14 DAY TRIAL // As Bitcoin currency systems become more vulnerable, cybercriminals find all sorts of ways of masking Bitcoin mining bots in order to strengthen and speed up their illegal activities.
These bots are used to solve Bitcoin blocks which once cracked, translate into real earnings for the mastermind behind the whole operation. Because a lot of computing power is required to work out these blocks, hackers spread “miners” on a large number of computers which unwillingly combine their power in pools to faster process the same job.
Trend Micro recently discovered that a worm component of the famous TDL4 malware is participating in Bitcoin pools.
According to the research, WORM_OTORUN.ASH contains a parameter called getwork which is normally used by malicious components to gain access to a mining operation.
During the monitoring activities, it was observed that WORM_OTORUN.ASH’s command and control servers were mainly hosted by ISPs located in Ukraine, Romania, and the Netherlands. The United States also hosts a lot of these worms.
As seen recently, Bitcoin currency is quickly loosing its value and its credibility because of the hacking activities surrounding it. Once the methods of solving blocks were discovered, online villains realized that there's a lot of easy money that can be obtained by simply infecting random PCs with the right stuff.
Of course the criminal trend will keep evolving and if some drastic security measures are not implemented in regards of this system, the phenomenon will increase until there is nothing left to steal.
As an advice to our readers, you can always use the TDSS / TDL4 Removal Tool to clean your system. Also, an infection with such a miner bot is in most cases easy to discover as it tends to eat up all the resources of your computer, so if you notice that even simple tasks make your device work intensely, you might be the unlucky owner of this malware. TDSS / TDL4 Removal Tool 1.0.0.1 is available for download here.