[dropcap size=small]E[/dropcap]ric, the creator of Bitcoin Vigil, recently lost 5 BTC, worth thousands of US Dollars, to a malware attack. This painful experience served as the inspiration for his service. Eric realised that missing funds are a definite confirmation of the presence of certain malware, whereas antivirus software has been estimated by computer security firm, Symantec, as blind to 55% of malware attacks. This led to the idea of a monetary honeypot, or “moneypot,” containing a small amount of BTC (the site recommends around $10 worth) and continually monitored via a web service. If the bitcoins vanish, the Bitcoin Vigil service relays an SMS or email to subscribers to alert them to their system’s compromise. Subscribers can take measures to restore their security, like changing passwords and improving their security practices.
One of the few solid theoretical results in the study of computer viruses is Cohen’s 1987 demonstration that there is no algorithm that can perfectly detect all possible viruses.
The paper goes on to prove that certain viruses will remain entirely undetectable.
This is likely why Symantec, creators of the well-known Norton antivirus software suite, are shifting their approach to defeating malware. As Brian Dye, Symantec’s Symantec’s Senior Vice President for Information Security, puts it:
“If customers are shifting from protect to detect and respond, the growth is going to come from detect and respond.”
Tripwires and decoy data, plus other new methods of detection, response and harm-reduction, are urgently needed to counter hackers and malware. Another well-known computer security firm, McAfee, published a study in 2009 which put the total cost of cybercrime at $1 trillion per year.
Cryptolocker is an infamous form of ransomware which locks down a user’s computer and demands payment in BTC to restore access. Bitcoin payment means a lower chance of detection for the criminals and a higher chance that the victim will pay, given they needn’t reveal their credit card details to known hackers. A sly bit of code indeed, which certainly did Bitcoin’s reputation no favours.
Yet Bitcoin Vigil proves that cryptocurrency technology can also be used against the authors of malware. While an adversary with an eye on greater prizes than an easy $10 won’t be tempted, it does seem that Bitcoin Vigil will reliably warn of automated wallet attacks and common intruders. Check out Bitcoin Vigil’s FAQ for further details.