Using botnets to mine bitcoins is nothing new or interesting, but the latest entry in this wide category seems to be spreading quite rapidly through the Skype network. This iteration in the Bitcoin-mining-as-virus trend is really only unique because of the speed and method with which it’s spreading itself as well as its relative immunity to virus scanners.
While early reports have this malware spreading at 2,000 clicks per hour, the infection rate may be somewhat lower. To the best of our knowledge, this malware can’t magically infect your computer just from clicking a link – like most Skype malware, the link goes to a file which must be downloaded and executed by the user. This means that anyone who doesn’t fall for the old “funnypicture.jpg.exe” trick will register as a click but won’t be infected, though nefarious parties always seem have new tricks up their sleeves to trick even seasoned veterans.
Once infected, this virus begins CPU mining on the infected system. Yes, CPU mining.
Inexplicably, this most modern of Bitcoin malware is using the oldest and least profitable method of Bitcoin mining possible. Even with huge numbers of compromised computers it’s unlikely that CPU mining is earning this particular evil-doer much money at all. This move seems especially foolish when malware already exists that uses the much more profitable GPU of infected systems to mine.
Indeed, this new malware seems to lack most of the features we’ve come to expect from Bitcoin-based malware: It runs at a high priority, so users will notice it quickly as their systems slow to a crawl and it requires manual action on the part of the user to become infected, ensuring it can’t possibly reach peak efficiency. The only thing this seems to have going for it is that it’s not picked up by most of the major virus scanners – yet. Given that most virus scanners use a sort of fingerprint of known malware to do their thing, there’s usually a brief period like this for every piece of malicious code. Assuming the rest of this malware lives up (or down) to its already-established reputation, it’s only a matter of time before every virus scanner in town can find and kill it.
The good news in all of this is that, slow and drama-filled though it may be, the beginning of the ASIC era of Bitcoin mining is likely to raise mining difficulty so high that this sort of thing is unlikely to continue. In the meantime, well, botnets are still evil and all but I suppose I’d rather see them securing the network than sending spam.