Bitcoin-mining trojan spreading through Skype spam, Kaspersky warns

By on April 8, 2013, 6:30 PM

Skype users beware: Kaspersky has discovered a new trojan that's spreading through Microsoft's chat service. Revealed late last week, the malware campaign is believed to have only began on March 1 but has grown rapidly and the infection is essentially being distributed through crafty spam.

Users are reportedly receiving unsolicited messages encouraging them to click a link. In one example, the spam read "i don't think i will ever sleep again after seeing this photo," while another asked the recipient to critique a picture the sender supposedly edited. Naturally, the links lead to malware.

Once you've clicked the bait and the infection takes root, the attackers can gain control of your machine and can use it to do their bidding -- mining Bitcoins in this case. Bitcoins are created simply by using a system's CPU and GPU resources, which makes it an attractive revenue option for botnet operators. The decentralized digital currency is currently trading for more than $180 per unit and has gained popularity over the last year as an anonymous means of exchange, further adding to its appeal among cybercriminals.

Kaspersky reports that most of the victims are located in Russia and Ukraine, though users across China, Italy, Poland, Taiwan, Bulgaria, Costa Rica, Spain, Germany and more are also affected. The trojan has been quite active as the malicious URL was gaining about 10,000 clicks per hour -- or 2.7 per second if you prefer -- as recent as last week. The initial infection is known to be downloaded from a server in India, but once your system is compromised it's loaded with additional malware from elsewhere too.

It doesn't seem like there's a quick and easy method to making sure you aren't infected, though it's safe to assume something isn't right if your CPU and/or GPU are running at unusually high loads -- especially if a mysterious system process is using all your resources. The detection rate on VirusTotal is said to be pretty poor with only 12 of 46 antiviruses finding the infection. Of course, Kaspersky's security software is among the few that can detect the trojan and it's identified as "UDS:DangerousObject.Multi.Generic."

User Comments: 14

Got something to say? Post a comment
ikesmasher said:

Dear god, some people hit the huge bucks in the last few weeks with bitcoin prices. A couple of months ago they were 17 dollars a pop.

mrcavooter mrcavooter said:

Yea, last I saw they were $42. I wish I would have gotten a few then.

TheDreams TheDreams said:

Ya someone sent a message to me one of my "friends" and I clicked on the link and I was on my ipod and seconds of clicking on it, it said download file cannot be downloaded, thank god I was on my Ipod.

cliffordcooley cliffordcooley, TechSpot Paladin, said:

This is what happens when you put value in a running application. Someone figures out how to make it run on your machine in their name. This will also happen as long as we continue to allow spamming. Good luck putting a stop to these attacks as long as corporate wants to advertise.

JC713 JC713 said:

It is very interesting how it can take control of a machine without downloading a file. Just gets on there by surfing the site.

cliffordcooley cliffordcooley, TechSpot Paladin, said:

It is very interesting how it can take control of a machine without downloading a file. Just gets on there by surfing the site.
Thats just it, every time you visit a site those files needed to view the site are downloaded. Whether or not those files are malicious is the question.

Cota Cota said:

And here I'm wasting my time playing Skyrim when I could be making a new botnet...

Still thats a lot of menoy for a Bitcoin, I wonder whats the actual dificulty compared to those 10Dlls/Bitcoin

ET3D, TechSpot Paladin, said:

I mined half a bitcoin half a year ago or so, and left it in the mining pool. Figured I'd go look for it since the bitcoin went up, maybe use it to finance the Carbide 200R I want to get. Turned out one of the founders took the bitcoins and ran. All that's left of the site is a description of what happened.

spencer spencer said:

It's gonna keep going up this was because satoshi nakamoto"the cover of the real founder of bitcoin was on infowars at the point it was 42$ and then many listeners including myself started mining" Becuase bitcoin works by word of mouth really. Anyone on this website can mine really, just you have to have an amd gpu. + you don't really have to worry about your funds(of which you have already claimed disappearing". It's based in an open source mechanism that would prevent such things. Though the average person would say the fed reserve was also, I'm sure the people in cyprus thought so also. Now look at them.

1 person liked this | Ranger12 Ranger12 said:

Anyone on this website can mine really, just you have to have an amd gpu.

I think at this point it's not practical for anyone to do. As the difficulty of mining increases the ability of the average pc user to mine decreases. They now make specialty hardware specifically for mining that leaves the average gpu way behind. (Search ASIC Hardware or Butterfly Labs) For example an average AMD card may get somewhere around 1.75m hashes per joule while an ASIC rig may get anywhere from 20-100m or more hashes per joule, the idea being that some of these cards you cant even pay your power bill with the rate you're going to be mining at.

Here's a quick calculator for people who are interested.

If I did the math right, mine came out to like 5 cents a day on a 660ti and a i5 @ 4.2ghz, granted nvidia cards are less efficient miners.

spencer spencer said:

"can" 1-1000000 is better than 0 obviously

3 people like this | cliffordcooley cliffordcooley, TechSpot Paladin, said:

"can" 1-1000000 is better than 0 obviously

Lets recap:

How is 5 cents better than 0, if you had to spend 5 dollars to get there?

Hasbean said:

If I was a cynic, I would be convinced this is a deliberate ploy to scupper a potential rival to the current fictitious "money" scheme designed and managed by the Rothschild empire.

ET3D, TechSpot Paladin, said:

At the current exchange rate GPU mining is still worth doing. I just started on I Radeon 5750 and I estimate I'd make 0.25BTC a month, which is about $60 at the current rate. My rig probably uses 250W to do that (hopefully less), which I think will be far from $60 in electricity. If I move back to the 5850 the power to BTC ratio will be even better. It's not the most efficient, but for someone who's just dabbling in this it's still a gain.

Still, the problem is that anyone doing GPU mining has to do that in a pool, which means that they can have what's happened to me happen to them. I started mining now again in Slush's pool, which is the longest standing pool, and I hope something similar won't happen there. It's not that bad anyway, as long as you transfer funds to your own wallet on a regular basis.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.