For four days last week Yahoo’s European servers were the equivalent of a cyber Typhoid Mary, spreading disease to anyone who came near.Yahoo was the victim of a major security breach, which caused its servers to send out millions of malware-laden ads to an estimated two million European users.Suspicions were first raised by Dutch security outfit Fox IT, which estimated that Yahoo’s servers were responsible for 27,000 malware infections every hour the malware was live on Yahoo’s website.Yahoo confirmed the embarrassing attack in a statement: “From December 31 to January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines – specifically, they spread malware."The statement went on to point out that mobile users and Mac users were not affected, as the malware apparently targeted Windows systems, The Guardian reports.One rather interesting aspect of the attack was that it involved bitcoin mining.The malware would start using infected PCs as mining rigs but it is still unclear how many computers were infected.

Although the average PC with an integrated graphics processor is virtually useless for bitcoin mining, tens of thousands of PCs laden with mining malware could produce some results.In late 2013 German police arrested two hackers who were charged with spreading mining malware to several networks and an undisclosed number of PCs.Following a preliminary investigation, authorities concluded that the duo managed to mine over €700,000 worth of bitcoins.Since they did not have to invest in mining rigs, or pay the electric bill for that matter, it seemed like a very profitable endeavour – until they were raided by the GSG-9, Germany’s elite counter-terrorist police unit.Little is known about the bitcoin malware served by Yahoo.The German hacker-miners appear to have used a custom version of readily available malware, tweaking it to include a mining scrip and evade detection.Developing and spreading bitcoin mining malware is not easy and with a rapid increase in hash difficulty it will soon be a thing of the past.

PCs have not been viable bicoin mining platforms for months and the only way to make any cash on PC bitcoin mining is if you don’t have to buy the hardware or electricity.At this point a network of average PCs will waste more energy generating bitcoins than the bitcoins are worth.Of course, malware is one way of doing it.In addition to mining malware, some malicious developers have devised a new form of ransomware.The number of bitcoin ransomware detections is going up and the trend was first noticed in the second half of 2013.Ransomware has been around for two decades, but bitcoin is making it a lot more alluring for malicious developers.The software encrypts all content on infected computers and instructs the victims to pay a ransom for the unlock key.Cryptolocker’s ransom is two bitcoins, or about $1,700.There are a number of different ransomware models that could evolve to use bitcoin.Security experts have also voiced concerns that mobile ransomware could become a major security risk in the near future.

Aside from the sheer value of stolen or illegally mined bitcoins, anonymity is probably the main reason hackers are embracing bitcoin.Renting a botnet costs money and bitcoin is perfect for untraceable transactions between two parties that don’t want to share their identity.The same is true of ransomware – using bitcoin to receive a ransom payment makes sense.Acquiring specialized software, proprietary hardware, zero-day exploits and other tools used by hackers requires quite a bit of cash.buy litecoin rigContrary to what most people think, many hackers do not operate alone.bitcoin tencentAlthough there are still plenty of 'lone wolves', the cybercrime ecosystem has evolved.ethereum price technical analysisLike any economic entity, it has a hierarchy and what could only be described as division of labour is taking hold.how bitcoin works under the hood

In other words, many hackers are specializing in different niches and cybercrime syndicates are becoming more sophisticated, with a structure similar to traditional criminal syndicates or even legitimate businesses.As bitcoin is ideal for paying accomplices and funding the whole operation, it is bound to see more use in the murky waters of the deep web.The leader in blockchain news, CoinDesk is an independent media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies.gem coin or bitcoinHave breaking news or a story tip to send to our journalists?bitcoin dogecoin litecoin walletContact us at [email protected]/* */.

The cybercriminals who infected the computers of European Yahoo users apparently wanted to create a huge Bitcoin network.Researchers at security firm Light Cyber revealed this week that one of the malware programs aimed to use the resources of infected PCs to perform the calculations necessary to run a Bitcoin network.Reported earlier this month by fellow security firm Fox IT, the campaign spread its package by using Yahoo's ad server to deploy malicious ads.Light Cyber founder Giora Engel told CNET that his firm detected the attack in its customers' networks four days before it was publicly known and reported by Fox IT.Engel explained how the firm learned of the malware: Many of our customers share threat intelligence with our Magna Cloud, so our research lab noticed this unknown malware and attack campaign coming from our customers' networks and investigated the specific case.As part of the investigation, we found a few tools that were downloaded by the malware.This specific attack campaign incorporated a variety of different monetization techniques using a variety of malwares.

The attackers made sure they exploit each of the millions of infected machines to its full worth by employing Bitcoin miners, WebMoney wallet hackers, personal information extraction, banking information extraction, and generic remote access tools.Engel said that Light Cyber detected a portion of the infected computers talking to Bitcoin mining pools on the Web, a sign that they were actually being used for mining.He also explained how Bitcoin mining works: Bitcoin mining is a computationally heavy process that gets harder and harder in time.Bitcoin is mined in blocks, and since it takes a lot of computing power to mine a block, the miners join forces and form mining pools or "bitcoin mining networks" -- in which each one participates with his computing power and gets in return his share of the revenue.In our case, the malware author would be the sole beneficiary of the mining efforts.Bitcoin mining on computers is not usually worth the effort, Engel added, because the electrical cost of operating the computer is higher than the revenue garnered from the mining itself.

But the malware author stole the computing resources of the affected machines and did it in such large numbers as to turn a profit from the operation.The malware attack reportedly lasted from December 31 through January 3, when Yahoo took down the malicious ads.On Saturday, Yahoo acknowledged the issue through the following statement: At Yahoo, we take the safety and privacy of our users seriously.On Friday, January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines, specifically they spread malware.We promptly removed these advertisements.Users in North America, Asia Pacific and Latin America were not served these advertisements and were not affected.Additionally, users using Macs and mobile devices were not affected.So far, Yahoo hasn't revealed any details on the infected computers or publicly advised affected users on what they should do.But security firm Surfright shed a bit more light on the situation.Not every ad on the Yahoo advertisement network contained the malicious iframe, but if you have an outdated version of Java Runtime (you can check here) and you used Yahoo Mail the last 6 days, your computer is likely infected.

In an advisory to its customers, Light Cyber also detailed the following extensive steps for detecting the malware: Communication with the following Internet domains is an indication of a positive infection of the communicating computer: Communication with the following Internet domains/IP addresses is an indication of a possible infection: doesexisted.in formsgained.in goodsdatums.in locationmaking.in mejudge.in operatedalone.in preferringbad.in savedesiring.in slaptoniktons.net slaptonitkons.net stopsadvise.in 192.133.137.100 192.133.137.247 192.133.137.56 192.133.137.59 192.133.137.63 193.169.245.74 193.169.245.76 The existence of the following files is an indication of a positive infection: %windows%\Installer\{4A74FBA7-71A0-BEA1-F538-72E3D519AA4F}\syshost.exe %localappdata%\cygwin1.dll (See note 1) %localappdata%\wuauclt.exe (See note 1) %localappdata%\temp\????????.lnk (8 hex characters) %localappdata%\temp\????????.exe (8 hex characters) %localappdata%\temp\vedefuzunwi.exe %programdata%\bbtmp0\jtkyygiu.exe c:\temp\zcompute.exe (1) filename is used by legitimate software but not in the listed path People with infected computers are advised to run a full virus scan and block the Internet domains listed above through their router/firewall.Update at 11:30 a.m.