Malware that makes money is the crux of a new Trojan that's allegedly making its way around the web, passing its way from computer to computer using links sent via a user's Skype application.
Once the malware has fired up on an unsuspecting user's system – Trojan.Win32.Jorik.IRCbot.xkt, to be exact — it downloads other unpleasant applications, connects up to a German server to receive additional commands, and transforms one's system into a Bitcoin mining node.
For those unfamiliar, Bitcoin – the decentralised, digital currency — employs a system known as "mining" to release new currency into its economy. You, and others, use your system's processing power to try and generate 64-digit numbers to match a certain pattern that the Bitcoin network has posted up as a virtual bounty of-sorts. Find the number and you'll receive a chunk of 25 bitcoins to spend for your efforts; rinse, wash, repeat.
The network itself attempts to regulate the number of awards to approximately six per hour, adjusting the difficulty of generating new coins biweekly based on the average number of solutions found over the previous two weeks.
As you might expect, generating bitcoins takes quite a bit of processing power – it's not very likely that a single individual will be the one to exclusively claim a bounty for a particular pattern that's been found. That's the genius of the aforementioned malware: The more systems that are infected, the larger the pool of resources with which the attacker has to generate bitcoins. In many ways, the attacker is creating a less-than-legitimate version of the Bitcoin mining pools that currently exist, whereby users voluntarily combine their computing resources to mine bitcoins and split fractions of the finder's fee.
According to The Next Web, the malware – allegedly undetectable by some anti-malware programs as of this article's writing — spikes one's CPU use to maximum in order to perform as much mining as possible. It's not the first insidious bit of code designed to maximise an unknown party's Bitcoin profits (and ruin an affected user's ability to really do anything on his or her system), but it is one of the first that uses Skype as the attack vector.
Seemingly successfully, we might add – according to Kaspersky lab's Dmitry Bestuzhev, more than 2,000 users per hour have been clicking on the Skype-sent link for the Bitcoin-themed malware.