and allow them to execute OS-level commands without authorization.
  • Jan. 15. Microsoft announces it will continue to update its Windows XP antimalware software for consumers and the enterprise through July 14, 2015. Formal support for XP ends April 8.
  • Jan. 15. Wickr, a mobile app encryption program, announces it will pay as much as $100,000 to anyone who can find a critical security vulnerability in its software.
  • Jan. 16. Starbucks pledges to make its iOS app more secure in the wake of revelations by researchers that software contains vulnerability that allows credentials of its owner to be seen by anyone who gets their hands on the device.
  • Jan. 16. Barracuda Networks reports comic site Cracked.com has been compromised by hackers and is clandestinely infecting its visitors with malware. The security firm recommends the site be avoided until its operators fix the problem.
  • Jan. 17. Two security companies, iSight Partners and Seculert, report that personal information from some 110 million Target shoppers from Nov. 27 to Dec. 15 was forwarded to a server in Russia.

Upcoming Security Events

  • Jan. 23. Privileged Threat Analytics: Detect and Disrupt Network Attacks as they Occur. 2 p.m. ET. Webinar. Free with registration.
  • Jan. 23. Coping with the Data Breach Regulatory Avalanche. 1 - 2 p.m. ET. Web conference sponsored by International Association of Privacy Professionals (IAPP). Free with registration.
  • Jan. 27-29. CyberTech 2014. The Israel Trade Fairs & Convention Center, Tel Aviv. Registration: Until Jan. 1, $350; Jan. 2-26, $450; on-site, $550.
  • Jan. 28. Online Trust Alliance Data Privacy Town Hall. 8-11:30 a.m. ET. Baruch College, 151 E. 25th St., William & Anita Newman Conference Center, New York city. $35.
  • Jan. 30. Online Trust Alliance Data Privacy Town Hall. 8-11:30 a.m. PT. Marriott Union Square, 480 Sutter St., Union Square Ballroom, San Francisco. $35.
  • Jan. 30. C/C++ APPSEC IN 2014. 1 p.m. ET. Black Hat webcast. Free with registration.
  • Feb. 4. Online Trust Alliance Data Privacy Town Hall. 8:30-11:30 a.m. PT. Grand Hyatt Seattle, 721 Pine St., Eliza Anderson Amphitheater, Seattle. $35.
  • Feb. 6. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.
  • Feb. 9-13. Kaspersky Security Analyst Summit. Hard Rock Hotel and Casino Punta Cana, Domincan Republic.
  • Feb. 17-20. 30th General Meeting of Messaging, Malware and Mobile Anti-Abuse Working Group. Westin Market Street, San Francisco. Members only.
  • Feb. 25. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.
  • Feb. 27. TrustyCon. 9:30 a.m-5 p.m. PT. AMC Metreon, 135 4th St #3000, Theater 15, San Francisco. Sponsored by iSEC Partners, Electronic Frontier Foundation (EFF) and DEF CON. $50 plus $3.74 fee.
  • March 20-21. Suits and Spooks Singapore. Mandarin Oriental, 5 Raffles Ave., Marina Square, Singapore, and ITU-IMPACT Headquarters and Global Response Center, Cyberjaya, Malaysia. Registration: Singapore and Malaysia, by Jan. 19, $415; after Jan. 19, $575. Singapore only, by Jan. 19, $275; after Jan. 19, $395.
  • March 25. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.
  • March 25-28. Black Hat Asia. Marina Bay Sands, Singapore. Registration: by Jan. 24, $999; by March 21, $1,200; by March 28, $1,400.
  • April 5-14. SANS 2014. Walt Disney World Dolphin Resort, Orlando, Fla. Job-based long courses: $3,145-$5,095. Skill-based short courses: $575-$3,950.
  • April 8. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.
  • April 8-9. IT Security Entrepreneurs' Forum. Computer History Museum, 1401 North Shoreline Boulevard, Mountain View, Calif. April 8 workshops and April 9 forum and reception, $595. Forum and reception only, $495. Government employees, free. Students, $195.
  • April 11-12. Women in Cybersecurity Conference. Nashville, Tenn.
  • April 29. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.
  • May 20. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.
  • June 3. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.
  • June 5. Cyber Security Summit. Sheraton Premiere, Tysons Corner, Va. Registration: $250; government, $50.
  • June 24. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.
  • Sept. 18. Cyber Security Summit. The Hilton Hotel, New York City. Registration: $250; government, $50.


John Mello is a freelance technology writer and contributor to Chief Security Officer magazine.


Facebook Twitter LinkedIn Google+ RSS