Thinking of using it to mine Bitcoin?Don't bother McAfee says crooks will be better off sticking to spam and DDoS Despite an increase in popularity over recent months amongst botnet operators, malware-powered Bitcoin mining brings little to no financial return, say experts.Security giant McAfee contends in its quarterly threat report (PDF) that commercial botnet controllers and malware packages have been adding cryptocurrency mining options to their list of services offered.The mining tools - offered alongside botnet task options such as spam runs or distributed denial of service (DDoS) attacks - put infected machines to use mining Bitcoin.Unfortunately for the cybercrooks, however, it seems that a botnet-turned-mining rig doesn't actually make much money in real life.McAfee found that the increasing difficulty of Bitcoin hashes, combined with the attrition rate from malware detections on infected machines, would make turning a profit from botnet mining nearly impossible."We now see botnets with various levels of virtual currency–mining functionality," McAfee said in the report.

"But even if we allow a zero cost for hardware and power (the costs of the bots and their power are borne by the victims), the difficulty level of common mining algorithms and the nonspecialized hardware that the malware infects make this a futile effort."According to researcher estimates, a botnet controller attempting to mine Bitcoin with a 10,000 system network would initially see a net loss in operations and with increasing difficulty cycles productivity would plateau off without turning much of a profit.That rate becomes even lower when mobile devices are added to the equation.Researchers note that with less powerful processors and limited battery life, mobile devices are ill-equipped to function as dedicated cryptocurrency mining tools, especially when this is done via covert malware infections."In a hypothetical example of a 10,000-device botnet, profit without mining is $11,000.00 while profit with mining is $11,007.61—just a $7.61 gain," the company wrote."This assumes an unrealistic attrition rate of 0.25 per cent.

A realistic attrition rate of 30 per cent would result in a loss of $3,265 in potential profit."local bitcoin escrowResearchers conclude, therefore, that botnet kingpins are better off avoiding the Bitcoin mining game and sticking with other techniques.online litecoin walletThat would come as little relief, however, to owners of infected machines who will see their system performance and battery life take a hit whether or not the miner turns a profit.bitcoin e cig® Tips and correctionsfed chicago bitcoinJoin our Telegram Channel!bitcoin kardashian gameGet Bitcoin News stories in Telegram × Dismissbitcoin dump private key

Strong claims need strong proof, so when the founders of NeuroMesh described their bitcoin-based product as an "unhackable botnet", there were a lot of questions to be asked.bitcoin narrow moneyStill, the claim has already been backed by such accolades as a second-place prize in the MIT $100k startup challenge and a shortlist position in the ongoing Atos IT Challenge 2017 – both of which lend weight to the credibility of the project.ethereum block miningFounded by Greg Falco, a PhD candidate at MIT studying cybersecurity, and Caleb Li, an MBA student at the same institution, NeuroMesh is seeking to find solutions to security issues in the Internet of Things (IoT).cambiar bitcoin por dinero realThe pair saw what they say is a gap in the market for a security product that would specifically work within the confines imposed by low-power, limited-storage devices.

NeuroMesh's idea is to mimick the same tactics hackers use when trying to compromise machines in the first place – installing lightweight code that hijacks the kernel and then dials out to a command and control (C&C) server, adding the machine's resources to a botnet directed by the bot 'herder'."We wanted to create a vaccine for IoT devices by first installing our own security software on the kernel," said Li."It's like playing 'King of the Hill', so we become the only ones that can control the device."One of the main points of vulnerability for a botnet is an attack on the C&C server, something that's often observed when competing hackers try to knock their rivals' botnets offline and commandeer the devices.NeuroMesh's solution is to send commands to devices secured by their technology via OP_RETURN codes in the bitcoin blockchain – code that allows for the transmission of arbitrary data (such as 'Mined by Antpool', 'Happy halving day' or in one case, the text of an encyclical letter by Pope Francis).

"That means we can actually send out a blacklist of IP addresses that these IoT devices shouldn't talk to over the bitcoin blockchain," Falco explained, adding: "Usually [with botnets] you could shut down a central server where the command is coming from, but with the blockchain we don't have to worry about that because it's entirely decentralized."In practical terms, this involves a C&C server connected to a bitcoin wallet address which can sign transactions.In turn, IoT devices in the NeuroMesh net would run an SPV client which reads only transactions signed by NeuroMesh, and execute the commands contained in the OP_RETURN data.Because data is propagated between bitcoin nodes in a decentralized manner, in theory reading these commands does not give any further information about the location of the server which originally issued them.Dr Michael Siegel, Associate Director of MIT’s IC3 cybersecurity consortium and a research advisor for the NeuroMesh project, says that Li and Falco's work comes out of a tradition of research into secure communication between distributed systems.

"It's a clever use of a small piece of code that can run on many types of devices," Siegel told CoinDesk."It's a great idea: not totally new, but, in the IoT space, the combination of what they're doing with botnets, blockchain and central command is something new they've established, and appears to be an extremely secure environment for managing small distributed devices."Falco also confirmed that the uniqueness of the NeuroMesh offering is in finding a new use for existing practices."While what we're doing is new from a commercial standpoint, there's been several case studies of white-hat security researchers doing what we're doing to close vulnerabilities in a system," he said.Roman Sinayev, a security software engineer who designs anti-malware systems at Juniper Networks, is familiar with the concepts behind the NeuroMesh project (although he's not seen the software in action).Assuming the code is written without any exploitable errors, then the result would be a secure communication channel, Sinayev said.

Further, he pointed out that blockchain isn't required to hide communications."[A]nother way would be any kind of P2P programme like BitTorrent," he said."You could also use many different proxy servers and change the IPs, or you could use some intermediate service – embed information in pictures on a public channel, for example."Without having seen the code, Sinayev stressed that it's impossible to verify that the NeuroMesh product works exactly as described.However, he suggested that (as with all security software) best practice would be to have an independent audit once the product is finalised.On a similarly cautionary note, MIT's Dr Siegel pointed out that technology is not always the weakest point of a system, saying: "Underlying this is a very secure system with sound technology and difficult to break security.But this doesn't stop humans from doing really dumb things!On the end of it, you'll have someone who controls the passwords and controls access, and that person could always do something stupid."

Even factoring in human error, the bitcoin network has proven to be extremely resistant to malicious activity, and it's this property that Falco and Li are hoping to tap into with their IoT product."We call it 'unhackable' because to date, the bitcoin blockchain hasn't been hacked."World baby image via Flickr The leader in blockchain news, CoinDesk is an independent media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies.Interested in offering your expertise or insights to our reporting?Contact us at [email protected]/* */.