Bitcoin-mining linked to malware spread by Yahoo ads


BitcoinHere’s an easy prediction to make for 2014. We’re going to see lots more malware attacks designed to mine Bitcoins on infected computers.

It’s come to light that some of the malware spread over the New Year period via poisoned Yahoo ads was designed to mine the virtual currency.

As you probably know, mining Bitcoins is an enormously processor-intensive activity which ties up the resources of a computer for an extraordinarily long period of time, gobbling up computer power and electricity. Because of this, Bitcoin mining has become a serious business with the more serious miners pooling their resources.

So, if you were keen for some Bitcoins, but didn’t have thousands of computers in your garden shed, maybe you would be tempted to hijack innocent people’s computers with malware instead?

Israeli security firm Light Cyber said in a press release that their researchers “were the first to discover that among other activities, the malware was attempting to use host computational resources for Bitcoin mining, and were the first to report attack-related files on Tuesday, December 31st.”

I had to roll my eyes a little at Light Cyber’s press release, however.

The company crows about how they the first to detect the malware, having allegedly detected it on December 31st 2013 at 11am UTC, “well before the attack was reported by a Dutch-based security firm and confirmed by Yahoo on Friday, January 3rd.”

However, if Light Cyber were so very smart how come they didn’t warn the millions of potentially affected Yahoo users themselves, rather than leaving it to Fox-IT on January 3rd?

It’s one thing to stop a malware attack hitting your customers. It’s quite another to realise what’s going on at the time, and warn all internet users of the potential danger.

Don’t forget - the malicious Yahoo ads relied upon vulnerabilities in users’ Java installations to infect surfing computers.

It’s essential that you either keep Java properly updated with security patches or disable Java in your browser entirely (note: Java is *different* from JavaScript).

Tags: , , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , , ,

One Response

  1. Richard Gadsden

    January 14, 2014 at 4:01 pm #

    My understanding is that ASICs are so much faster at mining than CPU mining (which is what the malware miners are doing) that even with many thousands of bot-miners, the malware writers are unlikely to mine any noticeable quantity of bitcoins.

    If so, there’s a good chance that malware mining will be unprofitable and malware writers will soon move on to doing something else.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.