Print 47 comment(s) - last by EricMartello.. on Aug 23 at 1:03 AM

The latest trojan to hit the block isn't exactly subtle -- it sends your GPU on a roaring hunt for bitcoins.  (Source: Flickr)

Bitcoins could soon contend with spam generation as a botnet profitization scheme of choice.  (Source: Symantec)
Creative virus could make up to $97,000 USD a month if it can infect 100,000 machines, researchers say

File this piece of trojan as an entrant for the title of the world's least subtle malware.  Security researchers at Symantec Corp. (SYMC) have discovered a trojan, which they've dubbed "Trojan.badminer" [database entry], that exhibits a highly unusual attack behavior.

The trojan targets users’ GPUs and CPUs, using them in a botnet scheme.  But rather than simply sending spam, like your average botnet, the attacker uses the infected machines as brute-force tools to mine for Bitcoins.  

Bitcoins, a crypto-currency that's growing in popularity are currently in the process of being "seeded" -- a way of establish an initial amount of circulation.  Miners can set their hardware to work trying to solve difficult cryptographic problems.  Occasionally, if their hardware is powerful enough, they will obtain proof of work for a problem, which leads to a reward of 50 new Bitcoins, according to the current scheme embraced by Bitcoins international proponents.  At today's market value, that's a reward of almost $544 USD.

Symantec researcher Poul Jensen describes how the new Trojan abuses the mining process, writing, "With the advent of Trojan.Badminer and common usage of fast graphics cards, it may well begin to make economic sense to rent botnets in order to carry out distributed Bitcoin mining and run the process on an industrial scale."

Peter Coogan, another Symantec researcher, turned heads in June when he suggested that cyber-criminals could use a Bitcoin botnet of 100,000 machines to make $97,000 USD a month.  At that rate, Bitcoin mining becomes in close contention with other botnet profiteering schemes like spamming.

Just because you don't have a top-of-the-line gaming GPU doesn't mean your home computer is safe from "badminer".  While a GPU can crunch hashes 750 times faster than a CPU, or more, the trojan will put CPUs to work on the task as well.

The malware is the latest setback to Bitcoin, which has recently experienced massive swings in market value and a major security breach at its biggest currency exchange -- Mt. Gox.

As for the new virus, it seems that the threat on the GPU side may be a bit overstated.  Bitcoin clients heavily tax GPUs, meaning that they will be very noisy when the client is running.  So the next time your GPU is inexplicably screaming like a wailing banshee, you might want to do a malware scan -- you may be infected with a Bitcoin trojan.

(Of course CPU infections would likely be more subtle.)

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Penis Enlargement...
By Argon18 on 8/17/2011 6:25:20 PM , Rating: 2
what kind of home personal computer uses nearly a $thousand dollars per month of electricity? you might want to check your math there buddy.

RE: Penis Enlargement...
By Smilin on 8/17/2011 6:42:59 PM , Rating: 2
Bad Math. Valid point.

RE: Penis Enlargement...
By Solandri on 8/17/2011 8:51:12 PM , Rating: 3
Am I missing something? The article and comment says $97,000/mo for 100,000 computers. Or $0.97/mo per computer. That sounds about right for people who only turn on their computer when they need it. ($0.12 per kWh => 8.1 kWh/mo => 32.4 hours/mo @ 250 W, or a bit more than 1 hour of computer use per day.)

RE: Penis Enlargement...
By Natch on 8/18/2011 8:09:30 AM , Rating: 2
Wow, feel sorry for you, if you're paying $0.12/kWh for power!

Got to love my state's law that allows us to choose our electricity provider, as I recently signed up for a 2 year agreement to purchase electricity at no more than $0.09/kWh.

Made about a $50 difference on my first bill!

RE: Penis Enlargement...
By TSS on 8/18/2011 10:10:50 AM , Rating: 2
Great thing about bot nets is, they don't have to be near you. quick search for here in holland gives me a 22 cent/kWh (, and that's in euro's. Probably not the cheapest you can find it, but sounds about right on average. i doubt it's much different in other europian countries (though we are taxed more then most).

