Bitcoin Vigil is a project aiming to give users a new way to detect malware on their personal computers, offering a method of intrusion detection that tracks malware attempting to steal bitcoins from PC wallets.
Eric Springer, a Canadian developer living in Mexico, thinks Bitcoin Vigil’s idea is pretty simple:
“You can just leave the bitcoin wallet on your computer, and it will let you know if you have malware.”
How it works
When users fund a wallet on the Bitcoin Vigil website, they can download a database file containing the wallet’s information. It is effectively a wallet generated with bitcoins that is unencrypted to make it as easy on malware as possible, Springer explained.
With the rise of cryptocurrency-stealing libraries being dropped into malware, Bitcoin Vigil acts as what it calls a “money pot” – a carrot that malicious software commonly looks for on infected computers.
If the key is used to move the small amount of bitcoins, Bitcoin Vigil notifies the user by email, with an additional option for an SMS notification.
Springer says that malware creators have no qualms about looking for bitcoin like low hanging fruit:
“I don’t think anyone’s going in specifically targeting bitcoin as their only purpose [for malware], I just don’t think that they have any ethical concerns stealing whatever they find.”
Malware going after bitcoin
Dell SecureWorks recently released a report that identified almost 150 strains of what it calls cryptocurrency stealing malware (CCSM), up from 45 a year prior.
The reason for the surge is simple: decentralized money is becoming popular, and that means it is a valuable thing to take from unsuspecting users.
Joe Stewart, one of the authors of the SecureWorks report, recently tweeted about Springer’s service:
Looks like the Bitcoin-wallet-as-host-IDS idea I tweeted on Nov 21 last year is actually a service now: http://t.co/sbUdVbug7x
— Joe Stewart (@joestewart71) April 10, 2014
IDS stands for intrusion detection system, which is Bitcoin Vigil’s role in monitoring the wallet addresses.
According to SecureWorks, the most common type of CCSM is known as the “wallet stealer.” It looks for files in common locations that are similar to “wallet.dat” – the same type of file that Bitcoin Vigil uses.
And if the money is moved from the wallet, Bitcoin Vigil’s system sees it, said Springer.
“Whenever it notices a transaction it just looks at all the inputs. And if it comes from one of the wallets I generated I just send an SMS and email out.”
Cryptocurrencies as IT security
Springer said he decided to create the service to detect wallet file theft after realizing one didn’t exist. “After losing some bitcoins, it seemed like a logical idea,” he said.
Though he concedes to the fact that most people don’t keep wallets stored on their computers, he believes that many who are at risk of losing important information on an insecure system unknowingly infected with malware could use Bitcoin Vigil.
Another problem, he said, is that people need bitcoins in order to make this method work, which means it might be more suited for larger systems, versus individual PCs:
“The limiting factor is that you actually have to put money in each of the wallets.”
Despite these challenges, Bitcoin Vigil again proves that cryptocurrencies can be used as an IT security tool. Recently, crowdsourced IT security startup CrowdCurity launched its ‘Capture the Coin’ contest, placing bitcoin private keys on its site to see if participants could find them.
“You need to be on a computer that doesn’t have bitcoin-stealing malware,” said Springer, and the growing popularity of decentralized money means that malware creators are on the hunt for private keys.
Ideas like Bitcoin Vigil are ways to detect system intrusions proactively rather than running scans reactively when something appears to be wrong.