Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 4 MINUTES AGO.
You are here: Home / Viruses & Malware / Mirai Botnet Starts Mining for Bitcoins
Mirai Botnet Starts Mining for Bitcoins In New Twist
Mirai Botnet Starts Mining for Bitcoins In New Twist
By Sam Pudwell Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
APRIL
12
2017
IBM X-Force has discovered a first-of-its-kind variant of the ELF Linux/Mirai malware that has a built-in component designed to mine bitcoins.

The variant was first discovered without the bitcoin mining capability in August 2016, but traffic from the new strain containing links to ELF 64-bit binary files started towards the end of March 2017, increased by 50 percent in four days and disappeared another four days later.

According to Dave McMillen, senior threat researcher at IBM managed security services, this new Mirai strain was similar to another recently-created version that leverages a Windows Trojan, but was focused on attacking Linux machines running BusyBox, a software that describes itself as the swiss army knife of embedded Linux.

Mirai Mining

The Windows version contained some extra capabilities from normal Mirai botnets such as SQL injection and brute-force attack tools, but the new ELF Linux/Mirai malware variant boasts an extra add-on in the form of a bitcoin miner slave.

This led us to question the effectiveness of a bitcoin miner running on a simple IoT device that lacks the power to create many bitcoins, if any at all, McMillen writes. Given Mirai's power to infect thousands of machines at a time, however, there is a possibility that the bitcoin miners could work together in tandem as one large miner consortium.

We haven't yet determined that capability, but we found it to be an interesting yet concerning possibility. Its possible that while the Mirai bots are idle and awaiting further instructions, they could be leveraged to go into mining mode.

In a blog post, McMillen also highlighted the benefits of focusing on bitcoin mining due to society's growing preference of cashless payments, especially seeing as cyber criminal activity is often funded by the cryptocurrency.

However, he questioned the economic validity of such a strategy: Almost four years ago, Krebs on Security discussed bitcoin mining bots; in that case, the compromised hosts were PCs. Mining bitcoins, however, is a CPU-intensive activity, he says.

How many compromised devices would it take to make the mining of bitcoin a viable revenue source for attackers? Wouldn't attackers have better luck compromising a bitcoin exchange company, as has been the case numerous times in the past? Its possible they're looking to find a way to make bitcoin mining via compromised IoT devices a lucrative venture.

Reign of Terror

Although the potential impact of this new Mirai strain is unclear, the botnet which compromises IoT devices and launches distributed denial-of-service (DDoS) attacks against predefined targets has been busy plaguing businesses and devices for some time.

It first gained notoriety after being used in the high-profile attack on DNS hosting provider Dyn which took down the likes of Netflix, Twitter and Reddit and has since targeted Talk Talk and the Post Office in the UK.

Most recently, it was responsible for a massive 54-hour attack on a US college which generated the highest traffic flow that security firm Imperva Incapsula had ever seen out of a Mirai botnet.

© 2017 DesignMENA.com under contract with NewsEdge/Acquire Media. All rights reserved.
Tell Us What You Think
Comment:

Name:

Joe Cohen:
Posted: 2017-04-18 @ 3:37am PT
Glad to see this research - it looks like Mirai is getting more and more powerful. I don't think that's surprising to security researchers or those watching these things. I have to admit, I didn't think of bitcoin mining but considering their compute intensive resources this makes perfect sense to use for bitcoin mining.

Like Us on FacebookFollow Us on Twitter
MORE IN VIRUSES & MALWARE
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.