Trojan stealing Bitcoin users' wallets, says Symantec
Bitcoins have become popular as an alternative to government-controlled currencies, but a new Trojan seems to be specifically targeting Bitcoin wallets in an attempt to steal funds, security firm Symantec warns. The news follows reports earlier this week of a Bitcoin user being hacked to the tune of 25,000 bitcoins, or about $500,000 USD.
Symantec says that the 'Infostealer.Coinbit' Trojan aims to find your wallet file and then mail it to the attacker. There is also similar code which looks for the file, but uses FTP to transfer it to the attacker's servers. With this file, the user can then use a 'brute-force attack' to break in and pilfer the user's coins.
Once stolen, it may be near impossible for the victim to recover his or her funds. Due to the decentralized nature of the peer-to-peer currency, there is little record of the transaction happening. What little data is kept is anonymized, so it would be difficult to track down individual users.
Current exchange rates place the value of one Bitcoin to about $23.50 USD as of late Friday afternoon, according to <!external href="http://bitcoincharts.com">bitcoincharts.com. For an overview of how the system works, see the currency's <!external href="http://www.bitcoin.org/">official site.
The system, while a boon to libertarians, is the scourge of some in the US Government. Democratic Senators Charles Schumer of New York and Joe Manchin of West Virginia have already asked the US Attorney General to begin cracking down on sites accepting the currency, some of which they claim <!external href="http://www.pcworld.com/article/230084/us_senators_want_to_shut_down_bitcoins_currency_of_internet_drug_trade.html#tk.mod_rel">dabble in the sales of illicit drugs.
"If you use Bitcoins, you have the option to encrypt your wallet and we recommend that you choose a strong password for this in the event that an attacker is attempting to brute-force your wallet open," Symantec's Stephen Doherty said.
Earlier this week, a hack on a Bitcoin user's Windows computer was said to have resulted in the loss of the equivalent of $500,000 USD. While the amount is said to be disputed -- such a large amount transferring would have caused a drop in the value of the Bitcoin, and some claim the system wouldn't have been able to handle such a <!external href="http://www.theregister.co.uk/2011/06/16/bitcoin_theft_claims/">large transfer.
Regardless of the claims validity, it is believed that hackers have been able to develop botnets to exploit the Bitcoin system, Symantec <!external href="http://www.symantec.com/connect/blogs/bitcoin-botnet-mining">reported earlier this week. It is believed that based on current valuations, these efforts could be netting these botnet owners the equivalent of $100,000 per month.