Bitcoin-mining botnet ZeroAccess jumps to top security threat

Android-targeting adware Newyear and Plankton also spreading rapidly, says security company Fortinet

Cyber criminals could be raking in millions of dollars using a Bitcoin-mining botnet called ZeroAccess, according to newly released data from network security company Fortinet. The company found that ZeroAccess -- also used for click fraud -- was the No. 1 security threat during the first quarter of this year. Cyber scammers have seemingly been unable to resist the allure of the soaring value of the digital currency, which exceeded $200 a pop this week.

Meanwhile, Android remains a ripe target for bad guys. Fortinet observed that two new adware variants targeting the platform, Android.NewyearL.B and Android.Plankton.B, climbed the watch list in the past 90 days.

New ZeroAccess infections have steadily grown since the beginning of the year, according to FortiGuard Labs, which has monitored the malware since last August. Most recently, researchers witnessed a whopping 100,000 new infections per week and almost 3 million unique IP addresses reporting infections. In the past 90 days alone. The owners of ZeroAccess have sent their infected hosts 20 software updates, according to Richard Henderson, security strategist and threat researcher for Fortinet's FortiGuard Labs.

According to Fortinet, "the value of the decentralized, open source-based digital currency continues to skyrocket, which likely means the amount of money being made by ZeroAccess is in the millions of dollars or more."

The company estimated that ZeroAccess "may be generating its owners up to $100,000 per day in fraudulent advertising revenue alone."

Henderson said that as Bitcoin's popularity and value increases, more botnet owners will likely attempt to use their botnets to turn target devices into zombie miners or to disrupt the Bitcoin market.

Kaspersky, in fact, reported that scammers have launched an ongoing social engineering campaign via Skype, sending messages to contacts containing links to malware-download sites. Once the malware is on the victim's machine, it usurps the PC's processing power to mine Bitcoins. The initial dropper detected by Kaspersky is Trojan.Win32.Jorik.IRCbot.xkt.

Meanwhile, online Bitcoin storage service Instawallet revealed this week that its database has been breached and perpetrators made off with an unspecified number of Bitcoins. Separately, Tokyo-based exchange Mt. Gox issued a statement Wednesday saying it has been targeted with ongoing DDoS attacks, which resulted in trading lags, 502 errors, and users' inability to access their accounts.

As for the two new Android variants Newyear and Plankton, they're advertising kits that possibly come from the same author but are "being maintained separately in order to generate more infections," said David Maciejak, senior researcher for Fortinet's FortiGuard Labs.

Both pieces of malware are embedded into various applications and are capable of displaying ads, tracking users through the phone's unique IMEI number, and modifying the phone's desktop.

"The surge in Android adware ... suggests that someone or some group has been able to monetize these infections, most likely through illicit advertising affiliate programs," said Guillaume Lovet, senior manager at FortiGuard Labs.

This article, "Bitcoin-mining botnet ZeroAccess jumps to top security threat," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow on Twitter.

Copyright © 2013 IDG Communications, Inc.