Connect with us

Hi, what are you looking for?

News

SA white hat hackers disable Bitcoin-mining virus

Bitcoin virus

A dangerous Bitcoin-mining virus has been detected and disabled by two Johannesburg-based IT experts.

A potentially devastating Bitcoin-mining virus has been stopped in its tracks, thanks to the vigilance and quick actions of two local IT experts.

Although mining Bitcoin with regular computer hardware is no longer profitable, that isn’t keeping criminals from giving it a try. Over the past few years, there have been several types of Bitcoin-mining malware, infecting computers all over the world.

White hat ethical hacker William Vermaak, from PBSA’s digital arm pbDigital, and senior software developer, Morne Wilken, detected malicious activity on one of their customer’s servers last week.

The two immediately analysed the source of the virus and uninfected the server. “Unfortunately, the only trace left in the code by the originator is the Bitcoin wallet that the Bitcoins will be deposited into. To trace the Bitcoin wallet is extremely difficult and you will need a police warrant to get any information from the Bitcoin companies hosting the wallet,” says Vermaak.

According to Vermaak, the virus had gone undetected by all available virus packages. “We submitted samples to ESET the next day and [the company] immediately responded from its virus lab in Denmark, confirming the virus was wild and that detection for the threat had been added to its latest definition updates.”

Founded in 1992, ESET is a Slovakia-based IT security company that offers anti-virus and firewall products such as ESET NOD32. The security company named the virus winlog.VBS – VBS/TrojanDownloader.Agent.QE trojan winlog.bat – BAT/CoinMiner.UG Trojan.

By the time of detection, the virus had infected 0.04% of Windows computers in SA, while Russia was hardest hit, with 0.5% of all Windows computers infected. Windows is currently the most popular end-user operating system in the world.

Essentially, a Bitcoin-mining virus, the Winlog Virus downloads a Bitcoin CPU miner on the victim’s computer, and then mines Bitcoins for the virus originator. Vermaak says this type of virus is particularly evasive.

“It tries to make itself resilient and configures various system schedules to start it again if it’s stopped. The virus will also install itself on the system as a system service. It infiltrates the System Registry and changes some keys to make itself run again if it’s shut down,” Vermaak explains.

“Shortcuts on the victim’s desktop are modified to run the virus and these then run the original program, in an attempt to mask its presence. The virus also copies itself into various other files on the system – including Microsoft.exe – to ensure resilience.”

Bitcoin mining machines

Almost three months ago, Russian president Vladimir Putin’s Internet advisor, Herman Klimenko, issued a dire public warning that 20% to 30% of all computers in Russia were infected with computer malware designed to turn devices into Bitcoin-mining machines.

At the time Klimenko told Moscow-based news broadcaster RBC that viruses that install bitcoin-mining software are the “most common and most dangerous” type of computer malware in existence.

With the surge in Bitcoin-mining viruses, Vermaak says: “You need to keep your anti-virus software updated, and your operating system on the latest updates.

“With the growing demand for Bitcoin, this is sure to escalate in the near future, but it is still very new so hopefully we’ve stopped this method of infection for now.

“These days there is no such thing as a bulletproof system. Everything has got some weakness whether it’s a known or unknown vulnerability. Someone will find a vector that no one will think of to gain access to a system and use it to their advantage. The only thing you can do is to minimise the risk by using a good anti-virus package and to do backups regularly,” Vermaak concludes.

Published by ITWeb on 17 October 2017.

Print Friendly, PDF & Email

You May Also Like

Electronic Signatures

Software Advice uses reviews from real software users to highlight the top-rated Electronic Signature Software products.

Electronic Signatures

Submitted by Andrew Price, SigniFlow Lead UX Designer

Electronic Signatures

Submitted by Marijke De Klerk, SigniFlow Videographer

Electronic Signatures

Submitted by Melanie Horn, SigniFlow Customer Success Director UK/EU/MENA

Asia Pacific

Submitted by Mila Pham, SigniFlow Customer Success Advisor

Electronic Signatures

Group collaboration software tools built for ultimate team efficiency.

Electronic Signatures

How does document automation work? And what’s so great about it, anyway? Read on and we’ll tell you. Plus, we'll throw in 8 key...

Electronic Signatures

Procurement teams need the right tools get purchasing procedures rolling, quickly and methodically, with maximum transparency and accountability.

Electronic Signatures

Our team of SigniFlow development ninjas built Microsoft 365 Add-ins to allow for seamless movement from Microsoft applications into your workflow process, so you...

Electronic Signatures

Paperwork is a drag - literally. SigniFlow digitises sales processes so sales teams can turn leads into customers and meet target, without any holdups.

Copyright © 2022 - SIGNIFLOW© SOFTWARE
Disclaimer: The information in this BLOG is provided for general informational purposes only and is the opinion of the author only. No information contained in this blog should be construed as legal advice from SigniFlow or the individual author, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this blog should act or refrain from acting on the basis of any information included in, or accessible through, this blog without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue.