Yahoo Ad Malware Was An Attempt To Build A Secret Bitcoin Mining Botnet

from the bitcoin-mining-scams-on-the-rise dept

A decade ago, it was actually fairly common to see various "distributed computing" projects seek to put a variety of people's computers to use to tackle tough problems -- and sometimes those distributed efforts involved clearly revealed and transparent code within other applications. A couple years ago, just as Bitcoin was first starting to get attention, I remember hearing from someone who was talking about trying to build a media player that would look to offer licensed/authorized content in exchange for quietly being a part of a Bitcoin mining effort. Nowadays, it appears that this idea of creating secret distributed Bitcoin mining is taking on a somewhat more questionable reputation. A gaming software company was whacked with a $1 million fine after (the company claims) a "rogue employee" included some Bitcoin mining hidden within their app. There have been accusations that a number of other apps out there are also secretly mining bitcoin.

Just recently, we noted that Yahoo users in Europe were exposed to malicious ads that were downloading malware. It's now come out that the malware was... Bitcoin mining software, which sought to use some of everyone's excess computing resources to hunt for more Bitcoin. As "malware" goes, this is actually a lot less damaging than some other stuff out there (keyloggers designed to steal bank info, for example). It likely would bump up electricity bills slightly for some users, and basic PC mining is pretty ineffective, but it's interesting to see that malware folks are taking such extreme steps to try to build secret Bitcoin mining networks.

Of course, it still seems like doing this kind of thing in an upfront way might be an interesting business model: offer some useful software for free, telling folks very clearly that the "payment" is that they'll be using some of your spare cycles for mining. Of course, it might be better if this was done for cryptocurrencies that weren't so damn inefficient with electricity -- something like Peercoin instead of Bitcoin, for example. I imagine it's really only a matter of time. Imagine a Netflix/Hulu competitor that offered you the content for free, in exchange for distributed computing power, paying the licenses out of the proceeds from the mining. It's not that crazy when you think about it...
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ads, bitcoin mining, business models, malware
Companies: yahoo


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ninja (profile), 9 Jan 2014 @ 2:41am

    Well, it was a matter of time I guess. I wonder if antivirus software are already adding such things to their lists? The PUP detection abilities are already there for a while now.

    Of course, it might be better if this was done for cryptocurrencies that weren't so damn inefficient with electricity -- something like Peercoin instead of Bitcoin, for example.

    On a side note, not as related, how many of those digital cryptocurrencies are out there? For the more initiated in economics, isn't it bad to have a fragmented market?

    link to this | view in chronology ]

    • identicon
      Lazere, 9 Jan 2014 @ 8:40am

      Re:

      I can tell you that Malwarebytes detects at least some mining software as PUP. It detected the one I was intentionally playing with (can't remember which of the top of my head) just yesterday.

      link to this | view in chronology ]

  • icon
    JCHP (profile), 9 Jan 2014 @ 3:50am

    However...

    If the Netflix/Hulu/Random Media Player started giving away free stuff in exchange for cryptocurrency mining, then the **AA and co. would start asking for a tax on those "coins", wouldn't they?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Jan 2014 @ 4:08am

      Re: However...

      They already claim more missed income than there is wealth in the universe, so oh well...

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jan 2014 @ 4:22am

    Bitcoin mining malware isn't completely inoffensive: if your cooling is marginal, it can cause the hardware to overheat and fail.

    Even then, it's quite interesting that the profitability of Bitcoin mining is causing it to displace more dangerous malware.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Jan 2014 @ 6:01am

      Re:

      I don't see the displacement. You can have both mining and more dangerous malwares installed.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 9 Jan 2014 @ 6:14am

        Re: Re:

        Any extra malware increases the chance that the whole set is discovered, which reduces the return from the bitcoin mining part. If the mining is profitable enough, it is rational to install only it, to lessen the chance of either discovery or (with more aggressive kinds of malware) actually damaging the system it's running on.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jan 2014 @ 5:05am

    What a useless concept. It would have been cool years ago but now for any SHA256-based currency this is useless, you can't compete with ASIC miners. Especially since you need the user to have decent hardware and be physically logged in locally for mining to work decently, otherwise you're stuck using CPU mining which is even more ridiculous for SHA256. You'd literally need millions of computers to compete against a single 1000$ unit... and guess how many of those are out there now.

    And yes, even scrypt based mining on CPU is pretty much useless, unless your entire point is to mine at a loss.

    So these people had way too much expectations out of their "hidden" miner.

    link to this | view in chronology ]

    • icon
      Ninja (profile), 9 Jan 2014 @ 5:38am

      Re:

      unless your entire point is to mine at a loss.

      What loss? Because the people behind it would not be spending a penny to mine, even if it is hellish inefficient.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 9 Jan 2014 @ 7:22am

        Re: Re:

        He is probably counting the "development cost" of the malware and the costs associated with distributing it.

        link to this | view in chronology ]

  • identicon
    Just Sayin', 9 Jan 2014 @ 5:14am

    Not a bad idea

    Actually, these guys are onto something. Almost all malware is directed towards accomplishing a secondary goal these days, it's rarely about just screwing up a computer because you can.

    Some are more direct than others, botnets have been created to spam or do to DDoS attacks for a price, and the encode the files on your hard drive ransom ware is just a more direct version.

    This bitcoin malware isn't unique, it's just that someone figured out that there was a hole to be filled. if you can get a few million computers working for you, even if they aren't very effecient, and you can mine some decent numbers. With bitcoins at $1000 a pop these days, it could become very profitable.

    I wonder if the next one will look for existing mining rigs, mining software, or the like and subvert it? Perhaps looking for bitcoin account numbers to try to transfer funds out of the account.

    ... and the AC is right, if your system is sensitive to heat, running it really hard for an extended period could harm it, so this isn't malware without cost or potential pain.

    link to this | view in chronology ]

  • identicon
    Me, 9 Jan 2014 @ 5:34am

    BOINC

    I still would be peeved at this bitcoin mining "malware" since that means my excess computing resources are no longer searching for pulsars or extraterrestrials. If I missed talking to ET because someone else wanted 0.00000000000000000000000001 bitcoin, the whole world suffers.

    link to this | view in chronology ]

    • icon
      Ninja (profile), 9 Jan 2014 @ 5:49am

      Re: BOINC

      No need to waste your resources, it has been done before 673582b9aaf9a804754affe5288ae625639f4c69 if you are cheap or 4aa34c333a36d1bd7b41dcf6e59ab65bc36b59f3 for high def ET talking ;)

      Wait a minute, finger touching counts as talking, no?

      link to this | view in chronology ]

    • icon
      beltorak (profile), 9 Jan 2014 @ 11:08am

      Re: BOINC

      technically, a bitcoin is (currently) only divisible to 8 decimal places (0.00000001 - or, 1 "satoshi").

      /pedant

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jan 2014 @ 3:47pm

    FarmVille

    It's only a matter of time before someone releases a FarmVille-like game, wherein the player work needed to generate the in-game currency is tied to generation of a BTC-like "real" currency, for the benefit of the game's producers.

    That's the point when BTC jumps the shark.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Jan 2014 @ 7:31am

    Outside the box thinking........i like it

    link to this | view in chronology ]

  • identicon
    dfaojg, 29 Aug 2014 @ 5:55am

    Bitcoin HYIP - Double Your Bitcoin

    Bitcoin HYIP - Double Your Bitcoin
    Invest 1 btc Return $3 btc in 48 hours
    http://www.bitcoinhyip.org

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.