Bitcoin Vigil: Detecting Malware Through Bitcoin

reddit share twitter share facebook share google share linkedin share

vigil_icBitcoin-stealing malware has drained the wallets of many unlucky victims over the years. The more valuable and understood Bitcoin becomes, the more such attacks can be expected. Common sense security practices, like not opening random links or attachments in unsolicited emails, certainly help to lower the risk of malware infection. But unless your bitcoins funds are vaulted within an air-gapped device or consigned to a paper wallet, it’s hard (if not impossible) to eliminate the threat of malware entirely. Yet a cunning new web service, known as Bitcoin Vigil, employs an unsecured, relatively low-value Bitcoin wallet as bait to malware.

CCN

Eric, the creator of Bitcoin Vigil, recently lost 5 BTC, worth thousands of US Dollars, to a malware attack. This painful experience served as the inspiration for his service. Eric realised that missing funds are a definite confirmation of the presence of certain malware, whereas antivirus software has been estimated by computer security firm, Symantec, as blind to 55% of malware attacks. This led to the idea of a monetary honeypot, or “moneypot,” containing a small amount of BTC (the site recommends around $10 worth) and continually monitored via a web service. If the bitcoins vanish, the Bitcoin Vigil service relays an SMS or email to subscribers to alert them to their system’s compromise. Subscribers can take measures to restore their security, like changing passwords and improving their security practices.

A Realistic Approach to Malware

red-41380_640The ease and speed with which new viruses are developed means that traditional antivirus software will always be on the back foot. A more collaborative approach, in which computer security companies share detection signatures rather than duplicating one another’s efforts, may benefit the situation yet undetectable computer viruses will remain an inevitability. As stated in the linked paper:

One of the few solid theoretical results in the study of computer viruses is Cohen’s 1987 demonstration that there is no algorithm that can perfectly detect all possible viruses.

The paper goes on to prove that certain viruses will remain entirely undetectable.

This is likely why Symantec, creators of the well-known Norton antivirus software suite, are shifting their approach to defeating malware. As Brian Dye, Symantec’s Symantec’s Senior Vice President for Information Security, puts it:

“If customers are shifting from protect to detect and respond, the growth is going to come from detect and respond.”

Tripwires and decoy data, plus other new methods of detection, response and harm-reduction, are urgently needed to counter hackers and malware. Another well-known computer security firm, McAfee, published a study in 2009 which put the total cost of cybercrime at $1 trillion per year.

The Anti-Cryptolocker

Cryptolocker malware's ransom note.

Cryptolocker malware’s ransom note.

Cryptolocker is an infamous form of ransomware which locks down a user’s computer and demands payment in BTC to restore access. Bitcoin payment means a lower chance of detection for the criminals and a higher chance that the victim will pay, given they needn’t reveal their credit card details to known hackers. A sly bit of code indeed, which certainly did Bitcoin’s reputation no favours.

Yet Bitcoin Vigil proves that cryptocurrency technology can also be used against the authors of malware. While an adversary with an eye on greater prizes than an easy $10 won’t be tempted, it does seem that Bitcoin Vigil will reliably warn of  automated wallet attacks and common intruders. Check out Bitcoin Vigil’s FAQ for further details.

reddit share twitter share facebook share google share linkedin share


Leave a Reply