Point is, if it didn't make sense already it probably will very soon to mine bitcoins via botnets. the price to keep the hardware running isn't going to go down while the price to actually find bitcoins is only going to go up.

RE: Penis Enlargement...
By kjboughton on 8/17/2011 7:27:16 PM , Rating: 2
The 'Tier 4' and above PG&E electric rate in CA is about $0.34/kWh (depending on exactly where you live and what usage schedule applies to you). It's quite easy to get to this level of energy usage as it starts once you've used just 661 kWhs in your current billing cycle, which is not hard in the least.

See here:

As an example, you can use ZIP code 94555 if you want to play with it.

So, accordingly, assuming your system is running full time, 24 hours/day for, let's say, 30 days, that would be 720 hours for the month.

At $0.34/kWh, you would need to consume 2,941 kWhs to incur an additional $1,000 charge.

As a result, the math says that the 'system' would need to be consuming about 4 kW at the rate necessary to make this work.

A heavily overclocked system can easily suck down 250 W when working at sustained 100% CPU load. So a farm of 16 systems is your answer. Basically, a small office.


RE: Penis Enlargement...
By kjboughton on 8/17/2011 7:33:02 PM , Rating: 2
And just to drive the point home, if 16 computers (at 250 W each) running full time costs $1,000/month, then 100K computers would cost $6,250,000/month. That's $6.25 million.

This is greater than $97,000.

What exactly where you saying about the math again?

RE: Penis Enlargement...
By Amiga500 on 8/18/2011 3:19:34 AM , Rating: 2

250W running 24/7 for 30 days is 180 kWh

Current electricity prices here are around £0.10/kWh (I'd imagine the prices in the US are broadly similar.)

One computer costs around £18 a month to run.

16 computers would cost ~£290 /month to run.

1000 computers would cost £18,000 /month to run. Not £100K. That is nearly an order of magnitude difference, now, unless electricity prices in the states are around $1/kWh then those numbers quoted above are way out.

RE: Penis Enlargement...
By Amiga500 on 8/18/2011 3:22:55 AM , Rating: 2

18 x 100,000 is indeed £1,800,000 - my apologies.

<stupid>Must learn to read the damn article!!</stupid>

RE: Penis Enlargement...
By mindless1 on 8/19/2011 1:49:55 PM , Rating: 2
WHAT? No, not $6.25M.

I'll make one reply to address the math for everyone. Since I'm making informed guesses about some figures the total will be only a ballpark figure, but certainly the "average" PC infected is nowhere near capable of 260W, remember the average PC is not an enthusiast class gaming rig, it's an integrated video OEM box or has a low end video card.

100,000 computers running an average of 12 hours a day. 12 hours accounts for some on only when used by owner and some on 24/7. 30 days * 12 hours/day = 360 hours.

Average low load/idle PC consumption is about 90W. It would be lower since most are integrated OEM systems, except it also accounts for aging systems without today's level of power management to downclock, HLT idle, etc., and multicore or gaming systems with higher idle load.

Under load I'm estimating an additional 70W power consumption from both CPU and GPU loading. We don't have to consider the 90W figure above, that's a constant, only the added 70W figure is power that would've otherwise not been used.

US average energy cost is about $0.11/KWH. $0.11/KWH * 360H * 70W = $2.77 addt'l cost per infected system, per month. "Maybe" some people did the math not remembering to divide by 1000 to convert watt-hours to KWH.

$2.77 * 100K PCs = $277,000 additional power consumed.

“Then they pop up and say ‘Hello, surprise! Give us your money or we will shut you down!' Screw them. Seriously, screw them. You can quote me on that.” -- Newegg Chief Legal Officer Lee Cheng referencing patent trolls

Most Popular ArticlesSmartphone Screen Protectors – What To Look For
September 21, 2016, 9:33 AM
UN Meeting to Tackle Antimicrobial Resistance
September 21, 2016, 9:52 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Update: Problem-Free Galaxy Note7s CPSC Approved
September 22, 2016, 5:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki