Details of a botnet for mining cryptocurrencies

in #security8 years ago (edited)

A botnet is a collection of online devices whose collective computing power can be used together to accomplish a large task, particularly one which would be impossible or overly intensive for a single computer. Hackers can create botnets by hijacking computers they don’t own and can get them to send out spam, steal data, perform DDos attacks and more.

GuardiCore researchers discovered last December a botnet called Bondnet, over 15,000 compromised Windows servers being used by cybercriminals to mine cryptocurrencies, including Monero, ByteCoin, RieCoin and ZCash. This offloads the costs of mining onto others and allows the hackers to reap all the profit.

Guardicore now offer a detailed analysis, including on specific vulnerabilities, who might be behind it and a detection and cleanup tool.

Bondnet is seemingly of Chinese origin. It could, in principle, easily be converted to perform other tasks, such as the Mirai style attacks responsible for a massive internet outage last October. It primarily takes advantage of old and unsupported Windows (primarily Windows Server 2008 R2) machines owned by various companies, city councils, and universities.